Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Palladium Pro Virus


  • This topic is locked This topic is locked
42 replies to this topic

#1 Joegi

Joegi

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 13 February 2011 - 11:48 AM

Hi all,

Last year I removed viruses from at least 15 to 20 different machines. This year I got introduced to Palladium Pro virus and seem to be having some difficulty getting this one and it's related components off a clients machine.

Yesterday, following a Palladium Pro removal guide I was able to get the desktop back and remove 44 infections using AntiMalwarebytes. Remembering another virus from last year, another fake security virus, I ran AntiMalwarebytes again and it found a few others.

The Virus seems to have turned off the system's firewall so I turned it back on.
When I left the system appeared to be running good. This A.M. I got a call and was told that it took "forever" to shut down last night. They could not get into their AOL email. I thought there has to be another part of this virus in there that I missed so had them try to get into Teamviewer. A Program that I have used to remotely control a PC.. It would give the hourglass then go back to the arrow and not run.

Next I had them run AntiMalwarebytes which found 20 more infections. Then had them reboot the machine. It's taken 30 mins to shutdown!
I ended up having them hit reset, it brought up the desktop background but waiting 15 mins now to bring up the icons.

I'm thinking my next step is to run this in safemode but I'm open to ideas.

Update:

I loaded SuperAntiSpyware and ran it in safemode. It found and removed:
Malware.trace
rootkit
malware/gen

Tried rebooting the machine normally but it seems to get to the Windows XP screen then reboots.

I could really use some help on this one.

Running windows XP Pro.


Thanks
Joe

Edited by Joegi, 14 February 2011 - 10:11 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 18 February 2011 - 09:25 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 19 February 2011 - 02:22 PM

Hi M0le

Thanks for replying. I noticed how swamped you folk are and thank you in advance for your help.

This is where I am with this computer. I know I should have left it alone until I heard from you however I needed to try a few things. Sorry about that.

I ran Antimalwarebytes it was able to remove some viruses. but did not fix it.

I ran Superantispyware which found and removed:
Malware.trace
malware/gen
malware/rootkit

On reboot the machine lost Task bar and Icons. I found that explorer.exe would fail. The only way I could get this machine running was to boot with a BartPE cd then do a scf/scannow. When the computer rebooted it came up fine.

I then rebooted again and it did a auto update on 2 files then would fail explorer.exe again.

I went back with BartPE did another scf/scannow, got the system up then turned off auto update for a temporary fix.
They went into Internet Explorer and while just looking at their email a new tab is brought up showing ad sites and such that the only way to get out is to close the browser with the task manager. If this is what has been refered to as the "Google redirect Virus" they are not using searches.

Anyway that is the status of the system now.

There is definitively at least 1 virus embedded in it but more likely more.

Joe

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 19 February 2011 - 08:00 PM

Please run TDSSKiller first

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 19 February 2011 - 08:21 PM

We are in diff time im in us est.. I will do this tommorrow (Sun) and follow your instructions.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 19 February 2011 - 08:24 PM

It's 1.24am here. No problem :)
Posted Image
m0le is a proud member of UNITE

#7 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 20 February 2011 - 01:19 PM

mOle

I won't be able to access this machine until tomorrow (Monday) AM EST. I should be able to get that info to you by then.. Thanks for your patience.

Joe

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 20 February 2011 - 02:42 PM

Thanks for letting me know, Joe. No problem :)
Posted Image
m0le is a proud member of UNITE

#9 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 21 February 2011 - 12:12 PM

Hi M0le

I was able to get to the machine this morning. I had to reboot it to start from a fresh boot. When I did it came up with no task bar or icons again so I reran sfc /scannow and then all came up fine.

I followed your instructions and installed TDSSKiller on the desktop and ran it per your parameters. It ran and found a rootkit and generated the report, Rebooted machine contents follow:

2011/02/21 11:39:48.0796 3096 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/21 11:39:48.0921 3096 ================================================================================
2011/02/21 11:39:48.0921 3096 SystemInfo:
2011/02/21 11:39:48.0921 3096
2011/02/21 11:39:48.0921 3096 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/21 11:39:48.0921 3096 Product type: Workstation
2011/02/21 11:39:48.0921 3096 ComputerName: SONY-VAIO
2011/02/21 11:39:48.0937 3096 UserName: user
2011/02/21 11:39:48.0937 3096 Windows directory: C:\WINDOWS
2011/02/21 11:39:48.0937 3096 System windows directory: C:\WINDOWS
2011/02/21 11:39:48.0937 3096 Processor architecture: Intel x86
2011/02/21 11:39:48.0937 3096 Number of processors: 1
2011/02/21 11:39:48.0937 3096 Page size: 0x1000
2011/02/21 11:39:48.0937 3096 Boot type: Normal boot
2011/02/21 11:39:48.0937 3096 ================================================================================
2011/02/21 11:39:49.0250 3096 Initialize success
2011/02/21 11:39:56.0359 3120 ================================================================================
2011/02/21 11:39:56.0359 3120 Scan started
2011/02/21 11:39:56.0359 3120 Mode: Manual;
2011/02/21 11:39:56.0359 3120 ================================================================================
2011/02/21 11:39:56.0921 3120 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/21 11:39:57.0015 3120 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/21 11:39:57.0187 3120 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/21 11:39:57.0312 3120 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/02/21 11:39:57.0421 3120 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/21 11:39:57.0578 3120 AgereSoftModem (58041495e6d3650c02b1aec525d24089) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/02/21 11:39:58.0046 3120 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/21 11:39:58.0343 3120 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/21 11:39:58.0468 3120 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/21 11:39:58.0625 3120 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/21 11:39:58.0796 3120 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/21 11:39:58.0906 3120 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/21 11:39:59.0046 3120 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/21 11:39:59.0234 3120 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/21 11:39:59.0343 3120 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/21 11:39:59.0468 3120 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/21 11:39:59.0875 3120 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/21 11:40:00.0015 3120 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/21 11:40:00.0203 3120 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/21 11:40:00.0343 3120 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/21 11:40:00.0437 3120 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/21 11:40:00.0640 3120 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/21 11:40:00.0796 3120 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
2011/02/21 11:40:00.0937 3120 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
2011/02/21 11:40:01.0109 3120 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/21 11:40:01.0265 3120 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/21 11:40:01.0375 3120 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/21 11:40:01.0484 3120 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/21 11:40:01.0609 3120 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/21 11:40:01.0718 3120 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/21 11:40:01.0859 3120 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/21 11:40:02.0000 3120 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/21 11:40:02.0171 3120 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/21 11:40:02.0343 3120 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/21 11:40:02.0468 3120 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/21 11:40:02.0578 3120 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/21 11:40:02.0656 3120 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/21 11:40:02.0921 3120 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/21 11:40:03.0046 3120 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/21 11:40:03.0265 3120 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/21 11:40:03.0375 3120 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/21 11:40:03.0500 3120 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/21 11:40:03.0625 3120 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/21 11:40:03.0796 3120 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/21 11:40:03.0953 3120 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/21 11:40:04.0093 3120 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/21 11:40:04.0218 3120 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/21 11:40:04.0328 3120 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/21 11:40:04.0453 3120 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/21 11:40:04.0593 3120 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/21 11:40:04.0765 3120 LucentSoftModem (d96ff9c7997a4311f6a5db9afcdea936) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2011/02/21 11:40:04.0968 3120 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/21 11:40:05.0109 3120 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/21 11:40:05.0218 3120 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/21 11:40:05.0328 3120 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/21 11:40:05.0468 3120 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/21 11:40:05.0640 3120 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/02/21 11:40:05.0671 3120 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/02/21 11:40:05.0812 3120 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/21 11:40:05.0984 3120 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/21 11:40:06.0171 3120 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/21 11:40:06.0296 3120 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/21 11:40:06.0421 3120 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/21 11:40:06.0531 3120 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/21 11:40:06.0671 3120 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/21 11:40:06.0781 3120 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/21 11:40:07.0031 3120 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/21 11:40:07.0140 3120 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/21 11:40:07.0281 3120 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/21 11:40:07.0390 3120 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/21 11:40:07.0515 3120 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/21 11:40:07.0625 3120 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/21 11:40:07.0765 3120 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/21 11:40:07.0937 3120 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/21 11:40:08.0078 3120 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/21 11:40:08.0203 3120 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/21 11:40:08.0375 3120 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/21 11:40:08.0578 3120 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/21 11:40:08.0781 3120 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/21 11:40:08.0906 3120 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/21 11:40:09.0031 3120 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/21 11:40:09.0187 3120 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/21 11:40:09.0312 3120 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/21 11:40:09.0421 3120 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/21 11:40:09.0546 3120 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/21 11:40:09.0703 3120 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/21 11:40:09.0812 3120 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/21 11:40:10.0312 3120 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/21 11:40:10.0421 3120 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/21 11:40:10.0531 3120 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/21 11:40:10.0640 3120 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/21 11:40:11.0156 3120 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/21 11:40:11.0296 3120 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/21 11:40:11.0421 3120 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/21 11:40:11.0531 3120 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/21 11:40:11.0609 3120 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/21 11:40:11.0718 3120 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/21 11:40:11.0796 3120 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/21 11:40:11.0968 3120 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/21 11:40:12.0093 3120 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/21 11:40:12.0250 3120 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/02/21 11:40:12.0375 3120 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/21 11:40:12.0500 3120 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/21 11:40:12.0515 3120 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/21 11:40:12.0671 3120 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/21 11:40:12.0812 3120 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/21 11:40:13.0000 3120 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/21 11:40:13.0187 3120 sisagp (1630fbdbcb0cf3a60c02b6f140bab98b) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/02/21 11:40:13.0296 3120 SONYWBMS (e6320f02dc53402bbff34f0d0a5fee51) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS
2011/02/21 11:40:13.0468 3120 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/21 11:40:13.0593 3120 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/21 11:40:13.0718 3120 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/21 11:40:13.0921 3120 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/21 11:40:14.0062 3120 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/21 11:40:14.0390 3120 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/21 11:40:14.0531 3120 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/21 11:40:14.0671 3120 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/21 11:40:14.0796 3120 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/21 11:40:14.0953 3120 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/21 11:40:15.0156 3120 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/21 11:40:15.0343 3120 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/21 11:40:15.0531 3120 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/21 11:40:15.0640 3120 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/21 11:40:15.0750 3120 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/21 11:40:15.0875 3120 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/21 11:40:16.0031 3120 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/21 11:40:16.0156 3120 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/21 11:40:16.0281 3120 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/21 11:40:16.0390 3120 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/21 11:40:16.0578 3120 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/21 11:40:16.0703 3120 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/21 11:40:16.0906 3120 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/21 11:40:17.0031 3120 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\system32\drivers\yacxgc.sys
2011/02/21 11:40:17.0312 3120 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/21 11:40:17.0437 3120 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/21 11:40:17.0531 3120 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/21 11:40:17.0593 3120 ================================================================================
2011/02/21 11:40:17.0593 3120 Scan finished
2011/02/21 11:40:17.0593 3120 ================================================================================
2011/02/21 11:40:17.0609 0868 Detected object count: 1
2011/02/21 11:40:34.0687 0868 \HardDisk0 - will be cured after reboot
2011/02/21 11:40:34.0687 0868 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/21 11:40:44.0109 3088 Deinitialize success

Joe

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 21 February 2011 - 05:34 PM

Good start. Please run MBAM next

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#11 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 22 February 2011 - 12:01 PM

Ran Mbam and low and behold it found a problem with explorer.exe here is the report:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5840

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/22/2011 11:54:29 AM
mbam-log-2011-02-22 (11-54-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 218047
Time elapsed: 49 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 22 February 2011 - 05:24 PM

Actually it found a worm called explorer.exe. The real one is not found at that location though. Good riddance!

Please next run OTL and let's see how the system is looking overall.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#13 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 23 February 2011 - 02:17 AM

Here is the paste from OTL.txt. You will notice that I am using Teamviewer on this machine. it allows me to remotely run some of these things when I don't have physical access to the machine. If I need to run this while I have physical access I will be there tommorrow and Thursday:

OTL logfile created on: 2/23/2011 2:00:04 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 383.00 Mb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2098 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.97 Gb Total Space | 38.21 Gb Free Space | 69.52% Space Free | Partition Type: NTFS
Drive E: | 19.56 Gb Total Space | 19.29 Gb Free Space | 98.66% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 460.56 Gb Free Space | 98.88% Space Free | Partition Type: NTFS

Computer Name: SONY-VAIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version5\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - E:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\WINDOWS\htpatch.exe ()
PRC - C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\TeamViewer\Version5\TV.dll (TeamViewer GmbH)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (getPlus® Helper) getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)


========== Driver Services (SafeList) ==========

DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (SONYWBMS) Sony Memory Stick controller(WB) -- C:\WINDOWS\system32\drivers\SonyWBMS.sys (Sony Corporation)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (LucentSoftModem) -- C:\WINDOWS\system32\drivers\LTSM.sys (Lucent Technologies)
DRV - (WDM_YAMAHAAC97) -- C:\WINDOWS\system32\drivers\yacxgc.sys (YAMAHA CORPORATION)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 16:10:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Verizon SMB Toolbar) - {A057A204-BACC-4D26-DFC4-79A09BF76BC9} - C:\Program Files\vzsmbtb\vzsmbtb.dll (Verizon Communications. )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Verizon SMB Toolbar) - {A057A204-BACC-4D26-DFC4-79A09BF76BC9} - C:\Program Files\vzsmbtb\vzsmbtb.dll (Verizon Communications. )
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Verizon SMB Toolbar) - {A057A204-BACC-4D26-DFC4-79A09BF76BC9} - C:\Program Files\vzsmbtb\vzsmbtb.dll (Verizon Communications. )
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Camera Detector] E:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [LTSMMSG] C:\WINDOWS\LTSMMSG.exe (Lucent Technologies)
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] File not found
O4 - HKCU..\Run: [AdobeUpdater] File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\Startup.js ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193247525250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198614048953 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/24 12:25:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 12:48:16 | 000,000,040 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{696cc1ea-dd2d-11df-a2dd-00e018edb405}\Shell - "" = AutoRun
O33 - MountPoints2\{696cc1ea-dd2d-11df-a2dd-00e018edb405}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{696cc1ea-dd2d-11df-a2dd-00e018edb405}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{9d0c4485-e224-11dc-9fd1-00e018edb405}\Shell\AutoRun\command - "" = H:\setupSNK.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 01:57:23 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/02/21 11:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\tdsskiller
[2011/02/21 11:36:05 | 001,372,248 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
[2011/02/19 10:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/02/19 10:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/02/17 15:24:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2011/02/17 13:25:34 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/02/17 13:25:34 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/02/17 13:25:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/02/17 13:25:12 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/02/17 13:25:11 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/02/17 13:25:10 | 000,019,455 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/02/17 13:25:07 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/02/17 13:25:05 | 000,012,063 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/02/17 13:25:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2011/02/17 13:24:48 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/02/17 13:24:47 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/02/17 13:24:46 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/02/17 13:24:40 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/02/17 13:24:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/02/17 13:24:38 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/02/17 13:24:35 | 000,701,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/02/17 13:24:34 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/02/17 13:24:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/02/17 13:24:34 | 000,023,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/02/17 13:24:32 | 000,033,599 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/02/17 13:24:31 | 000,019,551 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/02/17 13:24:30 | 000,029,311 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/02/17 13:24:27 | 000,012,127 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/02/17 13:24:27 | 000,011,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/02/17 13:24:26 | 000,012,415 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/02/17 13:24:25 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/02/17 13:24:24 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/02/17 13:24:24 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/02/17 13:24:21 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/02/17 13:24:20 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/02/17 13:24:19 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/02/17 13:24:18 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/02/17 13:24:17 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\viairda.sys
[2011/02/17 13:24:16 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2011/02/17 13:24:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/02/17 13:24:13 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/02/17 13:24:13 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/02/17 13:24:12 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2011/02/17 13:24:12 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2011/02/17 13:24:11 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/02/17 13:24:10 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/02/17 13:24:10 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/02/17 13:24:09 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/02/17 13:24:08 | 000,020,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/02/17 13:24:07 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/02/17 13:24:06 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/02/17 13:24:05 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/02/17 13:24:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/02/17 13:24:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/02/17 13:24:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/02/17 13:24:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/02/17 13:24:00 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/02/17 13:24:00 | 000,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/02/17 13:23:59 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/02/17 13:23:59 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/02/17 13:23:58 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/02/17 13:23:58 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/02/17 13:23:57 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2011/02/17 13:23:56 | 000,011,520 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\twotrack.sys
[2011/02/17 13:23:53 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/02/17 13:23:53 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/02/17 13:23:53 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/02/17 13:23:52 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/02/17 13:23:52 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/02/17 13:23:51 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/02/17 13:23:51 | 000,034,375 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\tpro4.sys
[2011/02/17 13:23:50 | 000,042,496 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4res.dll
[2011/02/17 13:23:49 | 000,082,944 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/02/17 13:23:48 | 000,031,744 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\tp4.dll
[2011/02/17 13:23:47 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2011/02/17 13:23:46 | 000,241,664 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011/02/17 13:23:46 | 000,230,912 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011/02/17 13:23:45 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- C:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/02/17 13:23:44 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/02/17 13:23:42 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/02/17 13:23:41 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/02/17 13:23:40 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/02/17 13:23:39 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/02/17 13:23:38 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/02/17 13:23:36 | 000,030,464 | ---- | C] (Toshiba Corporation) -- C:\WINDOWS\System32\dllcache\tbatm155.sys
[2011/02/17 13:23:35 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2011/02/17 13:23:34 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/02/17 13:23:34 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/02/17 13:23:32 | 000,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2011/02/17 13:23:31 | 000,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2011/02/17 13:23:31 | 000,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2011/02/17 13:23:31 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2011/02/17 13:23:30 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2011/02/17 13:23:29 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2011/02/17 13:23:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/02/17 13:23:29 | 000,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/02/17 13:23:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/02/17 13:23:28 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/02/17 13:23:27 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/02/17 13:23:26 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/02/17 13:23:25 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/02/17 13:23:25 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/02/17 13:23:24 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/02/17 13:23:23 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/02/17 13:23:21 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/02/17 13:23:20 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2011/02/17 13:23:18 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2011/02/17 13:23:15 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2011/02/17 13:23:15 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2011/02/17 13:23:14 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/02/17 13:23:13 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/02/17 13:23:12 | 000,114,688 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.dll
[2011/02/17 13:23:12 | 000,037,040 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypi.sys
[2011/02/17 13:23:11 | 000,020,752 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonync.sys
[2011/02/17 13:23:11 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2011/02/17 13:23:10 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2011/02/17 13:23:08 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/02/17 13:23:00 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/02/17 13:22:59 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/02/17 13:22:58 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/02/17 13:22:58 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/02/17 13:22:57 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/02/17 13:22:57 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2011/02/17 13:22:56 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2011/02/17 13:22:55 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/02/17 13:22:54 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2011/02/17 13:22:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2011/02/17 13:22:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2011/02/17 13:22:52 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2011/02/17 13:22:47 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/02/17 13:22:46 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/02/17 13:22:46 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/02/17 13:22:45 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/02/17 13:22:44 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv256.dll
[2011/02/17 13:22:44 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisv.sys
[2011/02/17 13:22:43 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/02/17 13:22:43 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/02/17 13:22:42 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/02/17 13:22:42 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/02/17 13:22:41 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/02/17 13:22:41 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/02/17 13:22:40 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/02/17 13:22:34 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/02/17 13:22:33 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/02/17 13:22:33 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/02/17 13:22:32 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/02/17 13:22:32 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/02/17 13:22:30 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2011/02/17 13:22:30 | 000,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2011/02/17 13:22:28 | 000,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/02/17 13:22:27 | 000,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/02/17 13:22:27 | 000,011,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/02/17 13:22:25 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/02/17 13:22:25 | 000,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/02/17 13:22:24 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/02/17 13:22:24 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/02/17 13:22:23 | 000,043,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/02/17 13:22:22 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\sblfx.dll
[2011/02/17 13:22:21 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/02/17 13:22:21 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/02/17 13:22:20 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/02/17 13:22:20 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/02/17 13:22:19 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/02/17 13:22:19 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/02/17 13:22:18 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/02/17 13:22:18 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/02/17 13:22:18 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/02/17 13:22:17 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/02/17 13:22:17 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/02/17 13:22:16 | 000,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/02/17 13:22:15 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/02/17 13:22:15 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/02/17 13:22:13 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/02/17 13:22:12 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/02/17 13:22:09 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/02/17 13:22:08 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/02/17 13:22:07 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/02/17 13:22:06 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\rpfun.sys
[2011/02/17 13:22:03 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/02/17 13:22:03 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/02/17 13:22:02 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/02/17 13:21:56 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2011/02/17 13:21:55 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/02/17 13:21:54 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/02/17 13:21:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2011/02/17 13:21:53 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/02/17 13:21:51 | 000,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2011/02/17 13:21:50 | 000,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2011/02/17 13:21:50 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2011/02/17 13:21:49 | 000,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2011/02/17 13:21:49 | 000,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/02/17 13:21:48 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2011/02/17 13:21:47 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/02/17 13:21:46 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/02/17 13:21:46 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/02/17 13:21:44 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/02/17 13:21:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/02/17 13:21:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2011/02/17 13:21:41 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/02/17 13:21:39 | 000,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2011/02/17 13:21:38 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2011/02/17 13:21:38 | 000,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2011/02/17 13:21:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/02/17 13:21:33 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/02/17 13:21:32 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2011/02/17 13:21:32 | 000,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2011/02/17 13:21:31 | 000,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2011/02/17 13:21:31 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2011/02/17 13:21:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2011/02/17 13:21:30 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2011/02/17 13:21:29 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/02/17 13:21:28 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/02/17 13:21:28 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2011/02/17 13:21:27 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2011/02/17 13:21:26 | 000,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2011/02/17 13:21:26 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/02/17 13:21:24 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2011/02/17 13:21:24 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/02/17 13:21:24 | 000,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/02/17 13:21:23 | 000,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/02/17 13:21:23 | 000,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/02/17 13:21:22 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/02/17 13:21:21 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/02/17 13:21:21 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/02/17 13:21:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2011/02/17 13:21:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/02/17 13:21:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/02/17 13:21:16 | 000,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/02/17 13:21:16 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/02/17 13:21:15 | 000,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/02/17 13:21:15 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/02/17 13:21:14 | 000,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/02/17 13:21:14 | 000,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2011/02/17 13:21:14 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2011/02/17 13:21:13 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/02/17 13:21:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2011/02/17 13:21:12 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/02/17 13:21:12 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/02/17 13:21:11 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/02/17 13:21:06 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.sys
[2011/02/17 13:21:05 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv3.dll
[2011/02/17 13:21:02 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/02/17 13:21:00 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2011/02/17 13:21:00 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/02/17 13:20:58 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\nscirda.sys
[2011/02/17 13:20:56 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/02/17 13:20:55 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/02/17 13:20:54 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/02/17 13:20:52 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/02/17 13:20:50 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2011/02/17 13:20:49 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/02/17 13:20:49 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/02/17 13:20:48 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2011/02/17 13:20:47 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/02/17 13:20:45 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/02/17 13:20:45 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/02/17 13:20:45 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/02/17 13:20:44 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/02/17 13:20:43 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/02/17 13:20:43 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/02/17 13:20:43 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/02/17 13:20:42 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2011/02/17 13:20:42 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/02/17 13:20:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/02/17 13:20:41 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/02/17 13:20:40 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/02/17 13:20:40 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/02/17 13:20:39 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/02/17 13:20:38 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/02/17 13:20:32 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/02/17 13:20:30 | 000,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2011/02/17 13:20:29 | 000,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/02/17 13:20:24 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/02/17 13:20:23 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2011/02/17 13:20:16 | 000,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2011/02/17 13:20:16 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2011/02/17 13:20:14 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2011/02/17 13:20:10 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/02/17 13:20:06 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2011/02/17 13:20:04 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/02/17 13:20:01 | 000,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2011/02/17 13:19:59 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaum.sys
[2011/02/17 13:19:59 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\mgaud.dll
[2011/02/17 13:19:57 | 000,026,112 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\memstpci.sys
[2011/02/17 13:19:56 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2011/02/17 13:19:56 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2011/02/17 13:19:55 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/02/17 13:19:53 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2011/02/17 13:19:52 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\maestro.sys
[2011/02/17 13:19:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/02/17 13:19:51 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/02/17 13:19:50 | 000,022,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/02/17 13:19:49 | 000,020,864 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/02/17 13:19:48 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/02/17 13:19:47 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2011/02/17 13:19:46 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/02/17 13:19:46 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/02/17 13:19:45 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/02/17 13:19:45 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/02/17 13:19:43 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2011/02/17 13:19:41 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/02/17 13:19:41 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/02/17 13:19:40 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/02/17 13:19:39 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/02/17 13:19:37 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/02/17 13:19:37 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/02/17 13:19:36 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/02/17 13:19:36 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/02/17 13:19:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/02/17 13:19:34 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/02/17 13:19:32 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2011/02/17 13:19:30 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/02/17 13:19:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2011/02/17 13:19:19 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2011/02/17 13:19:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2011/02/17 13:19:15 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011/02/17 13:19:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2011/02/17 13:19:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2011/02/17 13:19:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2011/02/17 13:19:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2011/02/17 13:19:01 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\dllcache\irstusb.sys
[2011/02/17 13:19:01 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2011/02/17 13:19:00 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2011/02/17 13:18:59 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2011/02/17 13:18:59 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/02/17 13:18:58 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2011/02/17 13:18:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/02/17 13:18:53 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2011/02/17 13:18:52 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2011/02/17 13:18:52 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2011/02/17 13:18:51 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\intelide.sys
[2011/02/17 13:18:50 | 000,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2011/02/17 13:18:50 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2011/02/17 13:18:30 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/02/17 13:18:29 | 000,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/02/17 13:18:29 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2011/02/17 13:18:29 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/02/17 13:18:28 | 000,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/02/17 13:18:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/02/17 13:18:27 | 000,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2011/02/17 13:18:27 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2011/02/17 13:18:27 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/02/17 13:18:26 | 000,109,085 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/02/17 13:18:26 | 000,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/02/17 13:18:25 | 000,100,936 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/02/17 13:18:25 | 000,028,700 | ---- | C] (IBM Corp.) -- C:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/02/17 13:18:25 | 000,009,216 | ---- | C] (IBM Corporation) -- C:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/02/17 13:18:23 | 000,161,020 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/02/17 13:18:22 | 000,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/02/17 13:18:22 | 000,058,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/02/17 13:18:21 | 000,353,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/02/17 13:18:20 | 000,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2011/02/17 13:18:19 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/02/17 13:17:57 | 000,488,383 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/02/17 13:17:57 | 000,050,751 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/02/17 13:17:56 | 000,073,279 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/02/17 13:17:56 | 000,044,863 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/02/17 13:17:55 | 000,542,879 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/02/17 13:17:55 | 000,391,199 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/02/17 13:17:55 | 000,057,471 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/02/17 13:17:54 | 000,115,807 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/02/17 13:17:54 | 000,009,759 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/02/17 13:17:53 | 000,289,887 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/02/17 13:17:53 | 000,199,711 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/02/17 13:17:53 | 000,067,167 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/02/17 13:17:52 | 000,150,239 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/02/17 13:17:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2011/02/17 13:17:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/02/17 13:17:50 | 000,005,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/02/17 13:17:49 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/02/17 13:17:49 | 000,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2011/02/17 13:17:48 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/02/17 13:17:48 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/02/17 13:17:47 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/02/17 13:17:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/02/17 13:17:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/02/17 13:17:45 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/02/17 13:17:44 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/02/17 13:17:42 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/02/17 13:17:41 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2011/02/17 13:17:40 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/02/17 13:17:40 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2011/02/17 13:17:38 | 000,907,456 | ---- | C] (Conexant) -- C:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/02/17 13:17:36 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/02/17 13:17:35 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/02/17 13:17:35 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/02/17 13:17:33 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/02/17 13:17:31 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400m.sys
[2011/02/17 13:17:31 | 000,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2011/02/17 13:17:30 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g400d.dll
[2011/02/17 13:17:30 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200d.dll
[2011/02/17 13:17:30 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\dllcache\g200m.sys
[2011/02/17 13:17:29 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/02/17 13:17:22 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/02/17 13:17:22 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2011/02/17 13:17:21 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/02/17 13:17:18 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/02/17 13:17:18 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/02/17 13:17:17 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/02/17 13:17:16 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/02/17 13:17:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/02/17 13:17:13 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/02/17 13:17:12 | 000,022,090 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/02/17 13:17:11 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/02/17 13:17:10 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- C:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/02/17 13:17:10 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/02/17 13:17:09 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/02/17 13:17:07 | 000,016,998 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ex10.sys
[2011/02/17 13:17:07 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/02/17 13:17:05 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2011/02/17 13:17:04 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2011/02/17 13:17:03 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2011/02/17 13:17:02 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\essm2e.sys
[2011/02/17 13:17:02 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ess.sys
[2011/02/17 13:17:02 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2011/02/17 13:17:01 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/02/17 13:17:00 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/02/17 13:17:00 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/02/17 13:16:59 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- C:\WINDOWS\System32\dllcache\es198x.sys
[2011/02/17 13:16:59 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2011/02/17 13:16:58 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/02/17 13:16:58 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/02/17 13:16:57 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/02/17 13:16:57 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/02/17 13:16:57 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/02/17 13:16:56 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqn.sys
[2011/02/17 13:16:56 | 000,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/02/17 13:16:56 | 000,018,503 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\epro4.sys
[2011/02/17 13:16:55 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/02/17 13:16:55 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/02/17 13:16:54 | 000,019,996 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\em556n4.sys
[2011/02/17 13:16:53 | 000,025,159 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\elnk3.sys
[2011/02/17 13:16:53 | 000,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/02/17 13:16:52 | 000,455,199 | ---- | C] (3Com Corporation.) -- C:\WINDOWS\System32\dllcache\el985n51.sys
[2011/02/17 13:16:52 | 000,171,520 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/02/17 13:16:52 | 000,070,174 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/02/17 13:16:51 | 000,153,631 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/02/17 13:16:51 | 000,066,591 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/02/17 13:16:50 | 000,241,206 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656se5.sys
[2011/02/17 13:16:50 | 000,077,386 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/02/17 13:16:49 | 000,634,134 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/02/17 13:16:49 | 000,069,194 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/02/17 13:16:48 | 000,069,692 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/02/17 13:16:48 | 000,026,141 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/02/17 13:16:47 | 000,055,999 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/02/17 13:16:47 | 000,024,653 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/02/17 13:16:46 | 000,044,103 | ---- | C] (3Com Corporation) -- C:\WINDOWS\System32\dllcache\el515.sys
[2011/02/17 13:16:44 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100b325.sys
[2011/02/17 13:16:44 | 000,019,594 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/02/17 13:16:43 | 000,050,719 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/02/17 13:16:41 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2011/02/17 13:16:40 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/02/17 13:16:39 | 000,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/02/17 13:16:38 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/02/17 13:16:37 | 000,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/02/17 13:16:37 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/02/17 13:16:36 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2011/02/17 13:16:36 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/02/17 13:16:33 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/02/17 13:16:32 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/02/17 13:16:32 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/02/17 13:16:32 | 000,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2011/02/17 13:16:30 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/02/17 13:16:30 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/02/17 13:16:29 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/02/17 13:16:29 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/02/17 13:16:28 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/02/17 13:16:27 | 000,614,429 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiview.exe
[2011/02/17 13:16:27 | 000,110,621 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/02/17 13:16:27 | 000,042,432 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/02/17 13:16:26 | 000,041,046 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/02/17 13:16:26 | 000,021,606 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/02/17 13:16:25 | 000,229,462 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/02/17 13:16:25 | 000,159,828 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digihlc.dll
[2011/02/17 13:16:25 | 000,102,484 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiinf.dll
[2011/02/17 13:16:24 | 000,103,044 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidxb.sys
[2011/02/17 13:16:24 | 000,090,525 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digifep5.sys
[2011/02/17 13:16:23 | 000,131,156 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digidbp.dll
[2011/02/17 13:16:23 | 000,065,622 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/02/17 13:16:23 | 000,037,735 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/02/17 13:16:21 | 000,419,357 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/02/17 13:16:21 | 000,029,531 | ---- | C] (Digi International Inc.) -- C:\WINDOWS\System32\dllcache\dgapci.sys
[2011/02/17 13:16:20 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/02/17 13:16:20 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/02/17 13:16:19 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devldr32.exe
[2011/02/17 13:16:18 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\devcon32.dll
[2011/02/17 13:16:17 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/02/17 13:16:17 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/02/17 13:16:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/02/17 13:16:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/02/17 13:16:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/02/17 13:16:15 | 000,063,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/02/17 13:16:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/02/17 13:16:13 | 000,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/02/17 13:16:12 | 000,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/02/17 13:16:11 | 000,117,760 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/02/17 13:16:10 | 000,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2011/02/17 13:16:10 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2011/02/17 13:16:10 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/02/17 13:16:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2011/02/17 13:16:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/02/17 13:16:09 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2011/02/17 13:16:08 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/02/17 13:16:07 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/02/17 13:16:07 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/02/17 13:16:07 | 000,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/02/17 13:16:06 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/02/17 13:16:06 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/02/17 13:16:05 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/02/17 13:16:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/02/17 13:16:05 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/02/17 13:16:04 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/02/17 13:16:03 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/02/17 13:16:03 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/02/17 13:16:02 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/02/17 13:16:02 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/02/17 13:16:01 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2011/02/17 13:16:00 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/02/17 13:16:00 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- C:\WINDOWS\System32\dllcache\crtaud.sys
[2011/02/17 13:15:59 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/02/17 13:15:58 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/02/17 13:15:58 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/02/17 13:15:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2011/02/17 13:15:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2011/02/17 13:15:51 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/02/17 13:15:49 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- C:\WINDOWS\System32\dllcache\cmdide.sys
[2011/02/17 13:15:48 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/02/17 13:15:47 | 000,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/02/17 13:15:46 | 000,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/02/17 13:15:46 | 000,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2011/02/17 13:15:45 | 000,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2011/02/17 13:15:45 | 000,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2011/02/17 13:15:44 | 000,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2011/02/17 13:15:43 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/02/17 13:15:42 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/02/17 13:15:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2011/02/17 13:15:33 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/02/17 13:15:32 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/02/17 13:15:32 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/02/17 13:15:31 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/02/17 13:15:31 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/02/17 13:15:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/02/17 13:15:29 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/02/17 13:15:28 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/02/17 13:15:28 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/02/17 13:15:27 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/02/17 13:15:27 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/02/17 13:15:26 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/02/17 13:15:26 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/02/17 13:15:23 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2011/02/17 13:15:23 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2011/02/17 13:15:22 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2011/02/17 13:15:22 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2011/02/17 13:15:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2011/02/17 13:15:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2011/02/17 13:15:20 | 000,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2011/02/17 13:15:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/02/17 13:15:20 | 000,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/02/17 13:14:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/02/17 13:14:47 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/02/17 13:14:47 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/02/17 13:14:46 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/02/17 13:14:46 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/02/17 13:14:45 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/02/17 13:14:45 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/02/17 13:14:44 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/02/17 13:14:43 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/02/17 13:14:42 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/02/17 13:14:41 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/02/17 13:14:41 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/02/17 13:14:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/02/17 13:14:39 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/02/17 13:14:39 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/02/17 13:14:39 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/02/17 13:14:38 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/02/17 13:14:37 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/02/17 13:14:37 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/02/17 13:14:36 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/02/17 13:14:35 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/02/17 13:14:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2011/02/17 13:14:33 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/02/17 13:14:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/02/17 13:14:32 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/02/17 13:14:32 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/02/17 13:14:31 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/02/17 13:14:29 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/02/17 13:14:29 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2011/02/17 13:14:28 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/02/17 13:14:28 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/02/17 13:14:27 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/02/17 13:14:27 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/02/17 13:14:25 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/02/17 13:14:24 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/02/17 13:14:23 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/02/17 13:14:22 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/02/17 13:14:21 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/02/17 13:14:20 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2011/02/17 13:14:14 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2011/02/17 13:14:13 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2011/02/17 13:14:12 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2011/02/17 13:14:11 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2011/02/17 13:14:10 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2011/02/17 13:14:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2011/02/17 13:14:09 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2011/02/17 13:14:09 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2011/02/17 13:14:08 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2011/02/17 13:14:06 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2011/02/17 13:14:06 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2011/02/17 13:14:04 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/02/17 13:14:03 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/02/17 13:14:03 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2011/02/17 13:14:02 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2011/02/17 13:14:01 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/02/17 13:13:59 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2011/02/17 13:13:59 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2011/02/17 13:13:58 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/02/17 13:13:58 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2011/02/17 13:13:57 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2011/02/17 13:13:57 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2011/02/17 13:13:56 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/02/17 13:13:56 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/02/17 13:13:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2011/02/17 13:13:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/02/17 13:13:48 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/02/17 13:13:47 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/02/17 13:13:46 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/02/17 13:13:45 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/02/17 13:13:45 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/02/17 13:13:44 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/02/17 13:13:44 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2011/02/17 13:13:43 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2011/02/17 13:13:42 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/02/17 13:13:41 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2011/02/17 13:13:40 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/02/17 13:13:40 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/02/17 13:13:39 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/02/17 13:13:38 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/02/17 13:13:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/02/17 13:13:37 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/02/17 13:13:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2011/02/17 13:13:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2011/02/17 13:13:34 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/02/17 13:13:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/02/17 13:13:33 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/02/17 13:13:33 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/02/17 13:13:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/02/17 13:13:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/02/16 07:30:28 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winlogon.exe
[2011/02/16 07:29:55 | 001,854,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2011/02/16 07:29:55 | 001,854,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2011/02/16 07:29:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrss.exe
[2011/02/13 12:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/13 12:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/02/13 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/13 12:23:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/02/13 09:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/12 14:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2011/02/12 12:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/02/12 12:26:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/12 12:26:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/12 12:26:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/12 12:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/12 12:26:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/11 09:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/11 09:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/02/05 10:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Google Chrome
[2011/02/05 10:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2011/02/05 10:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Deployment
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/23 02:02:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1647877149-682003330-1003UA.job
[2011/02/23 01:55:24 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2011/02/23 01:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/02/23 00:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/02/22 23:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/02/22 22:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/02/22 21:37:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC021C3-E50D-454E-A0D8-802DD60FCF77}.job
[2011/02/22 21:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/02/22 20:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/02/22 19:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/02/22 18:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/02/22 17:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/02/22 16:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/02/22 15:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/02/22 14:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/02/22 13:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/02/22 12:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/02/22 11:59:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/02/22 11:58:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/22 11:58:29 | 1073,319,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/22 11:02:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1647877149-682003330-1003Core.job
[2011/02/21 11:37:33 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\TDSSKiller.exe
[2011/02/21 11:37:07 | 001,257,772 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/02/17 15:00:37 | 000,286,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/17 14:55:18 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Office Word 2003.lnk
[2011/02/13 12:39:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/13 09:31:24 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1636.bat
[2011/02/13 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\ak6lp.js
[2011/02/13 09:26:21 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9768.bat
[2011/02/13 09:26:05 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Xwqqfjx.js
[2011/02/13 09:21:46 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7029.bat
[2011/02/13 09:21:26 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\dd3x3NIz.js
[2011/02/12 16:56:47 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\6872.bat
[2011/02/12 16:56:35 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WTuBKbRMI.js
[2011/02/12 16:34:13 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\2868.bat
[2011/02/12 16:34:01 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\SMBth6YeP.js
[2011/02/12 16:22:51 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4743.bat
[2011/02/12 16:22:32 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\DsHlTLv.js
[2011/02/12 16:00:43 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5220.bat
[2011/02/12 16:00:32 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\nIKss4S.js
[2011/02/12 15:50:41 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\600.bat
[2011/02/12 15:50:32 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\sH2lRgvWwM.js
[2011/02/12 15:34:12 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5830.bat
[2011/02/12 15:34:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\ASmzzj.js
[2011/02/12 15:29:09 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4344.bat
[2011/02/12 15:28:47 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\C5uX2EZ.js
[2011/02/12 15:23:08 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\92.bat
[2011/02/12 15:23:00 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\8140.bat
[2011/02/12 15:23:00 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\2507.bat
[2011/02/12 15:22:30 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\sUUax8.js
[2011/02/12 15:22:27 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\S5oQb.js
[2011/02/12 15:22:27 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Kjlzou9UA.js
[2011/02/12 14:54:23 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\180.bat
[2011/02/12 14:54:21 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5279.bat
[2011/02/12 14:54:11 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5468.bat
[2011/02/12 14:53:56 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\tlwpNCS.js
[2011/02/12 14:53:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Lf9J8Q.js
[2011/02/12 14:53:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\I0V311.js
[2011/02/12 14:48:11 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4087.bat
[2011/02/12 14:48:11 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\8793.bat
[2011/02/12 14:48:09 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\3338.bat
[2011/02/12 14:47:52 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\mstuM.js
[2011/02/12 14:47:52 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\GFTzG962x.js
[2011/02/12 14:47:52 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\m2egty.js
[2011/02/12 14:40:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 14:34:10 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1626.bat
[2011/02/12 14:34:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\noCY7HbfZ.js
[2011/02/12 14:24:44 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5745.bat
[2011/02/12 14:24:38 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7003.bat
[2011/02/12 14:24:37 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7850.bat
[2011/02/12 14:24:19 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\qLbYb.js
[2011/02/12 14:24:17 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\VWRDA.js
[2011/02/12 14:24:17 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\user\Application Data\OBm7AAH6.js
[2011/02/12 14:19:07 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4818.bat
[2011/02/12 14:18:56 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4552.bat
[2011/02/12 14:18:56 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9719.bat
[2011/02/12 14:18:50 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\GraTK3sHW.js
[2011/02/12 14:18:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WnTmijTVc.js
[2011/02/12 14:18:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\v22MXW.js
[2011/02/12 13:50:19 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\6572.bat
[2011/02/12 13:50:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WbTASml.js
[2011/02/12 12:57:18 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\8096.bat
[2011/02/12 12:57:17 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\user\Application Data\2039.bat
[2011/02/12 12:57:13 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7137.bat
[2011/02/12 12:56:56 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Fbw68.js
[2011/02/12 12:56:56 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\BKhUK.js
[2011/02/12 12:56:56 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\user\Application Data\SPpeD32Zit.js
[2011/02/12 12:46:26 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\734.bat
[2011/02/12 12:46:10 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\3778.bat
[2011/02/12 12:45:24 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\226.bat
[2011/02/12 12:43:54 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\vVJC0GLX5W.js
[2011/02/12 12:43:54 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Fv4WoaRbt.js
[2011/02/12 12:43:54 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\er3sx9Wd7.js
[2011/02/12 12:36:54 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5410.bat
[2011/02/12 12:36:27 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4970.bat
[2011/02/12 12:36:26 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1546.bat
[2011/02/12 12:35:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\pGiNsj.js
[2011/02/12 12:35:55 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\wns3g0UZ.js
[2011/02/12 12:35:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\rTDewY.js
[2011/02/12 12:35:09 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5168.bat
[2011/02/12 12:34:07 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\To8Q9.js
[2011/02/12 12:17:42 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4755.bat
[2011/02/12 12:17:17 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\6606.bat
[2011/02/12 12:17:07 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\3426.bat
[2011/02/12 12:16:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\gygR51cZ.js
[2011/02/12 12:16:50 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\fBjxTc.js
[2011/02/12 12:16:50 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CCTSjno.js
[2011/02/12 12:09:13 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9265.bat
[2011/02/12 12:09:12 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1223.bat
[2011/02/12 12:09:06 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\kQ9ZdxVW.js
[2011/02/12 12:09:03 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Nfi3GCf.js
[2011/02/12 02:36:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/12 01:04:46 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/02/12 01:04:46 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/11 09:39:24 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\user\Application Data\completescan_pal
[2011/02/11 09:34:14 | 000,000,314 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Startup.js
[2011/02/11 09:33:40 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\user\document.doc
[2011/02/10 17:05:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/05 15:11:36 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/21 11:36:44 | 001,257,772 | ---- | C] () -- C:\Documents and Settings\user\Desktop\tdsskiller.zip
[2011/02/17 13:25:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/02/17 13:25:33 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/02/17 13:21:43 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/02/17 13:21:42 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/02/17 13:20:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/02/17 13:17:48 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/02/17 13:17:47 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/02/17 13:17:46 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/02/17 13:17:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/02/17 13:17:45 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/02/17 13:16:31 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/02/17 13:16:31 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/02/17 13:16:30 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/02/17 13:14:17 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/02/17 13:14:17 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/02/17 13:14:16 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/02/17 13:14:16 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/02/17 13:14:15 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/02/17 13:14:15 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/02/17 13:14:14 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/02/17 13:14:14 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/02/17 13:14:13 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/02/17 13:14:08 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/02/16 14:47:20 | 1073,319,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/13 12:39:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/13 09:31:24 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\1636.bat
[2011/02/13 09:31:05 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ak6lp.js
[2011/02/13 09:26:21 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\user\Application Data\9768.bat
[2011/02/13 09:26:05 | 000,010,475 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Xwqqfjx.js
[2011/02/13 09:21:46 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\7029.bat
[2011/02/13 09:21:26 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\dd3x3NIz.js
[2011/02/12 16:56:47 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\6872.bat
[2011/02/12 16:56:35 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\WTuBKbRMI.js
[2011/02/12 16:34:13 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\2868.bat
[2011/02/12 16:34:01 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\SMBth6YeP.js
[2011/02/12 16:22:51 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4743.bat
[2011/02/12 16:22:32 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\DsHlTLv.js
[2011/02/12 16:00:43 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5220.bat
[2011/02/12 16:00:32 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\nIKss4S.js
[2011/02/12 15:50:41 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\600.bat
[2011/02/12 15:50:32 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\sH2lRgvWwM.js
[2011/02/12 15:34:12 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5830.bat
[2011/02/12 15:34:01 | 000,010,475 | ---- | C] () -- C:\Documents and Settings\user\Application Data\ASmzzj.js
[2011/02/12 15:29:09 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4344.bat
[2011/02/12 15:28:47 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\C5uX2EZ.js
[2011/02/12 15:23:08 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\92.bat
[2011/02/12 15:23:00 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\8140.bat
[2011/02/12 15:23:00 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\2507.bat
[2011/02/12 15:22:30 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\sUUax8.js
[2011/02/12 15:22:27 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\S5oQb.js
[2011/02/12 15:22:27 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Kjlzou9UA.js
[2011/02/12 14:54:23 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\180.bat
[2011/02/12 14:54:21 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5279.bat
[2011/02/12 14:54:11 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5468.bat
[2011/02/12 14:53:56 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\tlwpNCS.js
[2011/02/12 14:53:55 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Lf9J8Q.js
[2011/02/12 14:53:55 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\I0V311.js
[2011/02/12 14:48:11 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4087.bat
[2011/02/12 14:48:11 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\8793.bat
[2011/02/12 14:48:09 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\3338.bat
[2011/02/12 14:47:52 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\mstuM.js
[2011/02/12 14:47:52 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\GFTzG962x.js
[2011/02/12 14:47:52 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\m2egty.js
[2011/02/12 14:40:24 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/12 14:34:10 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\1626.bat
[2011/02/12 14:34:01 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\noCY7HbfZ.js
[2011/02/12 14:24:44 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5745.bat
[2011/02/12 14:24:38 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\7003.bat
[2011/02/12 14:24:37 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\7850.bat
[2011/02/12 14:24:19 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\qLbYb.js
[2011/02/12 14:24:17 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\VWRDA.js
[2011/02/12 14:24:17 | 000,010,476 | ---- | C] () -- C:\Documents and Settings\user\Application Data\OBm7AAH6.js
[2011/02/12 14:19:07 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4818.bat
[2011/02/12 14:18:56 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4552.bat
[2011/02/12 14:18:56 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\9719.bat
[2011/02/12 14:18:50 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\GraTK3sHW.js
[2011/02/12 14:18:50 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\WnTmijTVc.js
[2011/02/12 14:18:50 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\v22MXW.js
[2011/02/12 13:50:19 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\6572.bat
[2011/02/12 13:50:01 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\WbTASml.js
[2011/02/12 12:57:18 | 000,000,165 | ---- | C] () -- C:\Documents and Settings\user\Application Data\8096.bat
[2011/02/12 12:57:17 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\user\Application Data\2039.bat
[2011/02/12 12:57:13 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\7137.bat
[2011/02/12 12:56:56 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Fbw68.js
[2011/02/12 12:56:56 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\user\Application Data\BKhUK.js
[2011/02/12 12:56:56 | 000,010,476 | ---- | C] () -- C:\Documents and Settings\user\Application Data\SPpeD32Zit.js
[2011/02/12 12:46:26 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\user\Application Data\734.bat
[2011/02/12 12:46:10 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\3778.bat
[2011/02/12 12:45:24 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\226.bat
[2011/02/12 12:43:54 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\vVJC0GLX5W.js
[2011/02/12 12:43:54 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Fv4WoaRbt.js
[2011/02/12 12:43:54 | 000,010,475 | ---- | C] () -- C:\Documents and Settings\user\Application Data\er3sx9Wd7.js
[2011/02/12 12:36:54 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5410.bat
[2011/02/12 12:36:27 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4970.bat
[2011/02/12 12:36:26 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\1546.bat
[2011/02/12 12:35:57 | 000,010,475 | ---- | C] () -- C:\Documents and Settings\user\Application Data\pGiNsj.js
[2011/02/12 12:35:55 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\wns3g0UZ.js
[2011/02/12 12:35:55 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\rTDewY.js
[2011/02/12 12:35:09 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\5168.bat
[2011/02/12 12:34:07 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\To8Q9.js
[2011/02/12 12:17:42 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\4755.bat
[2011/02/12 12:17:17 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\6606.bat
[2011/02/12 12:17:07 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\user\Application Data\3426.bat
[2011/02/12 12:16:55 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\gygR51cZ.js
[2011/02/12 12:16:50 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\fBjxTc.js
[2011/02/12 12:16:50 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\user\Application Data\CCTSjno.js
[2011/02/12 12:09:13 | 000,000,159 | ---- | C] () -- C:\Documents and Settings\user\Application Data\9265.bat
[2011/02/12 12:09:12 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\user\Application Data\1223.bat
[2011/02/12 12:09:06 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\user\Application Data\kQ9ZdxVW.js
[2011/02/12 12:09:03 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Nfi3GCf.js
[2011/02/12 09:35:27 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1320.bat
[2011/02/12 09:34:49 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\BizlsP6gk.js
[2011/02/12 08:35:45 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\8430.bat
[2011/02/12 08:34:37 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\jIuyA.js
[2011/02/12 07:35:37 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\6467.bat
[2011/02/12 07:34:41 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\H2A7Duz.js
[2011/02/12 06:35:52 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\3656.bat
[2011/02/12 06:34:23 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\iV9WdA6v.js
[2011/02/12 05:35:12 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\3502.bat
[2011/02/12 05:34:38 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\MZRIv.js
[2011/02/12 04:34:49 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\4792.bat
[2011/02/12 04:34:20 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\G9etDo8StK.js
[2011/02/12 03:35:00 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\7947.bat
[2011/02/12 03:34:17 | 000,010,479 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\O8Kz1uk.js
[2011/02/12 02:36:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/12 02:34:59 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1263.bat
[2011/02/12 02:34:20 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\tjc9S.js
[2011/02/12 01:34:23 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\3722.bat
[2011/02/12 01:34:16 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ymOSzWE81s.js
[2011/02/12 00:34:19 | 000,000,183 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\1988.bat
[2011/02/12 00:34:12 | 000,010,476 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\CDhX1uoBV.js
[2011/02/11 23:34:20 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\8261.bat
[2011/02/11 23:34:13 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\qJanthYy.js
[2011/02/11 21:34:34 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\6738.bat
[2011/02/11 21:34:06 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\ngLZic.js
[2011/02/11 19:34:21 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\9819.bat
[2011/02/11 19:34:14 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\EpX6tHv.js
[2011/02/11 18:34:23 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\8372.bat
[2011/02/11 18:34:14 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\sClxY066.js
[2011/02/11 17:34:19 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\5498.bat
[2011/02/11 17:34:11 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\BoGvzen.js
[2011/02/11 15:34:26 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\5217.bat
[2011/02/11 15:34:14 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\qujsZhnS.js
[2011/02/11 13:34:29 | 000,000,185 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\3838.bat
[2011/02/11 13:34:14 | 000,010,477 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\KUSXqY.js
[2011/02/11 11:34:56 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\3254.bat
[2011/02/11 11:34:21 | 000,010,474 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\CqnhUYufuE.js
[2011/02/11 10:34:26 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\7831.bat
[2011/02/11 10:34:14 | 000,010,478 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\phkfzwgm6.js
[2011/02/11 09:39:24 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\user\Application Data\completescan_pal
[2011/02/11 09:34:16 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2011/02/11 09:34:15 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/02/11 09:34:14 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2011/02/11 09:34:14 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\Startup.js
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2011/02/11 09:34:13 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/02/11 09:33:39 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\user\document.doc
[2011/02/05 15:11:35 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/05 15:11:35 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
[2011/02/05 10:59:27 | 000,002,277 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2011/02/05 10:59:27 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/05 10:57:50 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1647877149-682003330-1003UA.job
[2011/02/05 10:57:49 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1647877149-682003330-1003Core.job
[2010/08/26 13:34:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/08/26 13:34:58 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/08/26 13:34:58 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/03 11:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/07/03 15:07:38 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/07/03 11:30:24 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\keyfile3.drm
[2007/12/26 15:21:28 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/12/26 15:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/12/26 14:55:54 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/26 14:49:34 | 000,016,857 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/26 15:40:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/24 14:27:57 | 000,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2007/10/24 08:00:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2002/03/21 13:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 11:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 11:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 11:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 11:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 11:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 11:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 11:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 20:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/08/28 11:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008/06/24 12:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/02/23 10:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/07/01 15:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/03/01 13:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/07/03 14:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore
[2010/09/10 13:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ACD Systems
[2008/06/24 12:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG7
[2009/11/11 13:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/11/28 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Image Zone Express
[2008/07/11 12:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Printer Info Cache
[2010/09/22 14:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer
[2008/03/29 10:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint
[2008/11/26 14:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vzsmbtb
[2010/09/22 15:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2009/04/24 12:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2011/02/23 01:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/02/22 12:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/02/22 13:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/02/22 14:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/02/22 15:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/02/22 16:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/02/22 17:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/02/22 18:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/02/23 00:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/02/22 19:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/02/22 20:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/02/22 21:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/02/22 23:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/02/22 22:34:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/02/22 11:58:33 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/02/22 21:37:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FFC021C3-E50D-454E-A0D8-802DD60FCF77}.job

========== Purity Check ==========



< End of report >

This is the paste of extras.txt:

OTL Extras logfile created on: 2/23/2011 2:00:04 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,024.00 Mb Total Physical Memory | 383.00 Mb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2098 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.97 Gb Total Space | 38.21 Gb Free Space | 69.52% Space Free | Partition Type: NTFS
Drive E: | 19.56 Gb Total Space | 19.29 Gb Free Space | 98.66% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 460.56 Gb Free Space | 98.88% Space Free | Partition Type: NTFS

Computer Name: SONY-VAIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "E:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\aol\acs\AOLDial.exe" = C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe" = C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service
"C:\Program Files\Common Files\aol\1204394410\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1204394410\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed
"C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\aol\1204394410\ee\AOLDesktop.exe" = C:\Program Files\Common Files\aol\1204394410\ee\AOLDesktop.exe:*:Enabled:AOL Desktop
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\AOL\1216474637\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1216474637\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
"C:\Program Files\Common Files\AOL\1216474637\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1216474637\ee\AOLDesktop.exe:*:Enabled:AOL Desktop
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89F4B0BC-941A-4BD7-A005-738B528D96D9}" = DVDPlugout
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C470AC79-0F65-4292-ACDB-AC39EE59B29E}" = ArcSoft DVD SlideShow
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AOL Email Toolbar" = AOL Email Toolbar
"AOL Toolbar 5.0" =
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.1.1 Home Edition
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"Lucent Technologies Soft Modem" = Lucent Technologies Soft Modem AMR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 5" = TeamViewer 5
"ViewpointMediaPlayer" = Viewpoint Media Player
"vzsmbtb" = Verizon SMB Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2011 1:40:48 PM | Computer Name = SONY-VAIO | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module mshtml.dll, version 8.0.6001.19019, fault address 0x000e15d4.

[ System Events ]
Error - 2/17/2011 4:01:00 PM | Computer Name = SONY-VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'yac3ren.ax' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 2/18/2011 4:00:10 PM | Computer Name = SONY-VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'yac3ren.ax' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 2/19/2011 4:00:17 PM | Computer Name = SONY-VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'yac3ren.ax' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 2/21/2011 10:29:04 AM | Computer Name = SONY-VAIO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/21/2011 10:29:41 AM | Computer Name = SONY-VAIO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 2/21/2011 4:00:02 PM | Computer Name = SONY-VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'yac3ren.ax' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.

Error - 2/22/2011 12:58:41 PM | Computer Name = SONY-VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 2/22/2011 4:00:10 PM | Computer Name = SONY-VAIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000043'
while processing the file 'yac3ren.ax' on the volume 'HarddiskVolume3'. It has
stopped monitoring the volume.


< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:18 PM

Posted 23 February 2011 - 05:36 PM

Okay, now we've found what's left. Quite a lot.

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/02/22 21:37:17 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC021C3-E50D-454E-A0D8-802DD60FCF77}.job
[2011/02/13 09:31:24 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1636.bat
[2011/02/13 09:31:05 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\ak6lp.js
[2011/02/13 09:26:21 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9768.bat
[2011/02/13 09:26:05 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Xwqqfjx.js
[2011/02/13 09:21:46 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7029.bat
[2011/02/13 09:21:26 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\dd3x3NIz.js
[2011/02/12 16:56:47 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\6872.bat
[2011/02/12 16:56:35 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WTuBKbRMI.js
[2011/02/12 16:34:13 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\2868.bat
[2011/02/12 16:34:01 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\SMBth6YeP.js
[2011/02/12 16:22:51 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4743.bat
[2011/02/12 16:22:32 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\DsHlTLv.js
[2011/02/12 16:00:43 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5220.bat
[2011/02/12 16:00:32 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\nIKss4S.js
[2011/02/12 15:50:41 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\600.bat
[2011/02/12 15:50:32 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\sH2lRgvWwM.js
[2011/02/12 15:34:12 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5830.bat
[2011/02/12 15:34:01 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\ASmzzj.js
[2011/02/12 15:29:09 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4344.bat
[2011/02/12 15:28:47 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\C5uX2EZ.js
[2011/02/12 15:23:08 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\92.bat
[2011/02/12 15:23:00 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\8140.bat
[2011/02/12 15:23:00 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\2507.bat
[2011/02/12 15:22:30 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\sUUax8.js
[2011/02/12 15:22:27 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\S5oQb.js
[2011/02/12 15:22:27 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Kjlzou9UA.js
[2011/02/12 14:54:23 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\180.bat
[2011/02/12 14:54:21 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5279.bat
[2011/02/12 14:54:11 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5468.bat
[2011/02/12 14:53:56 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\tlwpNCS.js
[2011/02/12 14:53:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Lf9J8Q.js
[2011/02/12 14:53:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\I0V311.js
[2011/02/12 14:48:11 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4087.bat
[2011/02/12 14:48:11 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\8793.bat
[2011/02/12 14:48:09 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\3338.bat
[2011/02/12 14:47:52 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\mstuM.js
[2011/02/12 14:47:52 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\GFTzG962x.js
[2011/02/12 14:47:52 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\m2egty.js
[2011/02/12 14:34:10 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1626.bat
[2011/02/12 14:34:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\noCY7HbfZ.js
[2011/02/12 14:24:44 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5745.bat
[2011/02/12 14:24:38 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7003.bat
[2011/02/12 14:24:37 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7850.bat
[2011/02/12 14:24:19 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\qLbYb.js
[2011/02/12 14:24:17 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\VWRDA.js
[2011/02/12 14:24:17 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\user\Application Data\OBm7AAH6.js
[2011/02/12 14:19:07 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4818.bat
[2011/02/12 14:18:56 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4552.bat
[2011/02/12 14:18:56 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9719.bat
[2011/02/12 14:18:50 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\GraTK3sHW.js
[2011/02/12 14:18:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WnTmijTVc.js
[2011/02/12 14:18:50 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\v22MXW.js
[2011/02/12 13:50:19 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\6572.bat
[2011/02/12 13:50:01 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\WbTASml.js
[2011/02/12 12:57:18 | 000,000,165 | ---- | M] () -- C:\Documents and Settings\user\Application Data\8096.bat
[2011/02/12 12:57:17 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\user\Application Data\2039.bat
[2011/02/12 12:57:13 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\7137.bat
[2011/02/12 12:56:56 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Fbw68.js
[2011/02/12 12:56:56 | 000,010,477 | ---- | M] () -- C:\Documents and Settings\user\Application Data\BKhUK.js
[2011/02/12 12:56:56 | 000,010,476 | ---- | M] () -- C:\Documents and Settings\user\Application Data\SPpeD32Zit.js
[2011/02/12 12:46:26 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\734.bat
[2011/02/12 12:46:10 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\3778.bat
[2011/02/12 12:45:24 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\226.bat
[2011/02/12 12:43:54 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\vVJC0GLX5W.js
[2011/02/12 12:43:54 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Fv4WoaRbt.js
[2011/02/12 12:43:54 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\er3sx9Wd7.js
[2011/02/12 12:36:54 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5410.bat
[2011/02/12 12:36:27 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4970.bat
[2011/02/12 12:36:26 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1546.bat
[2011/02/12 12:35:57 | 000,010,475 | ---- | M] () -- C:\Documents and Settings\user\Application Data\pGiNsj.js
[2011/02/12 12:35:55 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\wns3g0UZ.js
[2011/02/12 12:35:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\rTDewY.js
[2011/02/12 12:35:09 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\5168.bat
[2011/02/12 12:34:07 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\To8Q9.js
[2011/02/12 12:17:42 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\4755.bat
[2011/02/12 12:17:17 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\6606.bat
[2011/02/12 12:17:07 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\user\Application Data\3426.bat
[2011/02/12 12:16:55 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\gygR51cZ.js
[2011/02/12 12:16:50 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\fBjxTc.js
[2011/02/12 12:16:50 | 000,010,479 | ---- | M] () -- C:\Documents and Settings\user\Application Data\CCTSjno.js
[2011/02/12 12:09:13 | 000,000,159 | ---- | M] () -- C:\Documents and Settings\user\Application Data\9265.bat
[2011/02/12 12:09:12 | 000,000,167 | ---- | M] () -- C:\Documents and Settings\user\Application Data\1223.bat
[2011/02/12 12:09:06 | 000,010,474 | ---- | M] () -- C:\Documents and Settings\user\Application Data\kQ9ZdxVW.js
[2011/02/12 12:09:03 | 000,010,478 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Nfi3GCf.js
:files
C:\WINDOWS\tasks\At*.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Also, please rerun OTL on Scan and post a new log. It should look a lot better. :)
Posted Image
m0le is a proud member of UNITE

#15 Joegi

Joegi
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 23 February 2011 - 06:55 PM

Ran the Fix it did not ask for a reboot..
I'm reruning OTL and will post in my next post in a few minutes
Log follows:
========== OTL ==========
C:\WINDOWS\tasks\User_Feed_Synchronization-{FFC021C3-E50D-454E-A0D8-802DD60FCF77}.job moved successfully.
C:\Documents and Settings\user\Application Data\1636.bat moved successfully.
C:\Documents and Settings\user\Application Data\ak6lp.js moved successfully.
C:\Documents and Settings\user\Application Data\9768.bat moved successfully.
C:\Documents and Settings\user\Application Data\Xwqqfjx.js moved successfully.
C:\Documents and Settings\user\Application Data\7029.bat moved successfully.
C:\Documents and Settings\user\Application Data\dd3x3NIz.js moved successfully.
C:\Documents and Settings\user\Application Data\6872.bat moved successfully.
C:\Documents and Settings\user\Application Data\WTuBKbRMI.js moved successfully.
C:\Documents and Settings\user\Application Data\2868.bat moved successfully.
C:\Documents and Settings\user\Application Data\SMBth6YeP.js moved successfully.
C:\Documents and Settings\user\Application Data\4743.bat moved successfully.
C:\Documents and Settings\user\Application Data\DsHlTLv.js moved successfully.
C:\Documents and Settings\user\Application Data\5220.bat moved successfully.
C:\Documents and Settings\user\Application Data\nIKss4S.js moved successfully.
C:\Documents and Settings\user\Application Data\600.bat moved successfully.
C:\Documents and Settings\user\Application Data\sH2lRgvWwM.js moved successfully.
C:\Documents and Settings\user\Application Data\5830.bat moved successfully.
C:\Documents and Settings\user\Application Data\ASmzzj.js moved successfully.
C:\Documents and Settings\user\Application Data\4344.bat moved successfully.
C:\Documents and Settings\user\Application Data\C5uX2EZ.js moved successfully.
C:\Documents and Settings\user\Application Data\92.bat moved successfully.
C:\Documents and Settings\user\Application Data\8140.bat moved successfully.
C:\Documents and Settings\user\Application Data\2507.bat moved successfully.
C:\Documents and Settings\user\Application Data\sUUax8.js moved successfully.
C:\Documents and Settings\user\Application Data\S5oQb.js moved successfully.
C:\Documents and Settings\user\Application Data\Kjlzou9UA.js moved successfully.
C:\Documents and Settings\user\Application Data\180.bat moved successfully.
C:\Documents and Settings\user\Application Data\5279.bat moved successfully.
C:\Documents and Settings\user\Application Data\5468.bat moved successfully.
C:\Documents and Settings\user\Application Data\tlwpNCS.js moved successfully.
C:\Documents and Settings\user\Application Data\Lf9J8Q.js moved successfully.
C:\Documents and Settings\user\Application Data\I0V311.js moved successfully.
C:\Documents and Settings\user\Application Data\4087.bat moved successfully.
C:\Documents and Settings\user\Application Data\8793.bat moved successfully.
C:\Documents and Settings\user\Application Data\3338.bat moved successfully.
C:\Documents and Settings\user\Application Data\mstuM.js moved successfully.
C:\Documents and Settings\user\Application Data\GFTzG962x.js moved successfully.
C:\Documents and Settings\user\Application Data\m2egty.js moved successfully.
C:\Documents and Settings\user\Application Data\1626.bat moved successfully.
C:\Documents and Settings\user\Application Data\noCY7HbfZ.js moved successfully.
C:\Documents and Settings\user\Application Data\5745.bat moved successfully.
C:\Documents and Settings\user\Application Data\7003.bat moved successfully.
C:\Documents and Settings\user\Application Data\7850.bat moved successfully.
C:\Documents and Settings\user\Application Data\qLbYb.js moved successfully.
C:\Documents and Settings\user\Application Data\VWRDA.js moved successfully.
C:\Documents and Settings\user\Application Data\OBm7AAH6.js moved successfully.
C:\Documents and Settings\user\Application Data\4818.bat moved successfully.
C:\Documents and Settings\user\Application Data\4552.bat moved successfully.
C:\Documents and Settings\user\Application Data\9719.bat moved successfully.
C:\Documents and Settings\user\Application Data\GraTK3sHW.js moved successfully.
C:\Documents and Settings\user\Application Data\WnTmijTVc.js moved successfully.
C:\Documents and Settings\user\Application Data\v22MXW.js moved successfully.
C:\Documents and Settings\user\Application Data\6572.bat moved successfully.
C:\Documents and Settings\user\Application Data\WbTASml.js moved successfully.
C:\Documents and Settings\user\Application Data\8096.bat moved successfully.
C:\Documents and Settings\user\Application Data\2039.bat moved successfully.
C:\Documents and Settings\user\Application Data\7137.bat moved successfully.
C:\Documents and Settings\user\Application Data\Fbw68.js moved successfully.
C:\Documents and Settings\user\Application Data\BKhUK.js moved successfully.
C:\Documents and Settings\user\Application Data\SPpeD32Zit.js moved successfully.
C:\Documents and Settings\user\Application Data\734.bat moved successfully.
C:\Documents and Settings\user\Application Data\3778.bat moved successfully.
C:\Documents and Settings\user\Application Data\226.bat moved successfully.
C:\Documents and Settings\user\Application Data\vVJC0GLX5W.js moved successfully.
C:\Documents and Settings\user\Application Data\Fv4WoaRbt.js moved successfully.
C:\Documents and Settings\user\Application Data\er3sx9Wd7.js moved successfully.
C:\Documents and Settings\user\Application Data\5410.bat moved successfully.
C:\Documents and Settings\user\Application Data\4970.bat moved successfully.
C:\Documents and Settings\user\Application Data\1546.bat moved successfully.
C:\Documents and Settings\user\Application Data\pGiNsj.js moved successfully.
C:\Documents and Settings\user\Application Data\wns3g0UZ.js moved successfully.
C:\Documents and Settings\user\Application Data\rTDewY.js moved successfully.
C:\Documents and Settings\user\Application Data\5168.bat moved successfully.
C:\Documents and Settings\user\Application Data\To8Q9.js moved successfully.
C:\Documents and Settings\user\Application Data\4755.bat moved successfully.
C:\Documents and Settings\user\Application Data\6606.bat moved successfully.
C:\Documents and Settings\user\Application Data\3426.bat moved successfully.
C:\Documents and Settings\user\Application Data\gygR51cZ.js moved successfully.
C:\Documents and Settings\user\Application Data\fBjxTc.js moved successfully.
C:\Documents and Settings\user\Application Data\CCTSjno.js moved successfully.
C:\Documents and Settings\user\Application Data\9265.bat moved successfully.
C:\Documents and Settings\user\Application Data\1223.bat moved successfully.
C:\Documents and Settings\user\Application Data\kQ9ZdxVW.js moved successfully.
C:\Documents and Settings\user\Application Data\Nfi3GCf.js moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.21.0 log created on 02232011_184709




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users