Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running out of virtual memory


  • This topic is locked This topic is locked
53 replies to this topic

#1 sortmymotor

sortmymotor

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 20 March 2011 - 01:20 PM

The computer will flag up that it is running out of virtual memory. Firefox will not have enough memory to display icons or menus properly. AVG has lost its system tray icons and Malwarebytes crashes during scans.

Edited by sortmymotor, 20 March 2011 - 01:23 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 25 March 2011 - 05:40 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 26 March 2011 - 03:00 PM

To answer one of your first questions. I do not have the Windows 2000 CD available. It is so long since I have had to use it I now don't know where it is.

Here are the logs. OTL.exe only produced one log and not two.

OTL logfile created on: 26/03/2011 6:46:49 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeff Haley\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

382.00 Mb Total Physical Memory | 53.00 Mb Available Physical Memory | 14.00% Memory free
738.00 Mb Paging File | 208.00 Mb Available in Paging File | 28.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 900 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 82.10 Gb Free Space | 71.71% Space Free | Partition Type: NTFS

Computer Name: JEFF | User Name: Jeff Haley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 18:40:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
PRC - [2011/03/24 09:28:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/05 13:09:30 | 012,587,696 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/11/25 09:18:05 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 12:00:10 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/20 08:57:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/20 08:57:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/20 08:57:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/01/09 19:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 18:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/03/13 22:11:10 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/03/13 22:11:08 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
PRC - [2003/07/14 12:00:00 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/07/14 12:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 18:40:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
MOD - [2003/07/14 12:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 23:59:38 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/20 08:57:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/20 20:10:42 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/05/20 20:10:38 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Group\Apache2\bin\Apache.exe -- (Apache2)
SRV - [2010/01/25 10:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/03/13 22:11:08 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/11/06 20:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/09/07 07:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/07/14 12:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2003/07/14 12:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/07/14 12:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2003/07/14 12:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/07/14 12:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 11:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\hidserv.exe -- (HidServ)


========== Driver Services (SafeList) ==========

DRV - [2010/08/12 12:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/20 08:57:58 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/20 08:57:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 21:37:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINNT\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/22 14:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/07/07 17:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/02 17:08:16 | 000,019,744 | --S- | M] (AGG Software (http://www.aggsoft.com)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ausbmon.sys -- (ausbmon)
DRV - [2008/03/13 22:11:18 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/27 02:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINNT\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/11/06 20:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)
DRV - [2006/05/29 06:07:33 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/05/04 11:02:06 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/02/14 16:18:10 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sisnic2k.sys -- (SISNIC2K)
DRV - [2005/07/07 08:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\P17.sys -- (P17)
DRV - [2005/03/12 19:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rt2500usb.sys -- (rt2500usb) DWL-G122(rev.B)
DRV - [2005/01/10 10:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 10:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/12/08 10:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 10:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/07/14 12:00:00 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/07/14 12:00:00 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2003/07/14 12:00:00 | 000,102,160 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nbf.sys -- (Nbf)
DRV - [2003/07/14 12:00:00 | 000,091,408 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2003/07/14 12:00:00 | 000,065,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/14 12:00:00 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/07/14 12:00:00 | 000,058,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/14 12:00:00 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/07/14 12:00:00 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/07/14 12:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/07/14 12:00:00 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/07/14 12:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2003/07/14 12:00:00 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/07/14 12:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2003/07/14 12:00:00 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/07/14 12:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/07/14 12:00:00 | 000,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\sglfb.sys -- (sglfb)
DRV - [2003/07/14 12:00:00 | 000,002,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2003/06/19 11:05:04 | 000,068,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/11/04 22:35:24 | 000,161,747 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sis630p.sys -- (SiS630)
DRV - [2002/10/21 12:47:16 | 000,006,891 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/08/30 09:50:16 | 000,400,590 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sis7018.sys -- (SiS7018) Service for SiS7018 Driver (WDM)
DRV - [2002/08/20 17:21:32 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/02/07 15:38:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
DRV - [2001/12/18 13:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/09/30 16:51:52 | 000,009,216 | ---- | M] (Connectix Corporation) [Kernel | Auto | Stopped] -- C:\WINNT\system32\drivers\vpcappsv.sys -- (VPCAppSv)
DRV - [2001/07/25 15:49:54 | 000,033,207 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DM9PCI5.SYS -- (DM9102)
DRV - [2001/04/13 02:00:00 | 000,037,248 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2000/10/25 20:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINNT\system32\SetupNT.sys -- (SetupNT)
DRV - [1999/09/27 19:26:50 | 000,055,120 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\lsermous.sys -- (lsermous)
DRV - [1998/10/06 02:26:48 | 000,177,344 | R--- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\s3mini.sys -- (S3Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b38ccd6&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 09:19:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/03/24 21:30:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 09:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/05 13:09:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/03/28 06:21:09 | 000,000,000 | ---D | M]

[2010/10/21 19:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Extensions
[2010/10/21 19:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/26 16:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions
[2010/03/26 13:45:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/03 14:23:21 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/13 23:11:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/03/26 16:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 14:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/12 09:30:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/25 09:19:08 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/03/24 21:30:55 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/05/21 00:07:00 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\Toolbar\ShellBrowser: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\.DEFAULT..\Run: [internat.exe] C:\WINNT\System32\internat.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\Default User.WINNT\Start Menu\Programs\Startup\Camio Viewer.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Jeff Haley\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\nobody\Start Menu\Programs\Startup\Camio Viewer.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\NWPROVAU.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237473326688 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008/07/13 16:50:26 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found


Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: midimapper - C:\WINNT\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: MSACM.CEGSM - C:\WINNT\System32\MOBILEV.ACM ()
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINNT\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINNT\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINNT\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINNT\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINNT\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINNT\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINNT\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINNT\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - C:\WINNT\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINNT\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINNT\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINNT\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINNT\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVYU - C:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Drivers32: wavemapper - C:\WINNT\System32\msacm32.drv (Microsoft Corporation)
Drivers32: wdmaud.drv - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 20:27:57 | 000,000,000 | ---D | C] -- C:\JouleLicencesAlex
[2011/03/17 17:05:09 | 000,000,000 | ---D | C] -- C:\INDEXNUM
[2011/03/15 12:29:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Common Files
[2011/03/07 09:21:03 | 000,000,000 | ---D | C] -- C:\indexnumlatest
[2010/05/20 20:11:50 | 000,065,536 | ---- | C] ( ) -- C:\WINNT\System32\A3d.dll
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[17 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/04/13 03:19:05 | 000,069,632 | ---- | M] () -- C:\WINNT\System32\system.mdw
[2011/03/26 18:40:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
[2011/03/26 18:28:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\prvlcl.dat
[2011/03/26 15:31:29 | 000,352,922 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
[2011/03/26 15:30:55 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_278.dat
[2011/03/26 00:17:09 | 073,244,035 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2011/03/25 18:34:23 | 000,010,500 | ---- | M] () -- C:\WINNT\UEDIT32.INI
[2011/03/25 11:50:15 | 001,163,842 | ---- | M] () -- C:\A400RadioSetup.zip
[2011/03/25 03:14:40 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2011/03/25 02:17:30 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2011/03/24 20:33:42 | 000,000,026 | ---- | M] () -- C:\WINNT\process.ini
[2011/03/24 13:07:20 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/24 01:17:06 | 001,198,704 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/03/24 00:30:36 | 000,001,204 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2011/03/23 16:59:58 | 001,174,534 | ---- | M] () -- C:\A400RadioSetupNorthWestParts.zip
[2011/03/22 23:06:18 | 001,173,852 | ---- | M] () -- C:\A400RadioSetupERS0389.zip
[2011/03/18 04:34:02 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/03/15 15:42:24 | 022,660,026 | ---- | M] () -- C:\A400DOSSetupBlueIce0707.rar
[2011/03/10 21:46:01 | 001,173,285 | ---- | M] () -- C:\A400RadioSetupMobileAudio0380.zip
[2011/03/08 09:18:34 | 000,186,030 | ---- | M] () -- C:\Gammav.zip
[2011/03/08 08:05:15 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3ac.dat
[2011/03/07 08:27:32 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Thunderbird.lnk
[2011/03/06 17:26:40 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk
[2011/03/04 02:24:39 | 000,713,086 | ---- | M] () -- C:\A400ECUSetup.zip
[2011/02/28 16:48:43 | 158,067,944 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/02/28 13:24:55 | 001,126,532 | ---- | M] () -- C:\WINNT\Personal\EXPRESS AND STAR ratecard-2010-v2midres.pdf
[2011/02/28 10:47:55 | 001,126,532 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\ratecard-2010-v2midres.pdf
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[17 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/04/12 06:11:16 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\dllcache\fpencode.dll
[2016/04/12 04:39:21 | 000,065,832 | ---- | C] () -- C:\WINNT\Santa Fe Stucco.bmp
[2016/04/12 04:39:21 | 000,017,336 | ---- | C] () -- C:\WINNT\Gone Fishing.bmp
[2016/04/12 04:39:21 | 000,001,272 | ---- | C] () -- C:\WINNT\Blue Lace 16.bmp
[2011/03/26 15:30:55 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_278.dat
[2011/03/25 11:50:16 | 001,163,842 | ---- | C] () -- C:\A400RadioSetup.zip
[2011/03/25 02:17:30 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2011/03/22 23:06:14 | 001,173,852 | ---- | C] () -- C:\A400RadioSetupERS0389.zip
[2011/03/15 15:41:06 | 022,660,026 | ---- | C] () -- C:\A400DOSSetupBlueIce0707.rar
[2011/03/10 21:45:54 | 001,173,285 | ---- | C] () -- C:\A400RadioSetupMobileAudio0380.zip
[2011/03/08 09:18:34 | 000,186,030 | ---- | C] () -- C:\Gammav.zip
[2011/03/08 08:05:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3ac.dat
[2011/02/28 16:35:48 | 158,067,944 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/02/28 13:24:54 | 001,126,532 | ---- | C] () -- C:\WINNT\Personal\EXPRESS AND STAR ratecard-2010-v2midres.pdf
[2011/02/28 10:47:49 | 001,126,532 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\ratecard-2010-v2midres.pdf
[2011/02/22 10:06:32 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_284.dat
[2011/02/10 01:35:47 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c8.dat
[2011/01/26 08:22:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2011/01/23 18:09:54 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_288.dat
[2011/01/03 18:58:22 | 000,102,400 | ---- | C] () -- C:\WINNT\RegBootClean.exe
[2010/11/12 09:30:57 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_c98.dat
[2010/11/06 17:17:46 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_290.dat
[2010/10/31 11:31:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_28c.dat
[2010/10/30 10:28:11 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2010/10/23 10:07:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3bc.dat
[2010/10/15 08:04:44 | 000,015,880 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe
[2010/08/28 10:25:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_154.dat
[2010/07/31 10:24:00 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_39c.dat
[2010/07/25 12:53:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_158.dat
[2010/07/10 11:29:41 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\ftdiunin.exe
[2010/07/10 11:29:41 | 000,000,115 | ---- | C] () -- C:\WINNT\System32\ftdiun2k.ini
[2010/07/10 09:39:51 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_15c.dat
[2010/07/08 09:18:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2a0.dat
[2010/07/02 10:22:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3cc.dat
[2010/06/24 08:54:39 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c4.dat
[2010/06/16 06:55:55 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[2010/06/13 15:51:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b8.dat
[2010/06/10 07:13:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat
[2010/06/09 01:57:16 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b0.dat
[2010/06/02 21:09:24 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d4.dat
[2010/05/23 12:25:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c8.dat
[2010/05/23 01:40:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_478.dat
[2010/05/22 09:44:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3d0.dat
[2010/05/21 03:09:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2010/05/21 02:03:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/05/20 20:12:21 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2010/05/20 20:12:08 | 000,233,472 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.exe
[2010/05/20 11:21:49 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/05/20 11:21:49 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/05/20 11:21:49 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/05/20 11:21:49 | 000,077,312 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/05/20 11:21:49 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/02/21 23:16:20 | 000,000,026 | ---- | C] () -- C:\WINNT\process.ini
[2010/02/12 15:54:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\prvlcl.dat
[2009/12/16 12:31:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\housecall.guid.cache
[2009/10/17 07:14:53 | 001,470,464 | ---- | C] () -- C:\WINNT\libmysql.dll
[2009/09/24 20:53:13 | 000,000,037 | ---- | C] () -- C:\WINNT\iltwain.ini
[2009/09/17 16:29:46 | 000,004,131 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\giajzima.dav
[2009/08/22 01:37:39 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\PushSource.dll
[2009/08/22 01:37:38 | 004,447,949 | ---- | C] () -- C:\WINNT\System32\libavcodec.dll
[2009/08/22 01:37:38 | 000,558,205 | ---- | C] () -- C:\WINNT\System32\libmplayer.dll
[2009/08/22 01:37:38 | 000,144,057 | ---- | C] () -- C:\WINNT\System32\libmpeg2_ff.dll
[2009/08/22 01:37:38 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\ff_wmv9.dll
[2009/08/22 01:37:37 | 000,485,888 | ---- | C] () -- C:\WINNT\System32\ff_libfaad2.dll
[2009/08/22 01:37:37 | 000,257,024 | ---- | C] () -- C:\WINNT\System32\ff_libdts.dll
[2009/08/22 01:37:37 | 000,183,296 | ---- | C] () -- C:\WINNT\System32\ff_samplerate.dll
[2009/08/22 01:37:37 | 000,178,688 | ---- | C] () -- C:\WINNT\System32\ff_libmad.dll
[2009/08/22 01:37:37 | 000,113,152 | ---- | C] () -- C:\WINNT\System32\ff_unrar.dll
[2009/08/22 01:37:37 | 000,067,584 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2009/08/22 01:37:36 | 003,112,448 | ---- | C] () -- C:\WINNT\System32\ffdshow.dll
[2009/08/22 01:37:36 | 000,142,848 | ---- | C] () -- C:\WINNT\System32\ff_liba52.dll
[2009/05/29 17:22:30 | 000,053,248 | R--- | C] () -- C:\WINNT\System32\P17CPI.dll
[2009/05/29 17:22:29 | 000,064,512 | R--- | C] () -- C:\WINNT\System32\P17.dll
[2009/04/19 18:56:56 | 000,001,024 | -HS- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\pub2pdfpro.dll
[2009/04/19 18:56:36 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfmonnt.dll
[2009/04/19 18:56:33 | 000,000,156 | ---- | C] () -- C:\WINNT\System32\psconv.ini
[2009/04/14 01:09:40 | 000,012,976 | ---- | C] () -- C:\WINNT\winsight.ini
[2009/03/28 06:17:41 | 000,001,204 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2009/03/28 06:06:54 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/03/28 06:06:52 | 000,258,424 | ---- | C] () -- C:\WINNT\System32\qasf.dll
[2009/02/19 17:37:49 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\YCRWin32.dll
[2009/02/19 17:29:06 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2009/02/15 01:05:10 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\PUTTY.RND
[2008/12/10 11:33:18 | 000,017,920 | ---- | C] () -- C:\WINNT\System32\implode.dll
[2008/11/06 16:37:32 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008/11/06 16:33:02 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2008/06/22 13:22:44 | 000,000,087 | ---- | C] () -- C:\WINNT\TDW.INI
[2008/03/25 03:38:41 | 000,002,550 | ---- | C] () -- C:\WINNT\unins000.dat
[2007/11/06 20:19:28 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll
[2007/10/25 02:27:23 | 000,001,156 | ---- | C] () -- C:\WINNT\mozver.dat
[2007/10/25 02:23:48 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2007/06/13 10:58:21 | 000,003,980 | ---- | C] () -- C:\WINNT\SWDEPEND.INI
[2007/05/03 22:32:18 | 000,000,075 | ---- | C] () -- C:\WINNT\DATAMGR.INI
[2007/04/07 21:45:01 | 000,005,606 | ---- | C] () -- C:\WINNT\System32\stci.dll
[2007/04/06 17:56:49 | 000,004,212 | -H-- | C] () -- C:\WINNT\System32\zllictbl.dat
[2007/04/06 17:55:56 | 000,796,312 | ---- | C] () -- C:\WINNT\System32\libeay32_0.9.6l.dll
[2007/03/16 01:05:47 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\IDEproperty.dll
[2007/03/16 00:32:08 | 000,000,092 | ---- | C] () -- C:\WINNT\CMISETUP.INI
[2007/03/16 00:32:08 | 000,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI
[2007/03/16 00:01:10 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\sis730.bin
[2007/03/16 00:01:09 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\sis300.bin
[2007/03/16 00:01:09 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\sis630.bin
[2007/03/15 23:58:18 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\setuplib.dll
[2007/03/15 23:58:18 | 000,086,275 | ---- | C] () -- C:\WINNT\System32\waitwnd.exe
[2007/02/21 20:52:19 | 000,000,376 | ---- | C] () -- C:\WINNT\mozregistry.dat
[2007/01/11 21:23:16 | 000,010,500 | ---- | C] () -- C:\WINNT\UEDIT32.INI
[2007/01/06 01:47:26 | 000,000,398 | ---- | C] () -- C:\WINNT\infoview.ini
[2007/01/06 01:47:13 | 000,000,090 | ---- | C] () -- C:\WINNT\VBA.INI
[2007/01/06 01:46:04 | 000,078,438 | ---- | C] () -- C:\WINNT\EXTRACT.EXE
[2006/12/31 07:33:27 | 000,003,000 | R--- | C] () -- C:\WINNT\System32\SetupNT.sys
[2006/12/11 13:59:58 | 000,000,115 | ---- | C] () -- C:\WINNT\VBCE.INI
[2006/12/10 17:30:50 | 000,001,665 | ---- | C] () -- C:\WINNT\ExterCDRW100.ini
[2006/10/29 21:18:35 | 000,047,374 | ---- | C] () -- C:\WINNT\php.ini
[2006/04/06 21:21:06 | 000,002,670 | ---- | C] () -- C:\WINNT\ODBC.INI
[2006/02/18 01:29:52 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2006/02/18 01:28:32 | 000,015,004 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2006/02/17 18:50:00 | 000,004,534 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2006/02/17 18:34:16 | 000,125,320 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2005/07/07 09:26:56 | 000,005,627 | ---- | C] () -- C:\WINNT\System32\Ludap17.ini
[2005/03/08 06:17:08 | 000,000,054 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2004/12/19 13:29:40 | 000,106,496 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2004/12/19 13:17:10 | 000,614,400 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2003/07/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2003/07/14 12:00:00 | 000,283,038 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2003/07/14 12:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2003/07/14 12:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2003/07/14 12:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/07/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2003/07/14 12:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2003/07/14 12:00:00 | 000,033,144 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2003/07/14 12:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2003/07/14 12:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/07/14 12:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2003/07/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2003/07/14 12:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/02/18 18:26:28 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.dll
[2002/10/06 18:42:56 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\OggDS.dll
[2002/10/04 23:04:24 | 000,921,600 | ---- | C] () -- C:\WINNT\System32\VorbisEnc.dll
[2002/10/04 23:04:24 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2002/10/04 23:04:16 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[2002/05/15 23:38:40 | 000,091,136 | ---- | C] () -- C:\WINNT\System32\mp4fil32.dll
[1999/09/25 10:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 10:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/09/18 01:53:24 | 001,716,224 | ---- | C] () -- C:\WINNT\System32\s3vogl.dll
[1997/12/18 23:03:38 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\msvcrt10.dll
[1997/07/31 23:00:00 | 000,047,104 | ---- | C] () -- C:\WINNT\System32\WRKGADM.EXE
[1997/07/31 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997/07/31 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL

========== LOP Check ==========

[2009/04/10 13:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jewelsoft
[2010/10/26 12:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\AVG Security Toolbar
[2010/03/24 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\avg9
[2009/04/10 19:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Azureus
[2011/03/15 12:29:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Common Files
[2009/04/10 13:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Jewelsoft
[2007/10/11 20:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\MailFrontier
[2008/12/08 11:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\MySQL
[2009/04/10 13:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\NexusDB2
[2011/02/04 04:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
[2009/12/18 02:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\WinZip
[2010/10/13 23:18:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/07/10 11:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Advanced Diagnostics
[2010/07/13 13:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Azureus
[2009/09/24 20:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\CursorArts
[2008/06/28 17:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Datarescue
[2009/04/19 19:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\GetRightToGo
[2010/02/04 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Hex-Rays
[2009/04/10 13:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Jewelsoft
[2009/10/06 20:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\MySQL-Front
[2009/07/14 10:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Nvu
[2009/04/19 18:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\OpenOffice.org
[2011/02/04 21:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\TeamViewer
[2010/10/21 19:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff Haley\Application Data\Thunderbird
[2011/03/25 03:14:40 | 000,000,472 | ---- | M] () -- C:\WINNT\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/13 17:17:21 | 000,155,648 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2008/07/13 04:16:13 | 000,020,480 | ---- | M] () -- C:\WINNT\system32\config\sam.sav
[2008/07/13 04:26:28 | 000,028,672 | ---- | M] () -- C:\WINNT\system32\config\security.sav
[2008/07/13 17:17:21 | 016,822,272 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2008/07/13 17:17:25 | 003,887,104 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2007/12/01 15:28:14 | 000,032,828 | ---- | M] () -- C:\370FULL.DAT
[2007/12/02 04:42:24 | 000,032,768 | ---- | M] () -- C:\370FULL2.DAT
[2007/12/01 16:34:27 | 000,032,828 | ---- | M] () -- C:\370FULL2.DAT.bak
[2011/01/13 16:07:16 | 000,814,211 | ---- | M] () -- C:\400RadioCommunicar.zip
[2010/05/05 21:01:56 | 025,645,347 | ---- | M] () -- C:\A400DOSSetup.zip
[2011/02/03 02:38:13 | 024,324,158 | ---- | M] () -- C:\A400DOSSetup0002.zip
[2011/01/07 11:02:16 | 024,326,097 | ---- | M] () -- C:\A400DOSSetup0121.zip
[2010/07/26 10:36:04 | 025,645,293 | ---- | M] () -- C:\A400DOSSetup0176.zip
[2010/05/24 10:54:39 | 025,645,368 | ---- | M] () -- C:\A400DOSSetup0189.zip
[2010/08/17 17:00:46 | 024,181,679 | ---- | M] () -- C:\A400DOSSetup0227.zip
[2010/07/15 21:39:58 | 025,645,396 | ---- | M] () -- C:\A400DOSSetup0229.zip
[2010/08/23 06:54:26 | 024,324,126 | ---- | M] () -- C:\A400DOSSetup0337.zip
[2011/01/12 19:48:21 | 025,645,320 | ---- | M] () -- C:\A400DOSSetup0409.zip
[2010/08/10 14:16:30 | 024,183,572 | ---- | M] () -- C:\A400DOSSetup0473.zip
[2010/10/02 15:01:58 | 024,324,203 | ---- | M] () -- C:\A400DOSSetup0502.zip
[2010/08/30 03:15:24 | 024,324,177 | ---- | M] () -- C:\A400DOSSetup0563.zip
[2010/09/30 12:44:37 | 024,327,248 | ---- | M] () -- C:\A400DOSSetup0581.zip
[2010/12/06 09:25:02 | 024,324,097 | ---- | M] () -- C:\A400DOSSetup0637.zip
[2010/10/27 13:42:25 | 024,324,181 | ---- | M] () -- C:\A400DOSSetup0727RaySmith.zip
[2010/10/27 22:38:02 | 024,324,202 | ---- | M] () -- C:\A400DOSSetup0731SoundWaves.zip
[2010/07/12 09:27:57 | 025,645,338 | ---- | M] () -- C:\A400DOSSetup0875.zip
[2010/07/12 11:56:37 | 025,645,310 | ---- | M] () -- C:\A400DOSSetup0891.zip
[2011/03/15 15:42:24 | 022,660,026 | ---- | M] () -- C:\A400DOSSetupBlueIce0707.rar
[2010/06/15 11:20:31 | 025,645,347 | ---- | M] () -- C:\A400DOSSetupChana.zip
[2011/02/18 06:53:55 | 024,324,137 | ---- | M] () -- C:\A400DOSSetupJRDecodes0119.zip
[2011/02/16 20:32:20 | 024,324,125 | ---- | M] () -- C:\A400DOSSetupKeynet0818.zip
[2010/11/11 18:43:03 | 024,324,173 | ---- | M] () -- C:\A400DOSSetupNorthWestParts.zip
[2011/01/04 12:03:47 | 024,324,105 | ---- | M] () -- C:\A400DOSSetupVector0298.zip
[2010/06/14 18:50:44 | 025,645,405 | ---- | M] () -- C:\A400DOSSetup_Mastertech.zip
[2011/03/04 02:24:39 | 000,713,086 | ---- | M] () -- C:\A400ECUSetup.zip
[2011/02/08 09:14:09 | 113,365,574 | ---- | M] () -- C:\A400RadioHelpSetup.zip
[2010/07/27 15:02:36 | 000,802,694 | ---- | M] () -- C:\A400RadioMotorhog.zip
[2011/03/25 11:50:15 | 001,163,842 | ---- | M] () -- C:\A400RadioSetup.zip
[2011/02/11 18:17:46 | 001,171,968 | ---- | M] () -- C:\A400RadioSetup0002.zip
[2011/01/14 10:51:09 | 001,170,316 | ---- | M] () -- C:\A400RadioSetup0409.zip
[2011/03/22 23:06:18 | 001,173,852 | ---- | M] () -- C:\A400RadioSetupERS0389.zip
[2010/06/16 09:55:01 | 028,578,928 | ---- | M] () -- C:\A400RadioSetupHoyles.zip
[2011/02/16 20:25:38 | 001,171,827 | ---- | M] () -- C:\A400RadioSetupKeynet0818.zip
[2010/05/26 01:09:01 | 028,577,967 | ---- | M] () -- C:\A400RadioSetupMAAutos.zip
[2011/03/10 21:46:01 | 001,173,285 | ---- | M] () -- C:\A400RadioSetupMobileAudio0380.zip
[2011/03/23 16:59:58 | 001,174,534 | ---- | M] () -- C:\A400RadioSetupNorthWestParts.zip
[2011/03/26 15:30:00 | 000,117,977 | ---- | M] () -- C:\aaw7boot.log
[2003/07/14 12:00:00 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/07/14 12:00:00 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2008/07/10 03:27:28 | 000,040,213 | ---- | M] () -- C:\astrahexpatterns.txt
[2008/07/13 16:50:26 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2008/07/13 16:45:51 | 000,000,192 | -HS- | M] () -- C:\boot.ini
[2010/07/05 22:10:58 | 008,547,495 | ---- | M] () -- C:\C2AccountsSetup.zip
[2010/05/23 02:10:41 | 000,017,784 | ---- | M] () -- C:\ComboFix.txt
[2008/07/13 16:50:26 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2008/06/19 15:35:22 | 000,072,968 | ---- | M] () -- C:\credits.prn
[2010/09/14 16:30:15 | 000,260,299 | ---- | M] () -- C:\Dave Lloyd.zip
[2010/05/20 20:12:29 | 000,007,370 | ---- | M] () -- C:\DeQuarantine.txt
[2010/11/08 23:42:40 | 1530,988,503 | ---- | M] () -- C:\Develop.zip
[2009/03/28 14:10:00 | 055,131,062 | ---- | M] () -- C:\dosradio.zip
[2006/12/08 19:55:01 | 000,010,866 | ---- | M] () -- C:\email.txt
[2009/03/23 07:27:35 | 000,000,931 | ---- | M] () -- C:\EurasHasp.txt
[2009/07/02 12:11:18 | 000,000,288 | ---- | M] () -- C:\EvansHalshaw.txt
[2011/03/08 09:18:34 | 000,186,030 | ---- | M] () -- C:\Gammav.zip
[2009/09/23 11:44:55 | 025,198,891 | ---- | M] () -- C:\Help.zip
[2011/02/04 17:35:06 | 000,000,128 | ---- | M] () -- C:\History.ini
[2010/12/17 05:21:25 | 000,015,922 | ---- | M] () -- C:\index.php
[2010/07/24 13:17:34 | 000,000,194 | ---- | M] () -- C:\INSTALL.LOG
[2008/02/27 14:38:46 | 002,901,940 | ---- | M] () -- C:\invsetup.zip
[2006/02/18 01:31:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/18 10:38:47 | 000,000,024 | ---- | M] () -- C:\je.sys
[2007/02/24 19:31:03 | 000,000,000 | ---- | M] () -- C:\jeff.prn
[2006/09/21 23:37:01 | 001,026,048 | ---- | M] () -- C:\memoryst.dat
[2006/09/21 23:14:47 | 001,230,848 | ---- | M] () -- C:\memoryst1.dat
[2007/08/29 11:19:36 | 000,001,309 | ---- | M] () -- C:\MRADIO.BAT
[2009/01/26 06:20:53 | 000,014,652 | ---- | M] () -- C:\MrMemoryForDELL_LSeries.htm
[2006/02/18 01:31:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/12/10 17:18:32 | 000,000,000 | ---- | M] () -- C:\NeroTemp.nrg
[2003/07/14 12:00:00 | 000,024,336 | RHS- | M] (Microsoft Corporation) -- C:\NTBOOTDD.SYS
[2003/07/14 12:00:00 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2003/07/14 12:00:00 | 000,214,432 | RHS- | M] () -- C:\ntldr
[2011/03/26 15:30:02 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2007/08/09 21:07:39 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010/07/20 18:16:05 | 000,140,690 | ---- | M] () -- C:\T370.lst
[2010/06/02 00:26:22 | 000,140,606 | ---- | M] () -- C:\T370.lst.bak
[2009/05/16 12:15:20 | 004,281,237 | ---- | M] () -- C:\TASM.zip
[2010/10/13 02:46:01 | 000,037,066 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_13.10.2010_03.32.11_log.txt
[2006/04/24 19:10:54 | 000,019,456 | ---- | M] () -- C:\temp.rtf
[2006/11/12 13:23:19 | 000,008,192 | ---- | M] () -- C:\TMSDUMP.DAT
[2008/06/22 12:26:11 | 000,003,692 | ---- | M] () -- C:\VINResults.txt
[2008/05/05 12:11:16 | 000,001,416 | ---- | M] () -- C:\VINResults9.txt
[2008/07/02 00:05:22 | 000,003,692 | ---- | M] () -- C:\vinresultshexsort.txt
[2008/06/22 12:26:47 | 000,003,692 | ---- | M] () -- C:\vinresultssorted.txt
[2008/05/05 13:17:05 | 000,002,458 | ---- | M] () -- C:\VINTables9.txt
[2011/03/07 17:48:00 | 000,000,010 | ---- | M] () -- C:\VWBlauCodes VWZ1Z2C6973619 7 642 233 360 0182.txt
[2011/03/12 17:54:14 | 000,000,005 | ---- | M] () -- C:\VWBlauCodes VWZ1Z2E7704919 7 643 223 360 0182.txt
[2011/03/12 17:13:24 | 000,000,005 | ---- | M] () -- C:\VWBlauCodes VWZ1Z2I6698080 7 647 201 360 1407.txt
[2011/03/25 11:50:16 | 045,336,543 | ---- | M] () -- C:\winzip.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/07/14 12:00:00 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 864 bytes -> C:\WINNT\Personal\drawing2.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 864 bytes -> C:\WINNT\Personal\drawing1.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7684 bytes -> C:\WINNT\Personal\christmas card.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3740 bytes -> C:\WINNT\Personal\img1.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3304 bytes -> C:\WINNT\Personal\img3.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2300 bytes -> C:\WINNT\Personal\img4.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1620 bytes -> C:\WINNT\Personal\img8.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1512 bytes -> C:\WINNT\Personal\img6.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1444 bytes -> C:\WINNT\Personal\img9.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1444 bytes -> C:\WINNT\Personal\img7.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1416 bytes -> C:\WINNT\Personal\img10.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1396 bytes -> C:\WINNT\Personal\img12.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1392 bytes -> C:\WINNT\Personal\img5.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 12524 bytes -> C:\WINNT\Personal\img11.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:276B24AA
@Alternate Data Stream - 11628 bytes -> C:\WINNT\Personal\img2.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jeff Haley at 19:11:48.30 on Sat 26/03/2011
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.382.15 [GMT 0:00]
.
.
============== Running Processes ===============
.
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\system32\locator.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
C:\WINNT\notepad.exe
C:\Documents and Settings\Jeff Haley\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [internat.exe] internat.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\jeffha~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\monito~1.lnk - c:\program files\apache group\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INETREPL.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237473326688
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\AATP.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\CENETFLT.DLL
Notify: avgrsstarter - avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\jeffha~1\applic~1\mozilla\firefox\profiles\gxgktbuk.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b38ccd6&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q=
FF - component: c:\documents and settings\jeff haley\application data\mozilla\firefox\profiles\gxgktbuk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2010-10-13 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2008-7-23 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2008-3-25 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-12-28 243024]
R1 vsdatant;vsdatant;c:\winnt\system32\vsdatant.sys [2007-4-6 394952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-20 308136]
R2 vsmon;TrueVector Internet Monitor;c:\winnt\system32\zonelabs\vsmon.exe -service --> c:\winnt\system32\zonelabs\vsmon.exe -service [?]
R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\winnt\system32\drivers\ausbmon.sys [2010-7-21 19744]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\winnt\system32\drivers\libusb0.sys [2010-3-31 28160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1357464]
S2 VPCAppSv;Virtual PC Application Services;c:\winnt\system32\drivers\vpcappsv.sys [2001-9-30 9216]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 lsermous;Logitech Serial Mouse Driver;c:\winnt\system32\drivers\lsermous.sys [2006-2-17 55120]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [2007-11-6 34064]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [2003-7-14 24784]
S3 S3Inc;S3Inc;c:\winnt\system32\drivers\s3mini.sys [2006-12-31 177344]
S3 SiS630;SiS630;c:\winnt\system32\drivers\sis630p.sys [2007-3-16 161747]
S3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [2006-2-14 32768]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [2009-4-10 9038]
.
=============== Created Last 30 ================
.
2016-04-12 06:11:16 94208 -c--a-w- c:\winnt\system32\dllcache\fpencode.dll
2016-04-12 06:11:16 94208 ----a-w- c:\program files\common files\microsoft shared\web server extensions\40\bin\fpencode.dll
2016-04-12 05:43:30 1167584 ----a-r- c:\winnt\SET56.tmp
2016-04-12 05:43:26 13785 ----a-r- c:\winnt\SET2E.tmp
2016-04-12 04:28:44 1167584 ----a-r- c:\winnt\SET55.tmp
2016-04-12 04:28:40 13785 ----a-r- c:\winnt\SET2D.tmp
2011-03-24 20:27:57 -------- d-----w- C:\JouleLicencesAlex
2011-03-17 17:05:09 -------- d-----w- C:\INDEXNUM
2011-03-15 12:29:27 -------- d--h--w- c:\docume~1\alluse~1.win\applic~1\Common Files
2011-03-07 09:21:03 -------- d-----w- C:\indexnumlatest
.
==================== Find3M ====================
.
2016-04-15 04:38:20 3 ----a-w- c:\winnt\system32\BSETUP.TMP
2011-01-03 18:58:26 102400 ----a-w- c:\winnt\RegBootClean.exe
.
============= FINISH: 19:14:27.74 ===============

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-26 19:56:11
Windows 5.0.2195 Service Pack 4 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 Maxtor_6Y120P0 rev.YAR41BW0
Running: gmer.exe; Driver: C:\DOCUME~1\JEFFHA~1\LOCALS~1\Temp\ugtdypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xBBA2A040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xBBA26930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xBBA31A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xBBA2A510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xBBA30870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xBBA33FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xBBA2A600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xBBA26F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xBBA326E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xBBA32440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xBBA30580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xBBA328B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xBBA26D70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xBBA30350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xBBA30150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xBBA32CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xBBA29C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xBBA33080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xBBA2A220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xBBA27120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xBBA32140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xBBA30CD0]

INT 0x31 ? F82A9044
INT 0x33 ? F8130DC4
INT 0x34 ? F82A7044
INT 0x39 ? F85659A4
INT 0x3C ? F82AA344
INT 0x3E ? F8588044
INT 0x3F ? F8588884

---- Kernel code sections - GMER 1.0.15 ----

? srescan.sys The system cannot find the file specified. !
? C:\DOCUME~1\JEFFHA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINNT\system32\MSTask.exe? (*** hidden *** ) [MANUAL] Schedule <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{68BF5EB3-9CF1-C96B-F406-167ECB09CABF}

---- EOF - GMER 1.0.15 ----

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 26 March 2011 - 04:05 PM

Hello, sortmymotor.





Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578











Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 26 March 2011 - 04:52 PM

The uninstall of AVG failed. It stated the following:

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.

When trying to access this key with the registry editor it came up with access denied.

Also during a first attempt to uninstall AVG the end program window came up telling me that mshta.exe had stopped responding and did I want to terminate the application. All these steps were taken with the internet lock on Zone Alarm enabled to stop internet traffic.

I have at the moment shut down the offending machine.

AVG also reported that the machine was running out of virtual memory during the uninstall and had to shut down firefox.

Edited by sortmymotor, 26 March 2011 - 04:53 PM.


#6 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 26 March 2011 - 09:04 PM

I manually uninstalled AVG. Here is the ComboFix log.

ComboFix 11-03-26.01 - Jeff Haley 27/03/2011 0:52.5.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.382.276 [GMT 0:00]
Running from: c:\documents and settings\Jeff Haley\Desktop\etavaresCF.exe
.
/wow section - STAGE 10
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jeff Haley\Local Settings\Temporary Internet Files\SF0ED.gif
c:\joinersmate\JoinersMate.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-27 to 2011-03-27 )))))))))))))))))))))))))))))))
.
.
2016-04-12 06:11 . 2003-03-24 15:52 94208 -c--a-w- c:\winnt\system32\dllcache\fpencode.dll
2016-04-12 06:11 . 2003-03-24 15:52 94208 ----a-w- c:\program files\Common Files\Microsoft Shared\web server extensions\40\bin\fpencode.dll
2016-04-12 05:43 . 2003-07-14 12:00 1167584 ----a-r- c:\winnt\SET56.tmp
2016-04-12 05:43 . 2003-07-14 12:00 13785 ----a-r- c:\winnt\SET2E.tmp
2016-04-12 04:28 . 2003-07-14 12:00 1167584 ----a-r- c:\winnt\SET55.tmp
2016-04-12 04:28 . 2003-07-14 12:00 13785 ----a-r- c:\winnt\SET2D.tmp
2011-03-24 20:27 . 2011-03-24 20:28 -------- d-----w- C:\JouleLicencesAlex
2011-03-17 17:05 . 2011-03-17 17:06 -------- d-----w- C:\INDEXNUM
2011-03-15 12:29 . 2011-03-15 12:29 -------- d--h--w- c:\documents and settings\All Users.WINNT\Application Data\Common Files
2011-03-07 09:21 . 2011-03-07 09:22 -------- d-----w- C:\indexnumlatest
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-15 04:38 . 2006-12-31 07:32 3 ----a-w- c:\winnt\system32\BSETUP.TMP
2011-03-25 11:50 . 2011-03-25 11:50 1163842 ----a-w- C:\A400RadioSetup.zip
2011-03-23 16:59 . 2010-11-11 18:45 1174534 ----a-w- C:\A400RadioSetupNorthWestParts.zip
2011-03-22 23:06 . 2011-03-22 23:06 1173852 ----a-w- C:\A400RadioSetupERS0389.zip
2011-03-10 21:46 . 2011-03-10 21:45 1173285 ----a-w- C:\A400RadioSetupMobileAudio0380.zip
2011-03-08 09:18 . 2011-03-08 09:18 186030 ----a-w- C:\Gammav.zip
2011-03-04 02:24 . 2010-04-09 16:06 713086 ----a-w- C:\A400ECUSetup.zip
2011-02-18 06:53 . 2011-02-18 06:53 24324137 ----a-w- C:\A400DOSSetupJRDecodes0119.zip
2011-02-16 20:32 . 2011-02-16 20:32 24324125 ----a-w- C:\A400DOSSetupKeynet0818.zip
2011-02-16 20:25 . 2011-02-16 20:25 1171827 ----a-w- C:\A400RadioSetupKeynet0818.zip
2011-02-11 18:17 . 2011-02-03 02:39 1171968 ----a-w- C:\A400RadioSetup0002.zip
2011-02-08 09:14 . 2010-07-06 20:00 113365574 ----a-w- C:\A400RadioHelpSetup.zip
2011-02-03 02:38 . 2011-02-03 02:38 24324158 ----a-w- C:\A400DOSSetup0002.zip
2011-01-14 10:51 . 2011-01-14 10:51 1170316 ----a-w- C:\A400RadioSetup0409.zip
2011-01-13 16:07 . 2011-01-12 19:55 814211 ----a-w- C:\400RadioCommunicar.zip
2011-01-12 19:48 . 2010-07-12 09:08 25645320 ----a-w- C:\A400DOSSetup0409.zip
2011-01-07 11:02 . 2010-07-28 09:05 24326097 ----a-w- C:\A400DOSSetup0121.zip
2011-01-04 12:03 . 2011-01-04 12:03 24324105 ----a-w- C:\A400DOSSetupVector0298.zip
2011-01-03 18:58 . 2011-01-03 18:58 102400 ----a-w- c:\winnt\RegBootClean.exe
.
.
------- Sigcheck -------
.
.
[-] 2004-07-09 04:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
c:\winnt\System32\comres.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-05-20_11.47.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-17 19:01 . 2006-04-23 08:01 19216 c:\winnt\system32\xolehlp.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 19216 c:\winnt\system32\xolehlp.dll
+ 2007-04-06 18:16 . 2009-08-06 18:24 44768 c:\winnt\system32\wups2.dll
+ 2007-04-06 18:16 . 2009-08-06 18:24 35552 c:\winnt\system32\wups.dll
+ 2006-02-17 19:01 . 2009-08-06 18:24 53472 c:\winnt\system32\wuauclt.exe
+ 2001-06-26 16:56 . 2001-06-26 16:56 65585 c:\winnt\system32\wshext.dll
+ 2001-06-26 16:59 . 2001-06-26 16:59 28721 c:\winnt\system32\wshcon.dll
- 2001-06-26 17:59 . 2001-06-26 17:59 28721 c:\winnt\system32\wshcon.dll
+ 2003-07-14 12:00 . 2006-08-17 13:14 98064 c:\winnt\system32\WKSSVC.DLL
+ 2003-07-14 12:00 . 2009-04-24 09:54 95504 c:\winnt\system32\WIN32SPL.DLL
+ 2003-07-14 12:00 . 2005-09-02 09:24 94480 c:\winnt\system32\UMPNPMGR.DLL
- 1999-11-30 23:39 . 2003-07-14 12:00 12560 c:\winnt\system32\tsbyuv.dll
+ 1999-11-30 23:39 . 2009-11-24 08:13 12560 c:\winnt\system32\tsbyuv.dll
+ 2006-02-17 19:01 . 2007-08-17 06:48 33552 c:\winnt\system32\tifflt.dll
- 2006-02-17 19:01 . 2003-07-14 12:00 33552 c:\winnt\system32\tifflt.dll
+ 2003-07-14 12:00 . 2009-01-08 16:20 80656 c:\winnt\system32\telnet.exe
+ 2007-04-06 21:19 . 2007-01-05 07:49 22752 c:\winnt\system32\spupdsvc.exe
- 2007-04-06 21:19 . 2005-06-28 08:21 22752 c:\winnt\system32\spupdsvc.exe
+ 2003-07-14 12:00 . 2005-07-12 04:59 47376 c:\winnt\system32\spoolsv.exe
+ 2003-07-14 12:00 . 2005-07-13 07:22 81168 c:\winnt\system32\spoolss.dll
+ 2006-03-22 23:43 . 2007-07-27 22:11 16760 c:\winnt\system32\spmsg.dll
+ 2010-05-21 12:57 . 2009-08-06 18:24 44768 c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2010-05-21 12:57 . 2009-08-06 18:24 35552 c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 22528 c:\winnt\system32\shfolder.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 50688 c:\winnt\system32\setupwbv.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 50688 c:\winnt\system32\setupwbv.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 18704 c:\winnt\system32\sendmail.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 18704 c:\winnt\system32\sendmail.dll
+ 2009-02-04 04:20 . 2009-02-04 04:20 47376 c:\winnt\system32\secur32.dll
+ 2009-10-09 06:21 . 2009-10-09 06:21 61200 c:\winnt\system32\RASCHAP.DLL
+ 2004-10-05 09:43 . 2004-10-05 09:43 17408 c:\winnt\system32\qmgrprxy.dll
+ 2003-05-02 00:39 . 2003-05-02 00:39 96528 c:\winnt\system32\polagent.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 34816 c:\winnt\system32\pngfilt.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 34816 c:\winnt\system32\PNGFILT.DLL
+ 2010-11-12 09:30 . 2010-11-12 09:30 16384 c:\winnt\system32\Perflib_Perfdata_c98.dat
+ 2011-02-10 01:35 . 2011-02-10 01:35 16384 c:\winnt\system32\Perflib_Perfdata_4c8.dat
+ 2011-03-26 22:36 . 2011-03-26 22:36 16384 c:\winnt\system32\Perflib_Perfdata_4c4.dat
+ 2010-05-21 03:09 . 2010-05-21 03:09 16384 c:\winnt\system32\Perflib_Perfdata_4c0.dat
+ 2011-03-26 19:11 . 2011-03-26 19:11 16384 c:\winnt\system32\Perflib_Perfdata_498.dat
+ 2010-05-23 01:40 . 2010-05-23 01:40 16384 c:\winnt\system32\Perflib_Perfdata_478.dat
+ 2010-05-22 09:44 . 2010-05-22 09:44 16384 c:\winnt\system32\Perflib_Perfdata_3d0.dat
+ 2010-07-02 10:22 . 2010-07-02 10:22 16384 c:\winnt\system32\Perflib_Perfdata_3cc.dat
+ 2010-05-23 12:25 . 2010-05-23 12:25 16384 c:\winnt\system32\Perflib_Perfdata_3c8.dat
+ 2010-10-23 10:07 . 2010-10-23 10:07 16384 c:\winnt\system32\Perflib_Perfdata_3bc.dat
+ 2011-03-08 08:05 . 2011-03-08 08:05 16384 c:\winnt\system32\Perflib_Perfdata_3ac.dat
- 2010-01-14 03:03 . 2010-01-14 03:03 16384 c:\winnt\system32\Perflib_Perfdata_3ac.dat
+ 2010-07-31 10:24 . 2010-07-31 10:24 16384 c:\winnt\system32\Perflib_Perfdata_39c.dat
+ 2011-03-27 00:49 . 2011-03-27 00:49 16384 c:\winnt\system32\Perflib_Perfdata_338.dat
+ 2010-06-16 06:55 . 2010-06-16 06:55 16384 c:\winnt\system32\Perflib_Perfdata_2dc.dat
+ 2010-06-02 21:09 . 2010-06-02 21:09 16384 c:\winnt\system32\Perflib_Perfdata_2d4.dat
+ 2011-03-26 22:12 . 2011-03-26 22:12 16384 c:\winnt\system32\Perflib_Perfdata_2cc.dat
+ 2010-06-10 07:13 . 2010-06-10 07:13 16384 c:\winnt\system32\Perflib_Perfdata_2c8.dat
+ 2010-06-24 08:54 . 2010-06-24 08:54 16384 c:\winnt\system32\Perflib_Perfdata_2c4.dat
+ 2010-06-13 15:51 . 2010-06-13 15:51 16384 c:\winnt\system32\Perflib_Perfdata_2b8.dat
+ 2010-06-09 01:57 . 2010-06-09 01:57 16384 c:\winnt\system32\Perflib_Perfdata_2b0.dat
+ 2010-10-30 10:28 . 2010-10-30 10:28 16384 c:\winnt\system32\Perflib_Perfdata_2ac.dat
+ 2010-07-08 09:18 . 2010-07-08 09:18 16384 c:\winnt\system32\Perflib_Perfdata_2a0.dat
+ 2010-05-21 02:03 . 2010-05-21 02:03 16384 c:\winnt\system32\Perflib_Perfdata_298.dat
+ 2010-11-06 17:17 . 2010-11-06 17:17 16384 c:\winnt\system32\Perflib_Perfdata_290.dat
+ 2010-10-31 11:31 . 2010-10-31 11:31 16384 c:\winnt\system32\Perflib_Perfdata_28c.dat
+ 2011-01-23 18:09 . 2011-01-23 18:09 16384 c:\winnt\system32\Perflib_Perfdata_288.dat
+ 2011-02-22 10:06 . 2011-02-22 10:06 16384 c:\winnt\system32\Perflib_Perfdata_284.dat
+ 2011-03-25 02:17 . 2011-03-25 02:17 16384 c:\winnt\system32\Perflib_Perfdata_280.dat
+ 2011-03-26 22:05 . 2011-03-26 22:05 16384 c:\winnt\system32\Perflib_Perfdata_27c.dat
+ 2011-01-26 08:22 . 2011-01-26 08:22 16384 c:\winnt\system32\Perflib_Perfdata_274.dat
+ 2011-03-26 22:11 . 2011-03-26 22:11 16384 c:\winnt\system32\Perflib_Perfdata_260.dat
+ 2011-03-27 00:27 . 2011-03-27 00:27 16384 c:\winnt\system32\Perflib_Perfdata_25c.dat
+ 2011-03-26 23:44 . 2011-03-26 23:44 16384 c:\winnt\system32\Perflib_Perfdata_254.dat
+ 2010-07-10 09:39 . 2010-07-10 09:39 16384 c:\winnt\system32\Perflib_Perfdata_15c.dat
+ 2010-07-25 12:53 . 2010-07-25 12:53 16384 c:\winnt\system32\Perflib_Perfdata_158.dat
+ 2010-08-28 10:25 . 2010-08-28 10:25 16384 c:\winnt\system32\Perflib_Perfdata_154.dat
- 2003-07-14 12:00 . 2005-02-17 08:57 36624 c:\winnt\system32\OLECNV32.DLL
+ 2003-07-14 12:00 . 2005-09-05 08:18 36624 c:\winnt\system32\OLECNV32.DLL
- 2005-02-22 04:25 . 2005-02-22 04:25 69392 c:\winnt\system32\olecli32.dll
+ 2010-06-28 13:49 . 2005-02-22 04:25 69392 c:\winnt\system32\olecli32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\odtext32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\odtext32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\odpdx32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\odpdx32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\odfox32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\odfox32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\odexl32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\odexl32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\oddbse32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\oddbse32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 53520 c:\winnt\system32\odbcji32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 53520 c:\winnt\system32\odbcji32.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 87552 c:\winnt\system32\occache.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 87552 c:\winnt\system32\occache.dll
+ 2003-07-14 12:00 . 2005-08-22 09:20 61200 c:\winnt\system32\NWWKS.DLL
+ 2003-07-14 12:00 . 2006-09-01 05:49 64784 c:\winnt\system32\NWAPI32.DLL
- 2003-07-14 12:00 . 2003-07-14 12:00 64784 c:\winnt\system32\nwapi32.dll
- 2004-03-11 13:29 . 2004-03-11 13:29 52496 c:\winnt\system32\mtxclu.dll
+ 2010-05-25 11:44 . 2008-06-25 12:33 52496 c:\winnt\system32\mtxclu.dll
+ 2009-03-28 06:06 . 2009-11-24 16:24 16896 c:\winnt\system32\msyuv.dll
- 2009-03-28 06:06 . 2004-07-09 02:58 16896 c:\winnt\system32\msyuv.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 44032 c:\winnt\system32\msxml3r.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 44032 c:\winnt\system32\msxml3r.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 24576 c:\winnt\system32\msxml3a.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 24576 c:\winnt\system32\msxml3a.dll
+ 2009-10-13 11:17 . 2009-10-13 11:17 64784 c:\winnt\system32\mswsock.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 28432 c:\winnt\system32\msvidc32.dll
+ 2000-04-26 13:34 . 2000-04-26 13:34 44304 c:\winnt\system32\msrpfs35.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 11024 c:\winnt\system32\msrle32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 11024 c:\winnt\system32\msrle32.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 59904 c:\winnt\system32\msratelc.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 59904 c:\winnt\system32\msratelc.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 91136 c:\winnt\system32\msoert2.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 91136 c:\winnt\system32\MSOERT2.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:02 60192 c:\winnt\system32\msjter40.dll
+ 1997-07-31 23:00 . 1998-04-24 00:00 24848 c:\winnt\system32\MSJTER35.DLL
- 1997-07-31 23:00 . 1997-06-23 09:06 24848 c:\winnt\system32\msjter35.dll
+ 2003-07-14 12:00 . 2005-05-04 13:45 15360 c:\winnt\system32\msisip.dll
+ 2003-07-14 12:00 . 2005-05-04 13:45 78848 c:\winnt\system32\msiexec.exe
+ 2002-08-29 06:14 . 2002-08-29 06:14 14848 c:\winnt\system32\msidntld.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 14848 c:\winnt\system32\msidntld.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 44032 c:\winnt\system32\msident.dll
+ 2002-08-29 06:14 . 2009-12-17 09:58 44032 c:\winnt\system32\MSIDENT.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 56320 c:\winnt\system32\mshtmler.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 56320 c:\winnt\system32\mshtmler.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 24576 c:\winnt\system32\mshta.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 24576 c:\winnt\system32\mshta.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 95744 c:\winnt\system32\msencode.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 95744 c:\winnt\system32\msencode.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 96016 c:\winnt\system32\msdtclog.dll
- 2006-02-17 19:01 . 2006-04-23 08:01 96016 c:\winnt\system32\msdtclog.dll
+ 2008-06-25 12:51 . 2008-06-25 12:51 69904 c:\winnt\system32\mscms.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 69904 c:\winnt\system32\mscms.dll
+ 2003-07-14 12:00 . 2009-09-05 06:36 55056 c:\winnt\system32\msasn1.dll
+ 2007-04-16 12:44 . 2007-04-16 12:44 54032 c:\winnt\system32\mpr.dll
+ 2007-03-06 11:17 . 2007-03-06 11:17 38160 c:\winnt\system32\mf3216.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 82192 c:\winnt\system32\MCIAVI32.DLL
- 2003-07-14 12:00 . 2003-07-14 12:00 82192 c:\winnt\system32\mciavi32.dll
+ 2010-10-15 08:04 . 2010-08-12 12:15 15880 c:\winnt\system32\lsdelete.exe
- 2010-01-16 05:10 . 2009-12-02 13:19 15880 c:\winnt\system32\lsdelete.exe
+ 2005-09-23 11:03 . 2005-09-23 11:03 17680 c:\winnt\system32\linkinfo.dll
+ 2002-08-29 06:14 . 2010-04-14 15:17 12288 c:\winnt\system32\JSPROXY.DLL
+ 2006-02-17 19:01 . 2007-08-17 06:48 39184 c:\winnt\system32\jpeg2x32.dll
+ 2000-04-26 13:34 . 2000-04-26 13:34 39424 c:\winnt\system32\JETCOMP.exe
- 2003-07-14 12:00 . 2003-07-14 12:00 29456 c:\winnt\system32\ipsecmon.exe
+ 2003-04-21 18:19 . 2003-04-21 18:19 29456 c:\winnt\system32\ipsecmon.exe
+ 2006-05-19 09:18 . 2006-05-19 09:18 68368 c:\winnt\system32\IPHLPAPI.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 69632 c:\winnt\system32\inseng.dll
+ 2002-08-29 06:14 . 2010-04-14 15:16 69632 c:\winnt\system32\INSENG.DLL
+ 2002-08-29 06:06 . 2009-12-17 09:59 47616 c:\winnt\system32\INETRES.DLL
- 2002-08-29 07:06 . 2002-08-29 07:06 47616 c:\winnt\system32\inetres.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 30720 c:\winnt\system32\imgutil.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 57856 c:\winnt\system32\iesetup.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 57856 c:\winnt\system32\iesetup.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 28672 c:\winnt\system32\ie4uinit.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 28672 c:\winnt\system32\ie4uinit.exe
+ 2003-07-14 12:00 . 2006-07-21 15:08 72704 c:\winnt\system32\hlink.dll
+ 2003-07-14 12:00 . 2005-04-21 14:16 38912 c:\winnt\system32\hhsetup.dll
+ 2003-07-14 12:00 . 2009-10-15 08:53 81168 c:\winnt\system32\fontsub.dll
+ 2010-10-13 23:20 . 2010-08-12 12:15 64288 c:\winnt\system32\DRVSTORE\lbd_9C578CA880A99903668A8694DEFB21244E9C4C62\Lbd.sys
+ 2010-07-10 11:29 . 2006-05-19 10:51 33360 c:\winnt\system32\DRVSTORE\ftdiportad_350623C56B97DFD1EB0CF43C088F965E0305F4FD\ftserui2.dll
+ 2010-07-10 11:29 . 2006-05-18 08:49 61067 c:\winnt\system32\DRVSTORE\ftdiportad_350623C56B97DFD1EB0CF43C088F965E0305F4FD\ftser2k.sys
+ 2010-07-10 11:29 . 2006-05-18 08:54 20196 c:\winnt\system32\DRVSTORE\ftdiportad_350623C56B97DFD1EB0CF43C088F965E0305F4FD\ftcserco.dll
+ 2010-07-10 11:29 . 2006-05-18 08:48 47249 c:\winnt\system32\DRVSTORE\ftdibusad_41D0094FD82F5ACEF718F53EE402A5C1DA98AD8F\ftdibus.sys
+ 2010-07-21 16:06 . 2010-07-21 16:06 92544 c:\winnt\system32\drivers\USBSnpys.sys
+ 2010-07-21 16:06 . 2010-07-21 16:06 23972 c:\winnt\system32\drivers\USBSnoop.sys
+ 2010-10-13 02:17 . 2010-10-13 02:17 95024 c:\winnt\system32\drivers\SBREDrv.sys
+ 2010-10-28 15:28 . 2010-12-20 18:09 38224 c:\winnt\system32\drivers\mbamswissarmy.sys
+ 2010-10-28 15:28 . 2010-12-20 18:08 19288 c:\winnt\system32\drivers\mbam.sys
- 2009-12-12 23:30 . 2009-12-02 13:19 64288 c:\winnt\system32\drivers\Lbd.sys
+ 2010-10-13 23:20 . 2010-08-12 12:15 64288 c:\winnt\system32\drivers\Lbd.sys
+ 2003-04-21 18:19 . 2003-04-21 18:19 80848 c:\winnt\system32\drivers\ipsec.sys
+ 2008-03-25 07:21 . 2010-06-02 21:37 29584 c:\winnt\system32\drivers\avgmfx86.sys
+ 2010-07-21 17:20 . 2009-03-02 17:08 19744 c:\winnt\system32\drivers\ausbmon.sys
+ 2009-04-20 20:30 . 2009-04-20 20:30 98064 c:\winnt\system32\dnsrslvr.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 19216 c:\winnt\system32\dllcache\xolehlp.dll
- 2006-02-17 19:01 . 2006-04-23 08:01 19216 c:\winnt\system32\dllcache\xolehlp.dll
+ 2006-02-17 19:01 . 2009-08-06 18:24 53472 c:\winnt\system32\dllcache\wuauclt.exe
- 2001-06-26 17:56 . 2001-06-26 17:56 65585 c:\winnt\system32\dllcache\wshext.dll
+ 2001-06-26 16:56 . 2001-06-26 16:56 65585 c:\winnt\system32\dllcache\wshext.dll
- 2001-06-26 17:59 . 2001-06-26 17:59 28721 c:\winnt\system32\dllcache\wshcon.dll
+ 2001-06-26 16:59 . 2001-06-26 16:59 28721 c:\winnt\system32\dllcache\wshcon.dll
+ 2003-07-14 12:00 . 2006-08-17 13:14 98064 c:\winnt\system32\dllcache\wkssvc.dll
+ 2003-07-14 12:00 . 2009-04-24 09:54 95504 c:\winnt\system32\dllcache\win32spl.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 27648 c:\winnt\system32\dllcache\wabmig.exe
+ 2002-08-29 06:06 . 2009-12-17 09:59 27648 c:\winnt\system32\dllcache\WABMIG.EXE
+ 2002-08-29 06:06 . 2009-12-17 09:59 77824 c:\winnt\system32\dllcache\WABIMP.DLL
+ 2002-08-29 06:06 . 2009-12-17 09:59 30208 c:\winnt\system32\dllcache\WABFIND.DLL
- 2002-08-29 07:06 . 2002-08-29 07:06 30208 c:\winnt\system32\dllcache\wabfind.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 42496 c:\winnt\system32\dllcache\wab.exe
+ 2002-08-29 06:06 . 2009-12-17 09:59 42496 c:\winnt\system32\dllcache\WAB.EXE
+ 2010-05-25 12:14 . 2006-03-18 09:51 21264 c:\winnt\system32\dllcache\verclsid.exe
+ 2003-07-14 12:00 . 2005-09-02 09:24 94480 c:\winnt\system32\dllcache\umpnpmgr.dll
+ 2009-11-24 08:13 . 2009-11-24 08:13 12560 c:\winnt\system32\dllcache\tsbyuv.dll
+ 2006-02-17 19:01 . 2007-08-17 06:48 33552 c:\winnt\system32\dllcache\tifflt.dll
- 2006-02-17 19:01 . 2003-07-14 12:00 33552 c:\winnt\system32\dllcache\tifflt.dll
+ 2003-07-14 12:00 . 2009-01-08 16:20 80656 c:\winnt\system32\dllcache\telnet.exe
+ 2003-07-14 12:00 . 2005-07-12 04:59 47376 c:\winnt\system32\dllcache\spoolsv.exe
+ 2003-07-14 12:00 . 2005-07-13 07:22 81168 c:\winnt\system32\dllcache\spoolss.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 22528 c:\winnt\system32\dllcache\shfolder.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 22528 c:\winnt\system32\dllcache\shfolder.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 67584 c:\winnt\system32\dllcache\setup50.exe
+ 2002-08-29 06:06 . 2002-08-29 06:06 67584 c:\winnt\system32\dllcache\setup50.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 18704 c:\winnt\system32\dllcache\sendmail.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 18704 c:\winnt\system32\dllcache\sendmail.dll
+ 2003-07-14 12:00 . 2009-02-04 04:20 47376 c:\winnt\system32\dllcache\secur32.dll
+ 2003-07-14 12:00 . 2009-10-09 06:21 61200 c:\winnt\system32\dllcache\RASCHAP.DLL
+ 2004-10-05 09:43 . 2004-10-05 09:43 17408 c:\winnt\system32\dllcache\qmgrprxy.dll
+ 2003-05-02 00:39 . 2003-05-02 00:39 96528 c:\winnt\system32\dllcache\polagent.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 34816 c:\winnt\system32\dllcache\PNGFILT.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 34816 c:\winnt\system32\dllcache\pngfilt.dll
- 2003-07-14 12:00 . 2005-02-17 08:57 36624 c:\winnt\system32\dllcache\olecnv32.dll
+ 2003-07-14 12:00 . 2005-09-05 08:18 36624 c:\winnt\system32\dllcache\olecnv32.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 31744 c:\winnt\system32\dllcache\OEMIGLIB.DLL
+ 2002-08-29 06:06 . 2009-12-17 09:59 55808 c:\winnt\system32\dllcache\OEMIG50.EXE
- 2002-08-29 07:06 . 2002-08-29 07:06 55808 c:\winnt\system32\dllcache\oemig50.exe
+ 2002-08-29 06:06 . 2009-12-17 09:59 93184 c:\winnt\system32\dllcache\OEIMPORT.DLL
- 2002-08-29 07:06 . 2002-08-29 07:06 93184 c:\winnt\system32\dllcache\oeimport.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\dllcache\odtext32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\dllcache\odtext32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\dllcache\odpdx32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\dllcache\odpdx32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\dllcache\odfox32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\dllcache\odfox32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\dllcache\odexl32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\dllcache\odexl32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 20752 c:\winnt\system32\dllcache\oddbse32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 20752 c:\winnt\system32\dllcache\oddbse32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 53520 c:\winnt\system32\dllcache\odbcji32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 53520 c:\winnt\system32\dllcache\odbcji32.dll
+ 2003-10-28 12:44 . 2003-10-28 12:44 24848 c:\winnt\system32\dllcache\odbcbcp.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 87552 c:\winnt\system32\dllcache\occache.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 87552 c:\winnt\system32\dllcache\occache.dll
+ 2003-07-14 12:00 . 2005-08-22 09:20 61200 c:\winnt\system32\dllcache\nwwks.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 64784 c:\winnt\system32\dllcache\nwapi32.dll
+ 2003-07-14 12:00 . 2006-09-01 05:49 64784 c:\winnt\system32\dllcache\nwapi32.dll
- 2003-07-14 12:00 . 2004-03-11 13:29 52496 c:\winnt\system32\dllcache\mtxclu.dll
+ 2003-07-14 12:00 . 2008-06-25 12:33 52496 c:\winnt\system32\dllcache\mtxclu.dll
+ 2009-03-28 06:06 . 2009-11-24 16:24 16896 c:\winnt\system32\dllcache\msyuv.dll
- 2009-03-28 06:06 . 2004-07-09 02:58 16896 c:\winnt\system32\dllcache\msyuv.dll
- 2004-07-06 20:11 . 2004-07-06 20:11 44032 c:\winnt\system32\dllcache\msxml3r.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 44032 c:\winnt\system32\dllcache\msxml3r.dll
+ 2003-07-14 12:00 . 2009-10-13 11:17 64784 c:\winnt\system32\dllcache\mswsock.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 28432 c:\winnt\system32\dllcache\msvidc32.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 11024 c:\winnt\system32\dllcache\msrle32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 11024 c:\winnt\system32\dllcache\msrle32.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 59904 c:\winnt\system32\dllcache\msratelc.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 59904 c:\winnt\system32\dllcache\msratelc.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 91136 c:\winnt\system32\dllcache\MSOERT2.DLL
- 2002-08-29 07:06 . 2002-08-29 07:06 91136 c:\winnt\system32\dllcache\msoert2.dll
+ 2003-07-14 12:00 . 2008-03-27 07:02 60192 c:\winnt\system32\dllcache\msjter40.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 94240 c:\winnt\system32\dllcache\msjro.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 56832 c:\winnt\system32\dllcache\MSIMN.EXE
+ 2003-07-14 12:00 . 2005-05-04 13:45 78848 c:\winnt\system32\dllcache\msiexec.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 14848 c:\winnt\system32\dllcache\msidntld.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 14848 c:\winnt\system32\dllcache\msidntld.dll
+ 2002-08-29 06:14 . 2009-12-17 09:58 44032 c:\winnt\system32\dllcache\MSIDENT.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 44032 c:\winnt\system32\dllcache\msident.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 56320 c:\winnt\system32\dllcache\mshtmler.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 56320 c:\winnt\system32\dllcache\mshtmler.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 24576 c:\winnt\system32\dllcache\mshta.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 24576 c:\winnt\system32\dllcache\mshta.exe
+ 2006-02-17 19:01 . 2008-06-25 12:33 96016 c:\winnt\system32\dllcache\msdtclog.dll
- 2006-02-17 19:01 . 2006-04-23 08:01 96016 c:\winnt\system32\dllcache\msdtclog.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 69904 c:\winnt\system32\dllcache\mscms.dll
+ 2003-07-14 12:00 . 2008-06-25 12:51 69904 c:\winnt\system32\dllcache\mscms.dll
+ 2003-07-14 12:00 . 2009-09-05 06:36 55056 c:\winnt\system32\dllcache\msasn1.dll
+ 2008-07-13 16:47 . 2006-11-29 08:31 57616 c:\winnt\system32\dllcache\msadcs.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 23824 c:\winnt\system32\dllcache\mqupgrd.dll
- 2008-07-13 16:54 . 2005-01-12 11:39 23824 c:\winnt\system32\dllcache\mqupgrd.dll
- 2008-07-13 16:54 . 2003-07-14 12:00 14096 c:\winnt\system32\dllcache\mqsvc.exe
+ 2007-10-16 13:51 . 2007-10-16 13:51 14096 c:\winnt\system32\dllcache\mqsvc.exe
- 2008-07-13 16:54 . 2005-01-12 11:39 70928 c:\winnt\system32\dllcache\mqsec.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 70928 c:\winnt\system32\dllcache\mqsec.dll
- 2008-07-13 16:54 . 2005-01-12 11:39 10000 c:\winnt\system32\dllcache\mqperf.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 10000 c:\winnt\system32\dllcache\mqperf.dll
- 2008-07-13 16:54 . 2003-12-21 23:56 98064 c:\winnt\system32\dllcache\mqmig.exe
+ 2007-10-16 13:51 . 2007-10-16 13:51 98064 c:\winnt\system32\dllcache\mqmig.exe
+ 2007-10-17 07:22 . 2007-10-17 07:22 96016 c:\winnt\system32\dllcache\mqlogmgr.dll
- 2008-07-13 16:51 . 2005-01-12 11:39 42256 c:\winnt\system32\dllcache\mqdssrv.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 42256 c:\winnt\system32\dllcache\mqdssrv.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 77072 c:\winnt\system32\dllcache\mqdscli.dll
- 2008-07-13 16:54 . 2003-07-14 12:00 29968 c:\winnt\system32\dllcache\mqdbodbc.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 29968 c:\winnt\system32\dllcache\mqdbodbc.dll
- 2005-01-12 11:39 . 2005-01-12 11:39 50448 c:\winnt\system32\dllcache\mqclus.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 50448 c:\winnt\system32\dllcache\mqclus.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 29456 c:\winnt\system32\dllcache\mqcertui.dll
- 2008-07-13 16:54 . 2003-07-14 12:00 29456 c:\winnt\system32\dllcache\mqcertui.dll
- 2008-07-13 16:54 . 2003-07-14 12:00 25360 c:\winnt\system32\dllcache\mqbkup.exe
+ 2007-10-16 13:51 . 2007-10-16 13:51 25360 c:\winnt\system32\dllcache\mqbkup.exe
+ 2008-07-13 16:54 . 2007-10-16 13:51 77712 c:\winnt\system32\dllcache\mqac.sys
+ 2007-10-16 13:51 . 2007-10-16 13:51 14096 c:\winnt\system32\dllcache\mq1sync.exe
- 2008-07-13 16:54 . 2003-12-21 23:56 14096 c:\winnt\system32\dllcache\mq1sync.exe
+ 2007-04-16 12:44 . 2007-04-16 12:44 54032 c:\winnt\system32\dllcache\mpr.dll
+ 2007-03-06 11:17 . 2007-03-06 11:17 38160 c:\winnt\system32\dllcache\mf3216.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 82192 c:\winnt\system32\dllcache\mciavi32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 82192 c:\winnt\system32\dllcache\mciavi32.dll
+ 2008-07-13 16:48 . 2008-06-19 06:39 65055 c:\winnt\system32\dllcache\logagent.exe
+ 2003-07-14 12:00 . 2005-09-23 11:03 17680 c:\winnt\system32\dllcache\linkinfo.dll
+ 2007-05-11 07:42 . 2007-05-11 07:42 73488 c:\winnt\system32\dllcache\kodakprv.exe
+ 2002-08-29 06:14 . 2010-04-14 15:17 12288 c:\winnt\system32\dllcache\JSPROXY.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 12288 c:\winnt\system32\dllcache\jsproxy.dll
+ 2007-08-17 06:48 . 2007-08-17 06:48 39184 c:\winnt\system32\dllcache\jpeg2x32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 29456 c:\winnt\system32\dllcache\ipsecmon.exe
+ 2003-04-21 18:19 . 2003-04-21 18:19 29456 c:\winnt\system32\dllcache\ipsecmon.exe
+ 2003-04-21 18:19 . 2003-04-21 18:19 80848 c:\winnt\system32\dllcache\ipsec.sys
+ 2003-07-14 12:00 . 2006-05-19 09:18 68368 c:\winnt\system32\dllcache\iphlpapi.dll
+ 2002-08-29 06:14 . 2010-04-14 15:16 69632 c:\winnt\system32\dllcache\INSENG.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 69632 c:\winnt\system32\dllcache\inseng.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 47616 c:\winnt\system32\dllcache\INETRES.DLL
- 2002-08-29 07:06 . 2002-08-29 07:06 47616 c:\winnt\system32\dllcache\inetres.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 30720 c:\winnt\system32\dllcache\imgutil.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 30720 c:\winnt\system32\dllcache\imgutil.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 91136 c:\winnt\system32\dllcache\iexplore.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 57856 c:\winnt\system32\dllcache\iesetup.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 57856 c:\winnt\system32\dllcache\iesetup.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 28672 c:\winnt\system32\dllcache\ie4uinit.exe
- 2002-08-29 07:14 . 2002-08-29 07:14 28672 c:\winnt\system32\dllcache\ie4uinit.exe
+ 2003-07-14 12:00 . 2006-07-21 15:08 72704 c:\winnt\system32\dllcache\hlink.dll
+ 2003-07-14 12:00 . 2005-04-21 14:16 38912 c:\winnt\system32\dllcache\hhsetup.dll
+ 2003-07-14 12:00 . 2005-04-15 01:08 10752 c:\winnt\system32\dllcache\hh.exe
- 2003-07-14 12:00 . 2003-07-14 12:00 10752 c:\winnt\system32\dllcache\hh.exe
+ 2003-07-14 12:00 . 2009-10-15 08:53 81168 c:\winnt\system32\dllcache\fontsub.dll
+ 2009-04-20 20:30 . 2009-04-20 20:30 98064 c:\winnt\system32\dllcache\dnsrslvr.dll
- 2001-06-26 16:42 . 2001-06-26 16:42 45105 c:\winnt\system32\dllcache\dispex.dll
+ 2001-06-26 15:42 . 2001-06-26 15:42 45105 c:\winnt\system32\dllcache\dispex.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 75776 c:\winnt\system32\dllcache\DIRECTDB.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 55296 c:\winnt\system32\dllcache\digest.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 55296 c:\winnt\system32\dllcache\digest.dll
+ 2003-07-14 12:00 . 2006-05-19 09:18 89872 c:\winnt\system32\dllcache\dhcpcsvc.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 86016 c:\winnt\system32\dllcache\csseqchk.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 86016 c:\winnt\system32\dllcache\csseqchk.dll
- 2003-07-14 12:00 . 2005-01-13 01:09 35088 c:\winnt\system32\dllcache\csrsrv.dll
+ 2003-07-14 12:00 . 2009-12-14 07:10 35088 c:\winnt\system32\dllcache\csrsrv.dll
+ 2003-06-19 11:05 . 2003-06-19 11:05 90384 c:\winnt\system32\dllcache\cryptdlg.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 16384 c:\winnt\system32\dllcache\corpol.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 16384 c:\winnt\system32\dllcache\corpol.dll
+ 2003-07-14 12:00 . 2009-08-06 18:24 96480 c:\winnt\system32\dllcache\cdm.dll
+ 2003-07-14 12:00 . 2010-01-13 13:46 33552 c:\winnt\system32\dllcache\cabview.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 71680 c:\winnt\system32\dllcache\browsewm.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 71680 c:\winnt\system32\dllcache\browsewm.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 62976 c:\winnt\system32\dllcache\browselc.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 62976 c:\winnt\system32\dllcache\browselc.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 78608 c:\winnt\system32\dllcache\avifil32.dll
+ 2003-07-14 12:00 . 2009-11-24 08:13 78608 c:\winnt\system32\dllcache\avifil32.dll
+ 2003-07-14 12:00 . 2009-08-05 05:04 90164 c:\winnt\system32\dllcache\atl.dll
+ 2007-06-25 06:25 . 2007-06-25 06:25 53008 c:\winnt\system32\dllcache\agentdpv.dll
+ 2003-07-14 12:00 . 2006-08-24 08:07 41744 c:\winnt\system32\dllcache\agentdp2.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 91136 c:\winnt\system32\dllcache\advpack.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 91136 c:\winnt\system32\dllcache\advpack.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 98816 c:\winnt\system32\dllcache\actxprxy.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 98816 c:\winnt\system32\dllcache\actxprxy.dll
+ 2002-08-29 06:06 . 2002-08-29 06:06 64512 c:\winnt\system32\dllcache\acctres.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 64512 c:\winnt\system32\dllcache\acctres.dll
+ 2001-06-26 15:42 . 2001-06-26 15:42 45105 c:\winnt\system32\dispex.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 55296 c:\winnt\system32\digest.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 55296 c:\winnt\system32\digest.dll
+ 2003-07-14 12:00 . 2006-05-19 09:18 89872 c:\winnt\system32\DHCPCSVC.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 86016 c:\winnt\system32\csseqchk.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 86016 c:\winnt\system32\csseqchk.dll
+ 2003-07-14 12:00 . 2009-12-14 07:10 35088 c:\winnt\system32\CSRSRV.DLL
- 2003-07-14 12:00 . 2005-01-13 01:09 35088 c:\winnt\system32\CSRSRV.DLL
+ 2003-06-19 11:05 . 2003-06-19 11:05 90384 c:\winnt\system32\CRYPTDLG.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 16384 c:\winnt\system32\corpol.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 16384 c:\winnt\system32\corpol.dll
+ 2010-05-20 20:12 . 2010-05-20 20:12 57344 c:\winnt\system32\COMMTB32.DLL
+ 2010-05-20 20:12 . 2010-05-20 20:12 53325 c:\winnt\system32\CEUTIL.DLL
+ 2003-07-14 12:00 . 2009-08-06 18:24 96480 c:\winnt\system32\cdm.dll
+ 2003-07-14 12:00 . 2010-01-13 13:46 33552 c:\winnt\system32\cabview.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 71680 c:\winnt\system32\browsewm.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 71680 c:\winnt\system32\browsewm.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 62976 c:\winnt\system32\browselc.dll
+ 2009-11-24 08:13 . 2009-11-24 08:13 78608 c:\winnt\system32\avifil32.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 78608 c:\winnt\system32\avifil32.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 84992 c:\winnt\system32\ATL70.DLL
+ 2009-08-05 05:04 . 2009-08-05 05:04 90164 c:\winnt\system32\atl.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 91136 c:\winnt\system32\advpack.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 98816 c:\winnt\system32\actxprxy.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 98816 c:\winnt\system32\actxprxy.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 64512 c:\winnt\system32\acctres.dll
+ 2002-08-29 06:06 . 2002-08-29 06:06 64512 c:\winnt\system32\acctres.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 65536 c:\winnt\system32\A3d.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 49211 c:\winnt\php_mysql.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 20480 c:\winnt\P17DEF.EXE
- 2003-09-20 04:53 . 2003-09-19 20:53 64512 c:\winnt\msiinst.tmp\msiexec.exe
+ 2003-09-20 04:53 . 2003-09-20 04:53 64512 c:\winnt\msiinst.tmp\msiexec.exe
+ 2007-06-25 06:25 . 2007-06-25 06:25 53008 c:\winnt\msagent\agentdpv.dll
+ 2003-07-14 12:00 . 2006-08-24 08:07 41744 c:\winnt\msagent\agentdp2.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 49152 c:\winnt\MIDIDEF.EXE
+ 2010-07-05 22:20 . 2010-07-05 22:20 28672 c:\winnt\Installer\{2BC0F783-5ED7-45E9-83B3-0BE59C94BDFB}\_339735733B97_4E7C_A0F2_23ABE980159A.exe
+ 2010-05-20 20:11 . 2010-05-20 20:11 11264 c:\winnt\INRES.DLL
- 2003-07-14 12:00 . 2003-07-14 12:00 10752 c:\winnt\hh.exe
+ 2003-07-14 12:00 . 2005-04-15 01:08 10752 c:\winnt\hh.exe
+ 2009-11-24 08:13 . 2009-11-24 08:13 12560 c:\winnt\Driver Cache\i386\tsbyuv.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 40960 c:\winnt\Crystal\U2FWKS.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 90112 c:\winnt\Crystal\U2FTEXT.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 36864 c:\winnt\Crystal\U2FSEPV.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 45056 c:\winnt\Crystal\U2FHTML.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 36864 c:\winnt\Crystal\U2FDIF.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 28672 c:\winnt\Crystal\U2FCR.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 57344 c:\winnt\Crystal\u2dvim.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 53248 c:\winnt\Crystal\u2dnotes.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 40960 c:\winnt\Crystal\U2DMAPI.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 28672 c:\winnt\Crystal\U2DDISK.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 20752 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odtext32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 20752 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odpdx32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 20752 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odfox32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 20752 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odexl32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 20752 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\oddbse32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 53520 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbcji32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 94480 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msjro.dll
+ 2010-06-12 12:58 . 2006-10-13 15:50 43984 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\spuninst\iecustom.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 34816 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\pngfilt.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 12288 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\jsproxy.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 69632 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\inseng.dll
+ 2010-05-28 07:19 . 2006-10-13 14:50 43984 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\spuninst\iecustom.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 34816 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\pngfilt.dll
+ 2010-05-28 07:19 . 2003-07-14 12:00 13072 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\jsproxy.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 69632 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\inseng.dll
+ 2010-05-28 07:21 . 2003-07-14 12:00 31504 c:\winnt\$NtUninstallKB979309$\cabview.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 27648 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\wabmig.exe
+ 2010-05-28 07:22 . 2002-08-29 07:06 76800 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\wabimp.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 30208 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\wabfind.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 42496 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\wab.exe
+ 2010-05-28 07:22 . 2006-10-13 14:50 43984 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\spuninst\iecustom.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 32256 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\oemiglib.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 55808 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\oemig50.exe
+ 2010-05-28 07:22 . 2002-08-29 07:06 93184 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\oeimport.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 91136 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\msoert2.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 57344 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\msimn.exe
+ 2010-05-28 07:22 . 2002-08-29 07:14 44032 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\msident.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 47616 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\inetres.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 76288 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\directdb.dll
+ 2010-05-28 10:20 . 2005-01-13 01:09 35088 c:\winnt\$NtUninstallKB978037$\csrsrv.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 12560 c:\winnt\$NtUninstallKB977914$\tsbyuv.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 27920 c:\winnt\$NtUninstallKB977914$\msvidc32.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 11024 c:\winnt\$NtUninstallKB977914$\msrle32.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 82192 c:\winnt\$NtUninstallKB977914$\mciavi32.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 78608 c:\winnt\$NtUninstallKB977914$\avifil32.dll
+ 2010-05-28 10:30 . 2004-07-09 02:58 16896 c:\winnt\$NtUninstallKB975560_DX9$\msyuv.dll
+ 2010-05-28 07:21 . 2005-04-08 03:54 56592 c:\winnt\$NtUninstallKB974571$\msasn1.dll
+ 2010-05-28 10:22 . 2003-07-14 12:00 29456 c:\winnt\$NtUninstallKB974392$\ipsecmon.exe
+ 2010-05-28 10:22 . 2003-07-14 12:00 64304 c:\winnt\$NtUninstallKB974392$\ipsec.sys
+ 2010-05-28 07:22 . 2003-07-14 12:00 60688 c:\winnt\$NtUninstallKB974318$\raschap.dll
+ 2010-05-28 10:22 . 2003-07-14 12:00 74810 c:\winnt\$NtUninstallKB973507$\atl.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 78096 c:\winnt\$NtUninstallKB972270$\fontsub.dll
+ 2010-05-28 10:19 . 2003-07-14 12:00 97040 c:\winnt\$NtUninstallKB961501$\win32spl.dll
+ 2010-05-28 10:19 . 2005-04-08 03:54 83728 c:\winnt\$NtUninstallKB961501$\spoolss.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 80144 c:\winnt\$NtUninstallKB960859$\telnet.exe
+ 2010-05-28 10:23 . 2003-07-14 12:00 48912 c:\winnt\$NtUninstallKB959426$\secur32.dll
+ 2010-05-28 10:21 . 2006-10-13 15:50 43984 c:\winnt\$NtUninstallKB958869-IE6SP1-20090818.120000$\spuninst\iecustom.dll
+ 2010-05-28 07:20 . 2005-01-12 11:39 37136 c:\winnt\$NtUninstallKB956802$\mf3216.dll
+ 2010-05-28 10:22 . 2003-07-14 12:00 65296 c:\winnt\$NtUninstallKB954600_WM41$\logagent.exe
+ 2010-05-28 10:22 . 2003-07-14 12:00 69904 c:\winnt\$NtUninstallKB952954$\mscms.dll
+ 2010-05-28 07:31 . 2006-04-23 08:01 19216 c:\winnt\$NtUninstallKB952004$\xolehlp.dll
+ 2010-05-28 07:31 . 2006-04-23 08:01 52496 c:\winnt\$NtUninstallKB952004$\mtxclu.dll
+ 2010-05-28 07:31 . 2006-04-23 08:01 96016 c:\winnt\$NtUninstallKB952004$\msdtclog.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 64272 c:\winnt\$NtUninstallKB951748-V2$\mswsock.dll
+ 2010-05-28 10:24 . 2006-07-06 11:45 96528 c:\winnt\$NtUninstallKB951748-V2$\dnsrslvr.dll
+ 2010-05-28 07:22 . 2003-09-26 02:42 53520 c:\winnt\$NtUninstallKB950749$\msjter40.dll
+ 2010-05-28 07:27 . 2003-07-14 12:00 51984 c:\winnt\$NtUninstallKB938827$\agentdpv.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 23824 c:\winnt\$NtUninstallKB937894$\mqupgrd.dll
+ 2010-05-28 10:18 . 2003-07-14 12:00 14096 c:\winnt\$NtUninstallKB937894$\mqsvc.exe
+ 2010-05-28 10:18 . 2005-01-12 11:39 70928 c:\winnt\$NtUninstallKB937894$\mqsec.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 10000 c:\winnt\$NtUninstallKB937894$\mqperf.dll
+ 2010-05-28 10:18 . 2003-12-21 23:56 98064 c:\winnt\$NtUninstallKB937894$\mqmig.exe
+ 2010-05-28 10:18 . 2003-07-14 12:00 87312 c:\winnt\$NtUninstallKB937894$\mqlogmgr.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 42256 c:\winnt\$NtUninstallKB937894$\mqdssrv.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 76560 c:\winnt\$NtUninstallKB937894$\mqdscli.dll
+ 2010-05-28 10:18 . 2003-07-14 12:00 29968 c:\winnt\$NtUninstallKB937894$\mqdbodbc.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 50448 c:\winnt\$NtUninstallKB937894$\mqclus.dll
+ 2010-05-28 10:18 . 2003-07-14 12:00 29456 c:\winnt\$NtUninstallKB937894$\mqcertui.dll
+ 2010-05-28 10:18 . 2003-07-14 12:00 25360 c:\winnt\$NtUninstallKB937894$\mqbkup.exe
+ 2010-05-28 10:18 . 2004-10-24 05:10 77680 c:\winnt\$NtUninstallKB937894$\mqac.sys
+ 2010-05-28 10:18 . 2003-12-21 23:56 14096 c:\winnt\$NtUninstallKB937894$\mq1sync.exe
+ 2010-05-28 10:18 . 2005-04-08 03:54 57104 c:\winnt\$NtUninstallKB935839$\mpr.dll
+ 2010-05-28 07:32 . 2003-07-14 12:00 33552 c:\winnt\$NtUninstallKB923810$\tifflt.dll
+ 2010-05-28 07:32 . 2003-07-14 12:00 71440 c:\winnt\$NtUninstallKB923810$\kodakprv.exe
+ 2010-05-28 07:32 . 2003-07-14 12:00 38160 c:\winnt\$NtUninstallKB923810$\jpeg2x32.dll
+ 2010-05-28 07:21 . 2003-07-14 12:00 18432 c:\winnt\$NtUninstallKB842773$\qmgrprxy.dll
+ 2010-05-28 07:26 . 2002-08-29 07:14 89872 c:\winnt\$NtUninstallKB329115$\cryptdlg.dll
+ 2001-03-23 15:17 . 2001-03-23 15:17 7168 c:\winnt\system32\updcrl.exe
- 2001-03-23 16:17 . 2001-03-23 16:17 7168 c:\winnt\system32\updcrl.exe
+ 2006-07-06 11:45 . 2006-07-06 11:45 7440 c:\winnt\system32\rasadhlp.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 7440 c:\winnt\system32\rasadhlp.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 7440 c:\winnt\system32\dllcache\rasadhlp.dll
+ 2003-07-14 12:00 . 2006-07-06 11:45 7440 c:\winnt\system32\dllcache\rasadhlp.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 8464 c:\winnt\system32\dllcache\mqrperf.dll
+ 2004-10-05 09:43 . 2004-10-05 09:43 7168 c:\winnt\system32\dllcache\bitsprx3.dll
+ 2004-10-05 09:43 . 2004-10-05 09:43 7680 c:\winnt\system32\dllcache\bitsprx2.dll
+ 2010-07-10 11:30 . 2010-07-10 11:30 3774 c:\winnt\Installer\{B37E2E44-F349-481D-95A4-EEBC95232A03}\ad100_pro.exe
+ 2010-05-20 20:12 . 2010-05-20 20:12 298496 c:\winnt\uninst.exe
+ 2010-05-20 20:12 . 2010-05-20 20:12 691545 c:\winnt\unins000.exe
+ 2008-10-16 14:12 . 2009-08-06 18:24 209632 c:\winnt\system32\wuweb.dll
+ 2007-04-06 18:16 . 2009-08-06 18:24 327896 c:\winnt\system32\wucltui.dll
+ 2007-04-06 18:16 . 2009-08-06 18:23 575704 c:\winnt\system32\wuapi.dll
- 2001-06-26 17:53 . 2001-06-26 17:53 118834 c:\winnt\system32\wscript.exe
+ 2001-06-26 16:53 . 2001-06-26 16:53 118834 c:\winnt\system32\wscript.exe
+ 2010-02-15 12:52 . 2010-02-15 12:52 167696 c:\winnt\system32\WINTRUST.DLL
+ 2003-07-14 12:00 . 2007-03-13 09:44 245520 c:\winnt\system32\WINSRV.DLL
+ 2010-04-14 15:17 . 2010-04-14 15:17 576512 c:\winnt\system32\WININET.DLL
+ 2008-12-31 09:32 . 2008-12-31 09:32 351232 c:\winnt\system32\winhttp.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 258048 c:\winnt\system32\webcheck.dll
+ 2002-02-26 14:58 . 2010-03-12 09:14 401408 c:\winnt\system32\vbscript.dll
+ 1997-07-31 23:00 . 1998-04-24 00:00 385024 c:\winnt\system32\VBAR332.DLL
+ 2007-03-06 11:17 . 2007-03-06 11:17 381200 c:\winnt\system32\USER32.DLL
+ 2010-04-14 15:17 . 2010-04-14 15:17 471040 c:\winnt\system32\URLMON.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 106496 c:\winnt\system32\url.dll
+ 2005-07-02 11:30 . 2005-07-02 11:30 175888 c:\winnt\system32\tapisrv.dll
+ 2009-10-15 08:53 . 2009-10-15 08:53 165136 c:\winnt\system32\t2embed.dll
+ 2003-07-14 12:00 . 2009-08-21 16:06 247326 c:\winnt\system32\strmdll.dll
+ 2010-05-20 20:12 . 2010-05-20 20:12 200704 c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe
+ 2010-04-14 14:48 . 2010-04-14 14:48 402944 c:\winnt\system32\SHLWAPI.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 533504 c:\winnt\system32\shdoclc.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 159504 c:\winnt\system32\Setup\msmqocm.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 159504 c:\winnt\system32\Setup\msmqocm.dll
- 2003-07-14 12:00 . 2004-03-11 13:29 342288 c:\winnt\system32\Setup\comsetup.dll
+ 2003-07-14 12:00 . 2005-09-05 08:18 342288 c:\winnt\system32\Setup\comsetup.dll
- 2001-06-26 16:39 . 2001-06-26 16:39 151601 c:\winnt\system32\scrrun.dll
+ 2001-06-26 15:39 . 2001-06-26 15:39 151601 c:\winnt\system32\scrrun.dll
+ 2001-06-26 15:38 . 2001-06-26 15:38 159793 c:\winnt\system32\scrobj.dll
- 2001-06-26 16:38 . 2001-06-26 16:38 159793 c:\winnt\system32\scrobj.dll
+ 2008-11-18 14:08 . 2008-11-18 14:08 147728 c:\winnt\system32\SCHANNEL.DLL
+ 2005-09-05 08:18 . 2005-09-05 08:18 212240 c:\winnt\system32\rpcss.dll
+ 2009-04-22 13:38 . 2009-04-22 13:38 437008 c:\winnt\system32\rpcrt4.dll
+ 2006-11-17 13:16 . 2006-11-17 13:16 433664 c:\winnt\system32\riched20.dll
+ 2009-10-09 06:21 . 2009-10-09 06:21 101136 c:\winnt\system32\rastls.dll
+ 2006-06-21 12:17 . 2006-06-21 12:17 161040 c:\winnt\system32\rasmans.dll
+ 2003-07-14 12:00 . 2010-05-20 20:12 244224 c:\winnt\system32\qmgr_suspect.dll
+ 2003-05-02 00:39 . 2003-05-02 00:39 137488 c:\winnt\system32\polstore.dll
+ 2003-07-14 12:00 . 2006-10-19 08:02 115472 c:\winnt\system32\OLEDLG.DLL
+ 2003-07-14 12:00 . 2007-12-05 10:40 631056 c:\winnt\system32\OLEAUT32.DLL
+ 2005-09-05 08:18 . 2005-09-05 08:18 957712 c:\winnt\system32\OLE32.DLL
+ 2006-02-17 19:01 . 2007-08-17 06:48 448272 c:\winnt\system32\oieng400.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 278800 c:\winnt\system32\odbcjt32.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 102672 c:\winnt\system32\ODBCCP32.dll
- 2003-07-14 12:00 . 2004-02-02 14:17 102672 c:\winnt\system32\ODBCCP32.DLL
+ 2007-01-10 10:09 . 2007-01-10 10:09 212992 c:\winnt\system32\odbc32.dll
- 2004-02-02 00:48 . 2004-02-02 00:48 212992 c:\winnt\system32\ODBC32.DLL
+ 2009-10-08 13:54 . 2009-10-08 13:54 417552 c:\winnt\system32\oakley.dll
+ 2003-07-14 12:00 . 2006-09-01 05:49 140048 c:\winnt\system32\NWPROVAU.DLL
+ 2007-04-23 06:22 . 2007-04-23 06:22 939280 c:\winnt\system32\ntdsa.dll
+ 2005-08-16 08:35 . 2005-08-16 08:35 100112 c:\winnt\system32\netman.dll
+ 2008-10-17 17:41 . 2008-10-17 17:41 310032 c:\winnt\system32\NETAPI32.DLL
- 2006-02-17 19:01 . 2006-04-23 08:01 123152 c:\winnt\system32\mtxoci.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 123152 c:\winnt\system32\mtxoci.dll
+ 1997-07-31 23:00 . 1998-04-24 00:00 294912 c:\winnt\system32\MSXBSE35.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:06 355104 c:\winnt\system32\msxbde40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:05 621344 c:\winnt\system32\mswstr10.dll
+ 2003-07-14 12:00 . 2008-03-27 07:05 838432 c:\winnt\system32\mswdat10.dll
+ 2011-02-04 14:33 . 1998-06-17 00:00 385100 c:\winnt\system32\MSVCRTD.DLL
+ 2011-02-04 14:33 . 1998-06-17 00:00 516173 c:\winnt\system32\MSVCP60D.DLL
+ 2002-08-29 06:14 . 2010-04-14 15:15 498176 c:\winnt\system32\MSTIME.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:05 264992 c:\winnt\system32\mstext40.dll
+ 2000-04-26 13:34 . 1998-04-24 00:00 176128 c:\winnt\system32\MSTEXT35.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:04 559904 c:\winnt\system32\msrepl40.dll
+ 2000-04-26 13:34 . 1998-04-24 00:00 417792 c:\winnt\system32\MSREPL35.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:04 322336 c:\winnt\system32\msrd3x40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:04 432928 c:\winnt\system32\msrd2x40.dll
+ 1997-07-31 23:00 . 1998-04-24 00:00 262144 c:\winnt\system32\MSRD2X35.DLL
+ 2002-08-29 06:14 . 2010-04-14 14:49 132096 c:\winnt\system32\MSRATING.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 132096 c:\winnt\system32\msrating.dll
+ 2000-04-26 13:34 . 1998-04-24 00:00 250128 c:\winnt\system32\MSPDOX35.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:03 355104 c:\winnt\system32\mspbde40.dll
- 2006-02-17 19:01 . 2003-07-14 12:00 319760 c:\winnt\system32\mspaint.exe
+ 2006-02-17 19:01 . 2009-12-28 13:03 319760 c:\winnt\system32\MSPAINT.EXE
+ 2002-08-29 06:06 . 2009-12-17 09:59 229376 c:\winnt\system32\MSOEACCT.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:03 219936 c:\winnt\system32\msltus40.dll
+ 2000-04-26 13:34 . 2000-04-26 13:34 168720 c:\winnt\system32\msltus35.dll
+ 2003-07-14 12:00 . 2008-03-27 07:03 248608 c:\winnt\system32\msjtes40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:13 151583 c:\winnt\system32\msjint40.dll
- 1997-07-31 23:00 . 1997-06-23 09:06 123664 c:\winnt\system32\msjint35.dll
+ 1997-07-31 23:00 . 1998-04-24 00:00 123664 c:\winnt\system32\MSJINT35.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:02 355112 c:\winnt\system32\msjetoledb40.dll
+ 2003-07-14 12:00 . 2005-05-04 13:45 884736 c:\winnt\system32\msimsg.dll
+ 2003-07-14 12:00 . 2005-05-04 13:45 271360 c:\winnt\system32\msihnd.dll
+ 2002-08-29 06:14 . 2005-08-05 12:53 248592 c:\winnt\system32\MSIEFTP.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 434688 c:\winnt\system32\mshtmled.dll
+ 2003-07-14 12:00 . 2008-03-27 07:00 326432 c:\winnt\system32\msexcl40.dll
+ 2000-04-26 13:34 . 1998-04-24 00:00 262144 c:\winnt\system32\MSEXCL35.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:00 518944 c:\winnt\system32\msexch40.dll
+ 2000-04-26 13:34 . 2000-04-26 13:34 344064 c:\winnt\system32\msexch35.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 154384 c:\winnt\system32\msdtcui.dll
+ 2010-05-25 11:44 . 2008-06-25 12:33 728336 c:\winnt\system32\msdtcprx.dll
+ 2009-04-20 20:30 . 2009-04-20 20:30 105744 c:\winnt\system32\msafd.dll
+ 2003-07-14 12:00 . 2006-07-25 05:08 840976 c:\winnt\system32\mmcndmgr.dll
+ 2003-07-14 12:00 . 2006-07-06 10:52 613648 c:\winnt\system32\mmc.exe
+ 2002-08-29 06:14 . 2002-08-29 06:14 574976 c:\winnt\system32\mlang.dll
+ 2011-02-04 14:33 . 1998-06-17 12:30 798773 c:\winnt\system32\MFCO42D.DLL
+ 2011-02-04 14:33 . 1998-06-17 12:30 274485 c:\winnt\system32\MFCD42D.DLL
+ 2011-02-04 14:33 . 1998-06-17 00:00 929844 c:\winnt\system32\MFC42D.DLL
+ 2003-07-14 12:00 . 2006-11-02 17:31 927504 c:\winnt\system32\MFC40U.DLL
+ 2011-03-02 23:01 . 2011-03-02 23:01 235168 c:\winnt\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
+ 2007-10-16 11:34 . 2007-10-16 11:34 513808 c:\winnt\system32\LSASRV.DLL
+ 2003-07-14 12:00 . 2009-05-07 06:41 263440 c:\winnt\system32\LOCALSPL.DLL
+ 2003-07-14 12:00 . 2007-04-16 12:44 712976 c:\winnt\system32\KERNEL32.DLL
+ 2005-06-15 04:22 . 2005-06-15 04:22 208144 c:\winnt\system32\kerberos.dll
+ 2001-06-26 15:36 . 2009-06-24 18:02 458752 c:\winnt\system32\jscript.dll
+ 2010-11-12 09:30 . 2010-09-15 04:50 153376 c:\winnt\system32\javaws.exe
+ 2010-11-12 09:30 . 2010-09-15 04:50 145184 c:\winnt\system32\javaw.exe
+ 2010-11-12 09:30 . 2010-09-15 04:50 145184 c:\winnt\system32\java.exe
+ 2003-07-14 12:00 . 2005-04-21 14:16 128000 c:\winnt\system32\itss.dll
+ 2003-07-14 12:00 . 2005-04-21 14:16 143872 c:\winnt\system32\itircl.dll
- 2003-07-14 12:00 . 2005-01-12 11:39 143872 c:\winnt\system32\itircl.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 110592 c:\winnt\system32\inetcplc.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 110592 c:\winnt\system32\inetcplc.dll
+ 2002-08-29 06:06 . 2010-02-02 10:44 601088 c:\winnt\system32\INETCOMM.DLL
+ 2002-08-29 06:14 . 2010-04-14 15:15 236032 c:\winnt\system32\IEPEERS.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 294912 c:\winnt\system32\iedkcs32.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 294912 c:\winnt\system32\iedkcs32.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 221184 c:\winnt\system32\ieakui.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 221184 c:\winnt\system32\ieakui.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 204288 c:\winnt\system32\ieaksie.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 204288 c:\winnt\system32\ieaksie.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 126976 c:\winnt\system32\ieakeng.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 126976 c:\winnt\system32\ieakeng.dll
+ 2003-07-14 12:00 . 2005-06-29 07:30 246032 c:\winnt\system32\icm32.dll
+ 2008-10-23 05:27 . 2008-10-23 05:27 237840 c:\winnt\system32\GDI32.DLL
+ 2010-07-10 11:29 . 2006-05-24 09:40 188416 c:\winnt\system32\ftdiunin.exe
+ 2010-07-10 11:29 . 2006-05-24 09:45 176128 c:\winnt\system32\ftd2xx.dll
+ 2010-07-10 11:29 . 2006-05-24 09:47 106496 c:\winnt\system32\ftbusui.dll
- 2006-02-17 18:34 . 2009-04-20 09:16 125320 c:\winnt\system32\FNTCACHE.DAT
+ 2006-02-17 18:34 . 2010-06-12 13:39 125320 c:\winnt\system32\FNTCACHE.DAT
+ 2005-07-13 07:22 . 2005-01-12 19:39 138000 c:\winnt\system32\faxui.dll
- 2003-06-19 12:05 . 2005-01-12 11:39 138000 c:\winnt\system32\faxui.dll
+ 2004-03-11 13:29 . 2004-03-11 13:29 239888 c:\winnt\system32\es_suspect.dll
+ 2008-07-10 10:00 . 2008-07-10 10:00 251152 c:\winnt\system32\es.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 192512 c:\winnt\system32\DXTRANS.DLL
+ 2002-08-29 06:14 . 2010-04-14 15:15 351744 c:\winnt\system32\DXTMSFT.DLL
+ 2003-07-14 12:00 . 2006-08-22 03:05 498742 c:\winnt\system32\dxmasf.dll
+ 2010-07-10 11:29 . 2006-05-24 09:42 102400 c:\winnt\system32\DRVSTORE\ftdiportad_350623C56B97DFD1EB0CF43C088F965E0305F4FD\FTLang.Dll
+ 2010-07-10 11:29 . 2006-05-24 09:40 188416 c:\winnt\system32\DRVSTORE\ftdibusad_41D0094FD82F5ACEF718F53EE402A5C1DA98AD8F\ftdiunin.exe
+ 2010-07-10 11:29 . 2006-05-24 09:45 176128 c:\winnt\system32\DRVSTORE\ftdibusad_41D0094FD82F5ACEF718F53EE402A5C1DA98AD8F\ftd2xx.dll
+ 2010-07-10 11:29 . 2006-05-24 09:47 106496 c:\winnt\system32\DRVSTORE\ftdibusad_41D0094FD82F5ACEF718F53EE402A5C1DA98AD8F\ftbusui.dll
+ 2011-01-03 19:26 . 2010-09-06 09:26 189520 c:\winnt\system32\drivers\tmcomm.sys
+ 2003-07-14 12:00 . 2008-06-18 22:35 320528 c:\winnt\system32\drivers\tcpip.sys
+ 2003-07-14 12:00 . 2009-12-10 13:39 252592 c:\winnt\system32\drivers\SRV.SYS
+ 2003-07-14 12:00 . 2010-02-16 04:28 170800 c:\winnt\system32\drivers\rdbss.sys
+ 2003-07-14 12:00 . 2006-09-01 04:57 161520 c:\winnt\system32\drivers\nwrdr.sys
+ 2003-07-14 12:00 . 2010-02-24 06:46 416304 c:\winnt\system32\drivers\mrxsmb.sys
+ 2005-04-14 06:59 . 2006-08-22 11:48 136912 c:\winnt\system32\drivers\fltmgr.sys
+ 2009-12-28 15:21 . 2010-07-20 08:57 243024 c:\winnt\system32\drivers\avgtdix.sys
+ 2008-07-23 22:32 . 2010-07-20 08:57 216400 c:\winnt\system32\drivers\avgldx86.sys
+ 2003-07-14 12:00 . 2008-10-17 10:38 119152 c:\winnt\system32\drivers\AFD.SYS
+ 2009-04-20 20:30 . 2009-04-20 20:30 139024 c:\winnt\system32\dnsapi.dll
+ 2001-06-26 16:53 . 2001-06-26 16:53 118834 c:\winnt\system32\dllcache\wscript.exe
- 2001-06-26 17:53 . 2001-06-26 17:53 118834 c:\winnt\system32\dllcache\wscript.exe
+ 2008-04-30 06:08 . 2008-04-30 06:08 187664 c:\winnt\system32\dllcache\wordpad.exe
+ 2010-02-15 12:52 . 2010-02-15 12:52 167696 c:\winnt\system32\dllcache\WINTRUST.DLL
+ 2005-03-11 23:54 . 2007-03-13 09:44 245520 c:\winnt\system32\dllcache\winsrv.dll
+ 2002-08-29 06:14 . 2010-04-14 15:17 576512 c:\winnt\system32\dllcache\WININET.DLL
+ 2008-12-31 09:32 . 2008-12-31 09:32 351232 c:\winnt\system32\dllcache\winhttp.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 258048 c:\winnt\system32\dllcache\webcheck.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 258048 c:\winnt\system32\dllcache\webcheck.dll
+ 2002-08-29 06:06 . 2002-08-29 06:06 249344 c:\winnt\system32\dllcache\wab32res.dll
- 2002-08-29 07:06 . 2002-08-29 07:06 249344 c:\winnt\system32\dllcache\wab32res.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 465920 c:\winnt\system32\dllcache\WAB32.DLL
+ 2002-02-26 14:58 . 2010-03-12 09:14 401408 c:\winnt\system32\dllcache\vbscript.dll
+ 2007-03-06 11:17 . 2007-03-06 11:17 381200 c:\winnt\system32\dllcache\USER32.DLL
+ 2002-08-29 06:14 . 2010-04-14 15:17 471040 c:\winnt\system32\dllcache\URLMON.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 106496 c:\winnt\system32\dllcache\url.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 106496 c:\winnt\system32\dllcache\url.dll
+ 2002-08-29 06:14 . 2009-08-03 09:24 149776 c:\winnt\system32\dllcache\triedit.dll
+ 2003-07-14 12:00 . 2008-06-18 22:35 320528 c:\winnt\system32\dllcache\tcpip.sys
+ 2003-07-14 12:00 . 2005-07-02 11:30 175888 c:\winnt\system32\dllcache\tapisrv.dll
+ 2003-07-14 12:00 . 2009-10-15 08:53 165136 c:\winnt\system32\dllcache\t2embed.dll
+ 2003-07-14 12:00 . 2009-08-21 16:06 247326 c:\winnt\system32\dllcache\strmdll.dll
+ 2003-07-14 12:00 . 2009-12-10 13:39 252592 c:\winnt\system32\dllcache\srv.sys
+ 2003-10-28 12:44 . 2003-10-28 12:44 524560 c:\winnt\system32\dllcache\sqlsrv32.dll
+ 2002-08-29 06:14 . 2010-04-14 14:48 402944 c:\winnt\system32\dllcache\SHLWAPI.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 533504 c:\winnt\system32\dllcache\shdoclc.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 533504 c:\winnt\system32\dllcache\shdoclc.dll
- 2001-06-26 16:39 . 2001-06-26 16:39 151601 c:\winnt\system32\dllcache\scrrun.dll
+ 2001-06-26 15:39 . 2001-06-26 15:39 151601 c:\winnt\system32\dllcache\scrrun.dll
- 2001-06-26 16:38 . 2001-06-26 16:38 159793 c:\winnt\system32\dllcache\scrobj.dll
+ 2001-06-26 15:38 . 2001-06-26 15:38 159793 c:\winnt\system32\dllcache\scrobj.dll
+ 2003-07-14 12:00 . 2008-11-18 14:08 147728 c:\winnt\system32\dllcache\SCHANNEL.DLL
+ 2003-07-14 12:00 . 2005-09-05 08:18 212240 c:\winnt\system32\dllcache\rpcss.dll
+ 2003-07-14 12:00 . 2009-04-22 13:38 437008 c:\winnt\system32\dllcache\rpcrt4.dll
+ 2003-07-14 12:00 . 2006-11-17 13:16 433664 c:\winnt\system32\dllcache\riched20.dll
+ 2003-07-14 12:00 . 2010-02-16 04:28 170800 c:\winnt\system32\dllcache\rdbss.sys
+ 2003-07-14 12:00 . 2009-10-09 06:21 101136 c:\winnt\system32\dllcache\rastls.dll
+ 2006-06-21 12:17 . 2006-06-21 12:17 161040 c:\winnt\system32\dllcache\rasmans.dll
+ 2004-10-05 09:43 . 2004-10-05 09:43 362496 c:\winnt\system32\dllcache\qmgr.dll
+ 2003-05-02 00:39 . 2003-05-02 00:39 137488 c:\winnt\system32\dllcache\polstore.dll
+ 2003-07-14 12:00 . 2006-10-19 08:02 115472 c:\winnt\system32\dllcache\oledlg.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 483328 c:\winnt\system32\dllcache\oledb32.dll
+ 2003-07-14 12:00 . 2007-12-05 10:40 631056 c:\winnt\system32\dllcache\oleaut32.dll
+ 2003-07-14 12:00 . 2005-09-05 08:18 957712 c:\winnt\system32\dllcache\OLE32.DLL
+ 2007-08-17 06:48 . 2007-08-17 06:48 448272 c:\winnt\system32\dllcache\oieng400.dll
+ 2003-07-14 12:00 . 2006-11-29 08:31 278800 c:\winnt\system32\dllcache\odbcjt32.dll
- 2003-07-14 12:00 . 2004-02-02 14:17 102672 c:\winnt\system32\dllcache\ODBCCP32.DLL
+ 2003-07-14 12:00 . 2006-11-29 08:31 102672 c:\winnt\system32\dllcache\ODBCCP32.dll
- 2003-07-14 12:00 . 2004-02-02 00:48 212992 c:\winnt\system32\dllcache\ODBC32.DLL
+ 2003-07-14 12:00 . 2007-01-10 10:09 212992 c:\winnt\system32\dllcache\odbc32.dll
+ 2009-10-08 13:54 . 2009-10-08 13:54 417552 c:\winnt\system32\dllcache\oakley.dll
+ 2003-07-14 12:00 . 2006-09-01 04:57 161520 c:\winnt\system32\dllcache\nwrdr.sys
+ 2003-07-14 12:00 . 2006-09-01 05:49 140048 c:\winnt\system32\dllcache\nwprovau.dll
+ 2007-04-23 06:22 . 2007-04-23 06:22 939280 c:\winnt\system32\dllcache\ntdsa.dll
- 2008-07-13 16:48 . 2003-07-14 12:00 364544 c:\winnt\system32\dllcache\npdsplay.dll
+ 2008-07-13 16:48 . 2005-11-29 15:27 364544 c:\winnt\system32\dllcache\npdsplay.dll
+ 2003-07-14 12:00 . 2005-08-16 08:35 100112 c:\winnt\system32\dllcache\netman.dll
+ 2003-07-14 12:00 . 2008-10-17 17:41 310032 c:\winnt\system32\dllcache\NETAPI32.DLL
- 2006-02-17 19:01 . 2006-04-23 08:01 123152 c:\winnt\system32\dllcache\mtxoci.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 123152 c:\winnt\system32\dllcache\mtxoci.dll
- 2008-07-13 16:54 . 2004-02-19 00:14 155408 c:\winnt\system32\dllcache\mtstocom.exe
+ 2008-07-13 16:54 . 2005-08-30 05:05 155408 c:\winnt\system32\dllcache\mtstocom.exe
+ 2003-07-14 12:00 . 2008-03-27 07:06 355104 c:\winnt\system32\dllcache\msxbde40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:05 621344 c:\winnt\system32\dllcache\mswstr10.dll
+ 2003-07-14 12:00 . 2008-03-27 07:05 838432 c:\winnt\system32\dllcache\mswdat10.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 498176 c:\winnt\system32\dllcache\MSTIME.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:05 264992 c:\winnt\system32\dllcache\mstext40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:04 559904 c:\winnt\system32\dllcache\msrepl40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:04 322336 c:\winnt\system32\dllcache\msrd3x40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:04 432928 c:\winnt\system32\dllcache\msrd2x40.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 132096 c:\winnt\system32\dllcache\msrating.dll
+ 2002-08-29 06:14 . 2010-04-14 14:49 132096 c:\winnt\system32\dllcache\MSRATING.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:03 355104 c:\winnt\system32\dllcache\mspbde40.dll
- 2006-02-17 19:01 . 2003-07-14 12:00 319760 c:\winnt\system32\dllcache\mspaint.exe
+ 2006-02-17 19:01 . 2009-12-28 13:03 319760 c:\winnt\system32\dllcache\mspaint.exe
+ 2002-08-29 06:06 . 2009-12-17 09:59 229376 c:\winnt\system32\dllcache\MSOEACCT.DLL
+ 2007-10-17 07:22 . 2007-10-17 07:22 159504 c:\winnt\system32\dllcache\msmqocm.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 159504 c:\winnt\system32\dllcache\msmqocm.dll
+ 2003-07-14 12:00 . 2008-03-27 07:03 219936 c:\winnt\system32\dllcache\msltus40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:03 248608 c:\winnt\system32\dllcache\msjtes40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:13 151583 c:\winnt\system32\dllcache\msjint40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:02 355112 c:\winnt\system32\dllcache\msjetol1.dll
+ 2003-07-14 12:00 . 2005-05-04 13:45 884736 c:\winnt\system32\dllcache\msimsg.dll
+ 2003-07-14 12:00 . 2005-05-04 13:45 271360 c:\winnt\system32\dllcache\msihnd.dll
+ 2002-08-29 06:14 . 2005-08-05 12:53 248592 c:\winnt\system32\dllcache\MSIEFTP.DLL
- 2002-08-29 07:14 . 2002-08-29 07:14 434688 c:\winnt\system32\dllcache\mshtmled.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 434688 c:\winnt\system32\dllcache\mshtmled.dll
+ 2003-07-14 12:00 . 2008-03-27 07:00 326432 c:\winnt\system32\dllcache\msexcl40.dll
+ 2003-07-14 12:00 . 2008-03-27 07:00 518944 c:\winnt\system32\dllcache\msexch40.dll
+ 2006-02-17 19:01 . 2008-06-25 12:33 154384 c:\winnt\system32\dllcache\msdtcui.dll
+ 2006-04-23 08:01 . 2008-06-25 12:33 728336 c:\winnt\system32\dllcache\msdtcprx.dll
+ 2008-07-13 16:47 . 2006-11-29 08:31 192784 c:\winnt\system32\dllcache\msdaps.dll
- 2008-07-13 16:47 . 2003-07-14 12:00 192784 c:\winnt\system32\dllcache\msdaps.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 204800 c:\winnt\system32\dllcache\msdaprst.dll
+ 2009-04-20 20:30 . 2009-04-20 20:30 105744 c:\winnt\system32\dllcache\msafd.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 188449 c:\winnt\system32\dllcache\msadox.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 172066 c:\winnt\system32\dllcache\msadomd.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 487424 c:\winnt\system32\dllcache\msado15.dll
+ 2008-07-13 16:47 . 2006-11-29 08:31 151824 c:\winnt\system32\dllcache\msadco.dll
+ 2008-07-13 16:47 . 2007-01-10 10:09 327680 c:\winnt\system32\dllcache\msadce.dll
+ 2003-07-14 12:00 . 2010-02-24 06:46 416304 c:\winnt\system32\dllcache\mrxsmb.sys
+ 2007-10-17 07:22 . 2007-10-17 07:22 111888 c:\winnt\system32\dllcache\mqutil.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 400656 c:\winnt\system32\dllcache\mqsnap.dll
- 2008-07-13 16:54 . 2005-01-12 11:39 400656 c:\winnt\system32\dllcache\mqsnap.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 102672 c:\winnt\system32\dllcache\mqrt.dll
- 2008-07-13 16:54 . 2005-04-08 02:34 102672 c:\winnt\system32\dllcache\mqrt.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 440592 c:\winnt\system32\dllcache\mqqm.dll
- 2008-07-13 16:51 . 2005-01-12 11:39 222480 c:\winnt\system32\dllcache\mqoa.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 222480 c:\winnt\system32\dllcache\mqoa.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 267536 c:\winnt\system32\dllcache\mqmigrat.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 218384 c:\winnt\system32\dllcache\mqads.dll
+ 2007-10-17 07:22 . 2007-10-17 07:22 292112 c:\winnt\system32\dllcache\mq1repl.dll
+ 2003-07-14 12:00 . 2006-07-25 05:08 840976 c:\winnt\system32\dllcache\mmcndmgr.dll
+ 2003-07-14 12:00 . 2006-07-06 10:52 613648 c:\winnt\system32\dllcache\mmc.exe
+ 2002-08-29 06:14 . 2002-08-29 06:14 574976 c:\winnt\system32\dllcache\mlang.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 574976 c:\winnt\system32\dllcache\mlang.dll
+ 2003-07-14 12:00 . 2006-11-02 17:31 927504 c:\winnt\system32\dllcache\mfc40u.dll
+ 2007-10-16 11:34 . 2007-10-16 11:34 513808 c:\winnt\system32\dllcache\LSASRV.DLL
+ 2003-07-14 12:00 . 2009-05-07 06:41 263440 c:\winnt\system32\dllcache\localspl.dll
+ 2007-05-11 07:41 . 2007-05-11 07:41 524560 c:\winnt\system32\dllcache\kodakimg.exe
+ 2004-12-30 09:53 . 2007-04-16 12:44 712976 c:\winnt\system32\dllcache\kernel32.dll
+ 2005-06-15 04:22 . 2005-06-15 04:22 208144 c:\winnt\system32\dllcache\kerberos.dll
+ 2005-04-08 03:54 . 2005-06-15 04:33 149776 c:\winnt\system32\dllcache\kdcsvc.dll
+ 2001-06-26 15:36 . 2009-06-24 18:02 458752 c:\winnt\system32\dllcache\jscript.dll
+ 2003-07-14 12:00 . 2005-04-21 14:16 128000 c:\winnt\system32\dllcache\itss.dll
- 2003-07-14 12:00 . 2005-01-12 11:39 143872 c:\winnt\system32\dllcache\itircl.dll
+ 2003-07-14 12:00 . 2005-04-21 14:16 143872 c:\winnt\system32\dllcache\itircl.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 110592 c:\winnt\system32\dllcache\inetcplc.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 110592 c:\winnt\system32\dllcache\inetcplc.dll
+ 2002-08-29 06:06 . 2010-02-02 10:44 601088 c:\winnt\system32\dllcache\INETCOMM.DLL
+ 2002-08-29 06:14 . 2010-04-14 15:15 236032 c:\winnt\system32\dllcache\IEPEERS.DLL
+ 2002-08-29 06:14 . 2002-08-29 06:14 294912 c:\winnt\system32\dllcache\iedkcs32.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 294912 c:\winnt\system32\dllcache\iedkcs32.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 221184 c:\winnt\system32\dllcache\ieakui.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 221184 c:\winnt\system32\dllcache\ieakui.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 204288 c:\winnt\system32\dllcache\ieaksie.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 204288 c:\winnt\system32\dllcache\ieaksie.dll
+ 2002-08-29 06:14 . 2002-08-29 06:14 126976 c:\winnt\system32\dllcache\ieakeng.dll
- 2002-08-29 07:14 . 2002-08-29 07:14 126976 c:\winnt\system32\dllcache\ieakeng.dll
+ 2003-07-14 12:00 . 2005-06-29 07:30 246032 c:\winnt\system32\dllcache\icm32.dll
+ 2008-10-23 05:27 . 2008-10-23 05:27 237840 c:\winnt\system32\dllcache\GDI32.DLL
+ 2005-04-13 22:59 . 2006-08-22 11:48 136912 c:\winnt\system32\dllcache\fltmgr.sys
+ 2005-07-13 07:22 . 2005-01-12 19:39 138000 c:\winnt\system32\dllcache\faxui.dll
- 2005-01-12 11:39 . 2005-01-12 11:39 138000 c:\winnt\system32\dllcache\faxui.dll
+ 2003-07-14 12:00 . 2008-07-10 10:00 251152 c:\winnt\system32\dllcache\es.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 192512 c:\winnt\system32\dllcache\DXTRANS.DLL
+ 2002-08-29 06:14 . 2010-04-14 15:15 351744 c:\winnt\system32\dllcache\DXTMSFT.DLL
+ 2003-07-14 12:00 . 2006-08-22 03:05 498742 c:\winnt\system32\dllcache\dxmasf.dll
+ 2009-04-20 20:30 . 2009-04-20 20:30 139024 c:\winnt\system32\dllcache\dnsapi.dll
+ 2008-07-13 16:47 . 2008-03-27 07:00 554008 c:\winnt\system32\dllcache\dao360.dll
- 2001-06-26 17:49 . 2001-06-26 17:49 102450 c:\winnt\system32\dllcache\cscript.exe
+ 2001-06-26 16:49 . 2001-06-26 16:49 102450 c:\winnt\system32\dllcache\cscript.exe
- 2003-07-14 12:00 . 2004-03-11 13:29 342288 c:\winnt\system32\dllcache\comsetup.dll
+ 2003-07-14 12:00 . 2005-09-05 08:18 342288 c:\winnt\system32\dllcache\comsetup.dll
+ 2002-08-29 06:14 . 2006-08-28 08:44 530192 c:\winnt\system32\dllcache\comctl32.dll
+ 2002-08-29 06:14 . 2010-04-14 14:49 143360 c:\winnt\system32\dllcache\CDFVIEW.DLL
+ 2003-07-14 12:00 . 2010-04-12 17:12 291920 c:\winnt\system32\dllcache\atmfd.dll
+ 2003-07-14 12:00 . 2010-03-09 09:32 143632 c:\winnt\system32\dllcache\asycfilt.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 143632 c:\winnt\system32\dllcache\asycfilt.dll
+ 2003-07-14 12:00 . 2006-08-23 04:18 242448 c:\winnt\system32\dllcache\agentsvr.exe
- 2003-07-14 12:00 . 2003-07-14 12:00 242448 c:\winnt\system32\dllcache\agentsvr.exe
+ 2003-07-14 12:00 . 2008-10-17 10:38 119152 c:\winnt\system32\dllcache\afd.sys
+ 2010-05-26 14:55 . 2010-09-15 04:50 472808 c:\winnt\system32\deployJava1.dll
+ 2001-06-26 16:49 . 2001-06-26 16:49 102450 c:\winnt\system32\cscript.exe
- 2001-06-26 17:49 . 2001-06-26 17:49 102450 c:\winnt\system32\cscript.exe
+ 2006-08-28 08:44 . 2006-08-28 08:44 530192 c:\winnt\system32\comctl32.dll
+ 2010-05-20 20:12 . 2010-05-20 20:12 118784 c:\winnt\system32\cmuda.dll
+ 2010-05-20 20:12 . 2010-05-20 20:12 233472 c:\winnt\system32\cmirmdrv.exe
+ 2002-08-29 06:14 . 2010-04-14 14:49 143360 c:\winnt\system32\CDFVIEW.DLL
+ 2010-05-20 20:11 . 2010-05-20 20:11 712704 c:\winnt\system32\Audio3D.dll
+ 2003-07-14 12:00 . 2010-04-12 17:12 291920 c:\winnt\system32\atmfd.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 143632 c:\winnt\system32\asycfilt.dll
+ 2003-07-14 12:00 . 2010-03-09 09:32 143632 c:\winnt\system32\ASYCFILT.DLL
+ 2010-05-20 20:11 . 2010-05-20 20:11 917504 c:\winnt\system\cmids3d.dll
- 2003-07-14 12:00 . 2003-07-14 12:00 242448 c:\winnt\msagent\agentsvr.exe
+ 2003-07-14 12:00 . 2006-08-23 04:18 242448 c:\winnt\msagent\agentsvr.exe
+ 2010-05-20 20:11 . 2010-05-20 20:11 286720 c:\winnt\iun507.exe
+ 2010-05-20 20:11 . 2010-05-20 20:11 306688 c:\winnt\IsUninst.exe
+ 2010-07-10 11:30 . 2010-07-10 11:30 595968 c:\winnt\Installer\66b07a.msi
+ 2010-07-05 22:20 . 2010-07-05 22:20 370176 c:\winnt\Installer\60fdc3.msi
+ 2010-05-26 14:55 . 2010-05-26 14:55 577536 c:\winnt\Installer\5d360f9.msi
+ 2010-11-12 09:56 . 2010-11-12 09:56 180224 c:\winnt\Installer\57042e.msi
+ 2007-03-13 09:44 . 2007-03-13 09:44 245520 c:\winnt\Driver Cache\i386\winsrv.dll
+ 2007-04-16 12:44 . 2007-04-16 12:44 712976 c:\winnt\Driver Cache\i386\kernel32.dll
- 2006-06-21 06:52 . 2006-06-21 06:52 712976 c:\winnt\Driver Cache\i386\kernel32.dll
+ 2005-07-13 07:22 . 2005-01-12 19:39 138000 c:\winnt\Driver Cache\i386\faxui.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 212992 c:\winnt\Crystal\U2FXLS.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 106496 c:\winnt\Crystal\U2FWORDW.dll
+ 2010-05-20 20:11 . 2010-05-20 20:11 102400 c:\winnt\Crystal\u2dpost.dll
+ 2009-11-20 07:05 . 2009-11-20 07:05 288528 c:\winnt\AppPatch\aclayers.dll
+ 2010-05-28 10:24 . 2007-01-05 07:49 371424 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\updspapi.dll
+ 2010-05-28 10:24 . 2007-01-05 07:49 213216 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe
+ 2010-05-28 10:24 . 2003-07-14 12:00 483600 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\oledb32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 270608 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbcjt32.dll
+ 2010-05-28 10:24 . 2004-02-02 14:17 102672 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbccp32.dll
+ 2010-05-28 10:24 . 2004-02-02 00:48 212992 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbc32.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 192784 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msdaps.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 615655 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msdaprst.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 188688 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadox.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 172304 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadomd.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 491792 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msado15.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 135168 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadcs.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 430080 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadco.dll
+ 2010-05-28 10:24 . 2003-07-14 12:00 856768 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadce.dll
+ 2010-06-12 12:58 . 2010-02-25 09:32 576512 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\wininet.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 471040 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\urlmon.dll
+ 2010-06-12 12:58 . 2005-06-28 09:23 371424 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\spuninst\updspapi.dll
+ 2010-06-12 12:58 . 2005-06-28 09:23 213216 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\spuninst\spuninst.exe
+ 2010-06-12 12:58 . 2010-02-25 09:25 402944 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\shlwapi.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 498176 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\mstime.dll
+ 2010-06-12 12:58 . 2010-02-25 09:26 132096 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\msrating.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 236032 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\iepeers.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 192512 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\dxtrans.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 351744 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\dxtmsft.dll
+ 2010-06-12 12:58 . 2010-02-25 09:26 143360 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\cdfview.dll
+ 2010-05-28 07:28 . 2002-02-26 15:58 462906 c:\winnt\$NtUninstallKB981350$\vbscript.dll
+ 2010-05-28 07:28 . 2010-03-12 14:36 371424 c:\winnt\$NtUninstallKB981350$\spuninst\updspapi.dll
+ 2010-05-28 07:28 . 2010-03-12 14:36 213216 c:\winnt\$NtUninstallKB981350$\spuninst\spuninst.exe
+ 2010-05-28 07:20 . 2010-02-25 17:04 371424 c:\winnt\$NtUninstallKB980232$\spuninst\updspapi.dll
+ 2010-05-28 07:20 . 2010-02-25 17:04 213216 c:\winnt\$NtUninstallKB980232$\spuninst\spuninst.exe
+ 2010-05-28 07:20 . 2005-04-21 00:03 183248 c:\winnt\$NtUninstallKB980232$\rdbss.sys
+ 2010-05-28 07:20 . 2005-04-08 03:51 432976 c:\winnt\$NtUninstallKB980232$\mrxsmb.sys
+ 2010-06-12 12:57 . 2009-03-10 20:07 371424 c:\winnt\$NtUninstallKB980218$\spuninst\updspapi.dll
+ 2010-06-12 12:57 . 2009-03-10 20:06 213216 c:\winnt\$NtUninstallKB980218$\spuninst\spuninst.exe
+ 2010-06-12 12:57 . 2003-07-14 12:00 291888 c:\winnt\$NtUninstallKB980218$\atmfd.dll
+ 2010-06-12 12:49 . 2009-03-10 20:07 371424 c:\winnt\$NtUninstallKB980195$\spuninst\updspapi.dll
+ 2010-06-12 12:49 . 2009-03-10 20:06 213216 c:\winnt\$NtUninstallKB980195$\spuninst\spuninst.exe
+ 2010-05-28 07:19 . 2005-04-08 03:54 450832 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\wininet.dll
+ 2010-05-28 07:19 . 2005-04-08 03:54 420624 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\urlmon.dll
+ 2010-05-28 07:19 . 2005-06-28 08:23 371424 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\spuninst\updspapi.dll
+ 2010-05-28 07:19 . 2005-06-28 08:23 213216 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\spuninst\spuninst.exe
+ 2010-05-28 07:19 . 2005-02-17 09:06 283920 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\shlwapi.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 496128 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\mstime.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 132096 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\msrating.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 231424 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\iepeers.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 187392 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\dxtrans.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 351232 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\dxtmsft.dll
+ 2010-05-28 07:19 . 2002-08-29 07:14 142336 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\cdfview.dll
+ 2010-05-28 07:19 . 2005-04-08 03:54 792336 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\browseui.dll
+ 2010-05-28 10:21 . 2009-03-10 15:37 371424 c:\winnt\$NtUninstallKB979683$\spuninst\updspapi.dll
+ 2010-05-28 10:21 . 2009-03-10 15:36 213216 c:\winnt\$NtUninstallKB979683$\spuninst\spuninst.exe
+ 2010-06-12 12:46 . 2010-05-03 14:16 371424 c:\winnt\$NtUninstallKB979559$\spuninst\updspapi.dll
+ 2010-06-12 12:46 . 2010-05-03 14:16 213216 c:\winnt\$NtUninstallKB979559$\spuninst\spuninst.exe
+ 2010-06-12 12:45 . 2010-03-09 14:50 371424 c:\winnt\$NtUninstallKB979482$\spuninst\updspapi.dll
+ 2010-06-12 12:45 . 2010-03-09 14:50 213216 c:\winnt\$NtUninstallKB979482$\spuninst\spuninst.exe
+ 2010-06-12 12:45 . 2003-07-14 12:00 143632 c:\winnt\$NtUninstallKB979482$\asycfilt.dll
+ 2010-05-28 07:21 . 2010-01-13 19:01 371424 c:\winnt\$NtUninstallKB979309$\spuninst\updspapi.dll
+ 2010-05-28 07:21 . 2010-01-13 19:01 213216 c:\winnt\$NtUninstallKB979309$\spuninst\spuninst.exe
+ 2010-05-28 07:28 . 2009-12-28 21:09 371424 c:\winnt\$NtUninstallKB978706$\spuninst\updspapi.dll
+ 2010-05-28 07:28 . 2009-12-28 21:09 213216 c:\winnt\$NtUninstallKB978706$\spuninst\spuninst.exe
+ 2010-05-28 07:28 . 2003-07-14 12:00 319760 c:\winnt\$NtUninstallKB978706$\mspaint.exe
+ 2010-05-28 10:19 . 2005-01-12 11:39 167184 c:\winnt\$NtUninstallKB978601$\wintrust.dll
+ 2010-05-28 10:19 . 2010-02-15 18:06 371424 c:\winnt\$NtUninstallKB978601$\spuninst\updspapi.dll
+ 2010-05-28 10:19 . 2010-02-15 18:06 213216 c:\winnt\$NtUninstallKB978601$\spuninst\spuninst.exe
+ 2010-05-28 07:22 . 2002-08-29 07:06 459776 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\wab32.dll
+ 2010-05-28 07:22 . 2005-06-28 08:23 371424 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\spuninst\updspapi.dll
+ 2010-05-28 07:22 . 2005-06-28 08:23 213216 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\spuninst\spuninst.exe
+ 2010-05-28 07:22 . 2002-08-29 07:06 228864 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\msoeacct.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 593408 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\inetcomm.dll
+ 2010-05-28 07:24 . 2009-03-10 20:07 371424 c:\winnt\$NtUninstallKB978262$\spuninst\updspapi.dll
+ 2010-05-28 07:24 . 2009-03-10 20:06 213216 c:\winnt\$NtUninstallKB978262$\spuninst\spuninst.exe
+ 2010-05-28 10:20 . 2009-12-14 12:27 371424 c:\winnt\$NtUninstallKB978037$\spuninst\updspapi.dll
+ 2010-05-28 10:20 . 2009-12-14 12:27 213216 c:\winnt\$NtUninstallKB978037$\spuninst\spuninst.exe
+ 2010-05-28 07:27 . 2009-11-24 13:30 371424 c:\winnt\$NtUninstallKB977914$\spuninst\updspapi.dll
+ 2010-05-28 07:27 . 2009-11-24 13:30 213216 c:\winnt\$NtUninstallKB977914$\spuninst\spuninst.exe
+ 2010-05-28 10:21 . 2007-07-27 22:11 382840 c:\winnt\$NtUninstallKB977816_WM9$\spuninst\updspapi.dll
+ 2010-05-28 10:21 . 2007-07-27 22:11 231288 c:\winnt\$NtUninstallKB977816_WM9$\spuninst\spuninst.exe
+ 2010-05-28 07:20 . 2009-10-26 12:25 371424 c:\winnt\$NtUninstallKB975713$\spuninst\updspapi.dll
+ 2010-05-28 07:20 . 2009-10-26 12:25 213216 c:\winnt\$NtUninstallKB975713$\spuninst\spuninst.exe
+ 2010-06-12 12:44 . 2007-07-27 22:11 382840 c:\winnt\$NtUninstallKB975562_DX9$\spuninst\updspapi.dll
+ 2010-06-12 12:44 . 2007-07-27 22:11 231288 c:\winnt\$NtUninstallKB975562_DX9$\spuninst\spuninst.exe
+ 2010-05-28 10:30 . 2007-07-27 22:11 382840 c:\winnt\$NtUninstallKB975560_DX9$\spuninst\updspapi.dll
+ 2010-05-28 10:30 . 2007-07-27 22:11 231288 c:\winnt\$NtUninstallKB975560_DX9$\spuninst\spuninst.exe
+ 2010-05-28 07:23 . 2007-07-27 09:41 382840 c:\winnt\$NtUninstallKB975025_WM8$\spuninst\updspapi.dll
+ 2010-05-28 07:23 . 2007-07-27 09:41 231288 c:\winnt\$NtUninstallKB975025_WM8$\spuninst\spuninst.exe
+ 2010-05-28 07:21 . 2009-09-05 12:45 371424 c:\winnt\$NtUninstallKB974571$\spuninst\updspapi.dll
+ 2010-05-28 07:21 . 2009-09-05 12:45 213216 c:\winnt\$NtUninstallKB974571$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2009-10-08 19:21 371424 c:\winnt\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2010-05-28 10:22 . 2009-10-08 19:20 213216 c:\winnt\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2003-07-14 12:00 153360 c:\winnt\$NtUninstallKB974392$\rasmans.dll
+ 2010-05-28 10:22 . 2003-07-14 12:00 146192 c:\winnt\$NtUninstallKB974392$\polstore.dll
+ 2010-05-28 10:22 . 2003-07-14 12:00 111888 c:\winnt\$NtUninstallKB974392$\polagent.dll
+ 2010-05-28 10:22 . 2003-07-14 12:00 446224 c:\winnt\$NtUninstallKB974392$\oakley.dll
+ 2010-05-28 07:22 . 2009-10-09 11:38 371424 c:\winnt\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2010-05-28 07:22 . 2009-10-09 11:38 213216 c:\winnt\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2010-05-28 07:22 . 2003-07-14 12:00 100624 c:\winnt\$NtUninstallKB974318$\rastls.dll
+ 2010-05-28 07:19 . 2003-07-14 12:00 246544 c:\winnt\$NtUninstallKB974112_WM41$\strmdll.dll
+ 2010-05-28 07:19 . 2007-07-27 09:41 382840 c:\winnt\$NtUninstallKB974112_WM41$\spuninst\updspapi.dll
+ 2010-05-28 07:19 . 2007-07-27 09:41 231288 c:\winnt\$NtUninstallKB974112_WM41$\spuninst\spuninst.exe
+ 2010-05-28 07:27 . 2009-11-25 14:36 371424 c:\winnt\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2010-05-28 07:27 . 2009-11-25 14:36 213216 c:\winnt\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2010-05-28 07:27 . 2002-08-29 07:14 148480 c:\winnt\$NtUninstallKB973904$\msconv97.dll
+ 2010-05-28 07:23 . 2009-07-27 16:42 371424 c:\winnt\$NtUninstallKB973869$\spuninst\updspapi.dll
+ 2010-05-28 07:23 . 2009-07-27 16:42 213216 c:\winnt\$NtUninstallKB973869$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2009-08-05 10:12 371424 c:\winnt\$NtUninstallKB973507$\spuninst\updspapi.dll
+ 2010-05-28 10:22 . 2009-08-05 10:12 213216 c:\winnt\$NtUninstallKB973507$\spuninst\spuninst.exe
+ 2010-05-28 07:27 . 2003-07-14 12:00 194320 c:\winnt\$NtUninstallKB972270$\t2embed.dll
+ 2010-05-28 07:27 . 2009-10-15 15:47 371424 c:\winnt\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-05-28 07:27 . 2009-10-15 15:47 213216 c:\winnt\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2010-05-28 10:25 . 2009-06-25 08:32 371424 c:\winnt\$NtUninstallKB971961$\spuninst\updspapi.dll
+ 2010-05-28 10:25 . 2009-06-25 08:32 213216 c:\winnt\$NtUninstallKB971961$\spuninst\spuninst.exe
+ 2010-05-28 10:25 . 2008-01-05 02:05 458752 c:\winnt\$NtUninstallKB971961$\jscript.dll
+ 2010-05-28 07:23 . 2005-04-21 00:03 251760 c:\winnt\$NtUninstallKB971468$\srv.sys
+ 2010-05-28 07:23 . 2009-12-10 22:15 371424 c:\winnt\$NtUninstallKB971468$\spuninst\updspapi.dll
+ 2010-05-28 07:23 . 2009-12-10 22:15 213216 c:\winnt\$NtUninstallKB971468$\spuninst\spuninst.exe
+ 2010-05-28 07:23 . 2009-04-22 19:02 371424 c:\winnt\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2010-05-28 07:23 . 2009-04-22 19:02 213216 c:\winnt\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2010-05-28 07:23 . 2005-04-08 03:54 477968 c:\winnt\$NtUninstallKB970238$\rpcrt4.dll
+ 2010-05-28 10:25 . 2009-08-14 17:13 371424 c:\winnt\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2010-05-28 10:25 . 2009-08-14 17:13 213216 c:\winnt\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2010-05-28 10:23 . 2009-08-11 21:24 371424 c:\winnt\$NtUninstallKB969059$\spuninst\updspapi.dll
+ 2010-05-28 10:23 . 2009-08-11 21:24 213216 c:\winnt\$NtUninstallKB969059$\spuninst\spuninst.exe
+ 2010-05-28 10:26 . 2009-02-10 18:12 371424 c:\winnt\$NtUninstallKB967715$\spuninst\updspapi.dll
+ 2010-05-28 10:26 . 2009-02-10 18:12 213216 c:\winnt\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2010-05-28 10:19 . 2005-09-23 11:03 245008 c:\winnt\$NtUninstallKB961501$\winsrv.dll
+ 2010-05-28 10:19 . 2009-05-07 12:21 371424 c:\winnt\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2010-05-28 10:19 . 2009-05-07 12:21 213216 c:\winnt\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2010-05-28 10:19 . 2005-04-08 03:54 266000 c:\winnt\$NtUninstallKB961501$\localspl.dll
+ 2010-05-28 10:19 . 2005-01-12 11:39 138000 c:\winnt\$NtUninstallKB961501$\faxui.dll
+ 2010-05-28 10:24 . 2009-01-28 20:23 371424 c:\winnt\$NtUninstallKB960859$\spuninst\updspapi.dll
+ 2010-05-28 10:24 . 2009-01-28 20:23 213216 c:\winnt\$NtUninstallKB960859$\spuninst\spuninst.exe
+ 2010-05-28 10:25 . 2004-12-22 06:27 331776 c:\winnt\$NtUninstallKB960803$\winhttp.dll
+ 2010-05-28 10:25 . 2008-12-31 18:37 371424 c:\winnt\$NtUninstallKB960803$\spuninst\updspapi.dll
+ 2010-05-28 10:25 . 2008-12-31 18:37 213216 c:\winnt\$NtUninstallKB960803$\spuninst\spuninst.exe
+ 2010-05-28 10:21 . 2008-12-08 08:34 371424 c:\winnt\$NtUninstallKB960225$\spuninst\updspapi.dll
+ 2010-05-28 10:21 . 2008-12-08 08:34 213216 c:\winnt\$NtUninstallKB960225$\spuninst\spuninst.exe
+ 2010-05-28 10:21 . 2005-04-08 03:51 151312 c:\winnt\$NtUninstallKB960225$\schannel.dll
+ 2010-05-28 10:23 . 2009-04-01 22:13 371424 c:\winnt\$NtUninstallKB959426$\spuninst\updspapi.dll
+ 2010-05-28 10:23 . 2009-04-01 22:13 213216 c:\winnt\$NtUninstallKB959426$\spuninst\spuninst.exe
+ 2010-05-28 10:21 . 2005-06-28 09:23 371424 c:\winnt\$NtUninstallKB958869-IE6SP1-20090818.120000$\spuninst\updspapi.dll
+ 2010-05-28 10:21 . 2005-06-28 09:23 213216 c:\winnt\$NtUninstallKB958869-IE6SP1-20090818.120000$\spuninst\spuninst.exe
+ 2010-05-28 10:19 . 2008-10-18 01:27 371424 c:\winnt\$NtUninstallKB958644$\spuninst\updspapi.dll
+ 2010-05-28 10:19 . 2008-10-18 01:27 213216 c:\winnt\$NtUninstallKB958644$\spuninst\spuninst.exe
+ 2010-05-28 10:19 . 2005-04-21 00:08 326928 c:\winnt\$NtUninstallKB958644$\netapi32.dll
+ 2010-05-28 10:23 . 2009-03-10 15:37 371424 c:\winnt\$NtUninstallKB958470$\spuninst\updspapi.dll
+ 2010-05-28 10:23 . 2009-03-10 15:36 213216 c:\winnt\$NtUninstallKB958470$\spuninst\spuninst.exe
+ 2010-05-28 07:33 . 2002-08-29 07:14 146432 c:\winnt\$NtUninstallKB956844$\triedit.dll
+ 2010-05-28 07:33 . 2009-08-03 17:42 371424 c:\winnt\$NtUninstallKB956844$\spuninst\updspapi.dll
+ 2010-05-28 07:33 . 2009-08-03 17:42 213216 c:\winnt\$NtUninstallKB956844$\spuninst\spuninst.exe
+ 2010-05-28 07:20 . 2008-10-23 11:19 371424 c:\winnt\$NtUninstallKB956802$\spuninst\updspapi.dll
+ 2010-05-28 07:20 . 2008-10-23 11:19 213216 c:\winnt\$NtUninstallKB956802$\spuninst\spuninst.exe
+ 2010-05-28 07:20 . 2005-04-08 03:54 246544 c:\winnt\$NtUninstallKB956802$\gdi32.dll
+ 2010-05-28 10:17 . 2009-11-20 12:20 371424 c:\winnt\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-05-28 10:17 . 2009-11-20 12:20 213216 c:\winnt\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-05-28 10:17 . 2003-07-14 12:00 269584 c:\winnt\$NtUninstallKB955759$\aclayers.dll
+ 2010-05-28 07:29 . 2008-09-10 13:56 371424 c:\winnt\$NtUninstallKB955069$\spuninst\updspapi.dll
+ 2010-05-28 07:29 . 2008-09-10 13:56 213216 c:\winnt\$NtUninstallKB955069$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2007-07-27 08:41 382840 c:\winnt\$NtUninstallKB954600_WM41$\spuninst\updspapi.dll
+ 2010-05-28 10:22 . 2007-07-27 08:41 231288 c:\winnt\$NtUninstallKB954600_WM41$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2008-06-25 21:28 371424 c:\winnt\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2010-05-28 10:22 . 2008-06-25 21:28 213216 c:\winnt\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2010-05-28 07:31 . 2008-06-25 18:49 371424 c:\winnt\$NtUninstallKB952004$\spuninst\updspapi.dll
+ 2010-05-28 07:31 . 2008-06-25 18:49 213216 c:\winnt\$NtUninstallKB952004$\spuninst\spuninst.exe
+ 2010-05-28 07:31 . 2006-04-23 08:01 123152 c:\winnt\$NtUninstallKB952004$\mtxoci.dll
+ 2010-05-28 07:31 . 2006-04-23 08:01 153872 c:\winnt\$NtUninstallKB952004$\msdtcui.dll
+ 2010-05-28 07:31 . 2006-04-23 08:01 726800 c:\winnt\$NtUninstallKB952004$\msdtcprx.dll
+ 2010-05-28 10:24 . 2005-05-12 02:25 320176 c:\winnt\$NtUninstallKB951748-V2$\tcpip.sys
+ 2010-05-28 10:24 . 2009-10-13 18:22 371424 c:\winnt\$NtUninstallKB951748-V2$\spuninst\updspapi.dll
+ 2010-05-28 10:24 . 2009-10-13 18:22 213216 c:\winnt\$NtUninstallKB951748-V2$\spuninst\spuninst.exe
+ 2010-05-28 10:24 . 2003-07-14 12:00 108816 c:\winnt\$NtUninstallKB951748-V2$\msafd.dll
+ 2010-05-28 10:24 . 2006-07-06 11:45 137488 c:\winnt\$NtUninstallKB951748-V2$\dnsapi.dll
+ 2010-05-28 10:24 . 2005-04-21 00:03 127568 c:\winnt\$NtUninstallKB951748-V2$\afd.sys
+ 2010-05-28 10:20 . 2008-07-10 15:33 371424 c:\winnt\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2010-05-28 10:20 . 2008-07-10 15:33 213216 c:\winnt\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2010-05-28 10:20 . 2005-09-05 08:18 242448 c:\winnt\$NtUninstallKB950974$\es.dll
+ 2010-05-28 07:33 . 2005-10-13 10:29 371424 c:\winnt\$NtUninstallKB950760$\spuninst\updspapi.dll
+ 2010-05-28 07:33 . 2005-10-13 10:25 213216 c:\winnt\$NtUninstallKB950760$\spuninst\spuninst.exe
+ 2010-05-28 07:22 . 2008-03-27 19:13 371424 c:\winnt\$NtUninstallKB950749$\spuninst\updspapi.dll
+ 2010-05-28 07:22 . 2008-03-27 19:13 213216 c:\winnt\$NtUninstallKB950749$\spuninst\spuninst.exe
+ 2010-05-28 07:22 . 2004-07-19 18:56 348432 c:\winnt\$NtUninstallKB950749$\msxbde40.dll
+ 2010-05-28 07:22 . 2003-09-26 02:43 614672 c:\winnt\$NtUninstallKB950749$\mswstr10.dll
+ 2010-05-28 07:22 . 2003-09-26 02:43 831760 c:\winnt\$NtUninstallKB950749$\mswdat10.dll
+ 2010-05-28 07:22 . 2004-10-26 06:52 258320 c:\winnt\$NtUninstallKB950749$\mstext40.dll
+ 2010-05-28 07:22 . 2004-07-19 18:56 553232 c:\winnt\$NtUninstallKB950749$\msrepl40.dll
+ 2010-05-28 07:22 . 2003-09-26 02:42 315664 c:\winnt\$NtUninstallKB950749$\msrd3x40.dll
+ 2010-05-28 07:22 . 2003-09-26 02:42 422160 c:\winnt\$NtUninstallKB950749$\msrd2x40.dll
+ 2010-05-28 07:22 . 2004-07-19 18:56 348432 c:\winnt\$NtUninstallKB950749$\mspbde40.dll
+ 2010-05-28 07:22 . 2003-09-26 02:42 213264 c:\winnt\$NtUninstallKB950749$\msltus40.dll
+ 2010-05-28 07:22 . 2004-07-19 18:56 241936 c:\winnt\$NtUninstallKB950749$\msjtes40.dll
+ 2010-05-28 07:22 . 2003-09-26 02:42 151824 c:\winnt\$NtUninstallKB950749$\msjint40.dll
+ 2010-05-28 07:22 . 2004-02-17 01:56 352528 c:\winnt\$NtUninstallKB950749$\msjetoledb40.dll
+ 2010-05-28 07:22 . 2004-02-17 01:56 352528 c:\winnt\$NtUninstallKB950749$\msjetol1.dll
+ 2010-05-28 07:22 . 2004-07-19 18:56 319760 c:\winnt\$NtUninstallKB950749$\msexcl40.dll
+ 2010-05-28 07:22 . 2003-09-26 02:42 512272 c:\winnt\$NtUninstallKB950749$\msexch40.dll
+ 2010-05-28 07:22 . 2004-02-29 21:28 561424 c:\winnt\$NtUninstallKB950749$\dao360.dll
+ 2010-05-28 07:32 . 2005-10-13 10:29 371424 c:\winnt\$NtUninstallKB944338$\spuninst\updspapi.dll
+ 2010-05-28 07:32 . 2005-10-13 10:25 213216 c:\winnt\$NtUninstallKB944338$\spuninst\spuninst.exe
+ 2010-05-28 07:32 . 2005-01-12 11:39 487481 c:\winnt\$NtUninstallKB944338$\jscript.dll
+ 2010-05-28 10:20 . 2007-10-16 20:58 371424 c:\winnt\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2010-05-28 10:20 . 2007-10-16 20:58 213216 c:\winnt\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2010-05-28 10:20 . 2006-08-16 14:28 513808 c:\winnt\$NtUninstallKB943485$\lsasrv.dll
+ 2010-05-28 10:24 . 2007-12-05 18:56 371424 c:\winnt\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2010-05-28 10:24 . 2007-12-05 18:56 213216 c:\winnt\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2010-05-28 10:24 . 2003-07-14 12:00 626960 c:\winnt\$NtUninstallKB943055$\oleaut32.dll
+ 2010-05-28 07:27 . 2007-06-25 11:28 371424 c:\winnt\$NtUninstallKB938827$\spuninst\updspapi.dll
+ 2010-05-28 07:27 . 2007-06-25 11:28 213216 c:\winnt\$NtUninstallKB938827$\spuninst\spuninst.exe
+ 2010-05-28 10:18 . 2007-10-17 13:12 371424 c:\winnt\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2010-05-28 10:18 . 2007-10-17 13:12 213216 c:\winnt\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2010-05-28 10:18 . 2003-07-14 12:00 159504 c:\winnt\$NtUninstallKB937894$\msmqocm.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 110864 c:\winnt\$NtUninstallKB937894$\mqutil.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 400656 c:\winnt\$NtUninstallKB937894$\mqsnap.dll
+ 2010-05-28 10:18 . 2005-04-08 02:34 102672 c:\winnt\$NtUninstallKB937894$\mqrt.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 438544 c:\winnt\$NtUninstallKB937894$\mqqm.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 222480 c:\winnt\$NtUninstallKB937894$\mqoa.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 266512 c:\winnt\$NtUninstallKB937894$\mqmigrat.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 217360 c:\winnt\$NtUninstallKB937894$\mqads.dll
+ 2010-05-28 10:18 . 2005-01-12 11:39 291088 c:\winnt\$NtUninstallKB937894$\mq1repl.dll
+ 2010-05-28 10:18 . 2007-04-16 18:03 371424 c:\winnt\$NtUninstallKB935839$\spuninst\updspapi.dll
+ 2010-05-28 10:18 . 2007-04-16 18:03 213216 c:\winnt\$NtUninstallKB935839$\spuninst\spuninst.exe
+ 2010-05-28 10:18 . 2005-08-16 01:39 712464 c:\winnt\$NtUninstallKB935839$\kernel32.dll
+ 2010-05-31 21:58 . 2007-04-05 14:18 371424 c:\winnt\$NtUninstallKB927891$\spuninst\updspapi.dll
+ 2010-05-31 21:58 . 2007-04-05 14:18 213216 c:\winnt\$NtUninstallKB927891$\spuninst\spuninst.exe
+ 2010-05-28 07:33 . 2007-04-23 12:28 371424 c:\winnt\$NtUninstallKB926122$\spuninst\updspapi.dll
+ 2010-05-28 07:33 . 2007-04-23 12:28 213216 c:\winnt\$NtUninstallKB926122$\spuninst\spuninst.exe
+ 2010-05-28 07:33 . 2005-06-02 20:58 938768 c:\winnt\$NtUninstallKB926122$\ntdsa.dll
+ 2010-05-28 07:32 . 2007-08-17 14:43 371424 c:\winnt\$NtUninstallKB923810$\spuninst\updspapi.dll
+ 2010-05-28 07:32 . 2007-08-17 14:43 213216 c:\winnt\$NtUninstallKB923810$\spuninst\spuninst.exe
+ 2010-05-28 07:32 . 2003-07-14 12:00 444176 c:\winnt\$NtUninstallKB923810$\oieng400.dll
+ 2010-05-28 07:32 . 2003-07-14 12:00 522512 c:\winnt\$NtUninstallKB923810$\kodakimg.exe
+ 2010-05-28 10:23 . 2004-10-20 01:54 185616 c:\winnt\$NtUninstallKB923561$\wordpad.exe
+ 2010-05-28 10:23 . 2009-03-30 17:06 371424 c:\winnt\$NtUninstallKB923561$\spuninst\updspapi.dll
+ 2010-05-28 10:23 . 2009-03-30 17:06 213216 c:\winnt\$NtUninstallKB923561$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2005-10-13 10:29 371424 c:\winnt\$NtUninstallKB922582$\spuninst\updspapi.dll
+ 2010-05-28 10:22 . 2005-10-13 10:25 213216 c:\winnt\$NtUninstallKB922582$\spuninst\spuninst.exe
+ 2010-05-28 10:22 . 2005-04-14 06:59 136880 c:\winnt\$NtUninstallKB922582$\fltmgr.sys
+ 2010-05-28 07:21 . 2004-10-14 20:38 169984 c:\winnt\$NtUninstallKB842773$\spuninst\spuninst.exe
+ 2010-05-28 07:26 . 2003-10-08 18:19 140800 c:\winnt\$NtUninstallKB329115$\spuninst\spuninst.exe
+ 2006-02-17 19:01 . 2009-08-06 18:23 1929952 c:\winnt\system32\wuaueng.dll
+ 2003-07-14 12:00 . 2010-05-03 08:17 1650448 c:\winnt\system32\WIN32K.SYS
+ 2003-07-14 12:00 . 2005-09-23 11:03 1120016 c:\winnt\system32\webvw.dll
+ 2009-05-13 05:46 . 2009-05-13 05:46 6350848 c:\winnt\system32\sp3res.dll
+ 2008-04-15 23:13 . 2008-04-15 23:13 2362640 c:\winnt\system32\SHELL32.DLL
+ 2010-04-14 14:48 . 2010-04-14 14:48 1352192 c:\winnt\system32\SHDOCVW.DLL
+ 2003-07-14 12:00 . 2009-08-11 16:02 1428240 c:\winnt\system32\query.dll
+ 2009-03-28 06:06 . 2010-02-09 00:12 1227776 c:\winnt\system32\quartz.dll
+ 2003-07-14 12:00 . 2010-02-16 04:15 1691648 c:\winnt\system32\NTOSKRNL.EXE
+ 2003-06-19 12:05 . 2010-02-16 04:16 1714368 c:\winnt\system32\NTKRNLPA.EXE
+ 2008-09-08 08:14 . 2008-09-08 08:14 1121280 c:\winnt\system32\msxml3.dll
+ 2000-04-26 13:34 . 2000-04-26 13:34 1238288 c:\winnt\system32\msjt4jlt.dll
+ 2003-07-14 12:00 . 2008-03-27 07:01 1516568 c:\winnt\system32\msjet40.dll
+ 2000-04-26 13:34 . 1998-04-24 00:00 1045776 c:\winnt\system32\MSJET35.DLL
+ 2007-04-05 07:17 . 2007-04-05 07:17 2854400 c:\winnt\system32\msi.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 2710528 c:\winnt\system32\MSHTML.DLL
+ 2010-05-25 11:44 . 2008-06-25 12:33 1202960 c:\winnt\system32\msdtctm.dll
+ 2006-11-02 17:31 . 2006-11-02 17:31 1011774 c:\winnt\system32\mfc42u.dll
+ 2010-10-04 12:38 . 2011-03-02 23:01 6053536 c:\winnt\system32\Macromed\Flash\NPSWF32.dll
+ 2006-02-17 19:01 . 2008-06-16 06:36 1843464 c:\winnt\system32\dtcsetup.exe
+ 2006-02-17 19:01 . 2009-08-06 18:23 1929952 c:\winnt\system32\dllcache\wuaueng.dll
+ 2005-02-18 16:28 . 2010-05-03 08:17 1650448 c:\winnt\system32\dllcache\win32k.sys
+ 2003-07-14 12:00 . 2005-09-23 11:03 1120016 c:\winnt\system32\dllcache\webvw.dll
+ 2004-03-10 18:09 . 2009-08-18 12:08 2360832 c:\winnt\system32\dllcache\VGX.DLL
+ 2009-05-13 05:46 . 2009-05-13 05:46 6350848 c:\winnt\system32\dllcache\sp3res.dll
+ 2003-07-14 12:00 . 2008-04-15 23:13 2362640 c:\winnt\system32\dllcache\SHELL32.DLL
+ 2002-08-29 06:14 . 2010-04-14 14:48 1352192 c:\winnt\system32\dllcache\SHDOCVW.DLL
+ 2003-07-14 12:00 . 2009-08-11 16:02 1428240 c:\winnt\system32\dllcache\query.dll
+ 2009-03-28 06:06 . 2010-02-09 00:12 1227776 c:\winnt\system32\dllcache\quartz.dll
+ 2005-05-06 03:45 . 2010-02-16 04:15 1691648 c:\winnt\system32\dllcache\ntoskrnl.exe
+ 2010-05-28 09:35 . 2010-02-16 04:16 1736576 c:\winnt\system32\dllcache\NTKRPAMP.EXE
+ 2005-05-06 03:45 . 2010-02-16 04:16 1714368 c:\winnt\system32\dllcache\ntkrnlpa.exe
+ 2010-05-28 09:35 . 2010-02-16 04:15 1715264 c:\winnt\system32\dllcache\NTKRNLMP.EXE
+ 2004-07-15 20:37 . 2008-09-08 08:14 1121280 c:\winnt\system32\dllcache\msxml3.dll
+ 2002-08-29 06:06 . 2009-12-17 09:59 2479616 c:\winnt\system32\dllcache\MSOERES.DLL
+ 2002-08-29 06:06 . 2010-02-02 10:44 1177088 c:\winnt\system32\dllcache\MSOE.DLL
+ 2003-07-14 12:00 . 2008-03-27 07:01 1516568 c:\winnt\system32\dllcache\msjet40.dll
+ 2003-07-14 12:00 . 2007-04-05 07:17 2854400 c:\winnt\system32\dllcache\msi.dll
+ 2002-08-29 06:14 . 2010-04-14 15:15 2710528 c:\winnt\system32\dllcache\MSHTML.DLL
+ 2010-05-25 11:44 . 2008-06-25 12:33 1202960 c:\winnt\system32\dllcache\msdtctm.dll
+ 2003-07-14 12:00 . 2006-11-02 17:31 1011774 c:\winnt\system32\dllcache\mfc42u.dll
+ 2006-02-17 19:01 . 2008-06-16 06:36 1843464 c:\winnt\system32\dllcache\dtcsetup.exe
+ 2003-07-14 12:00 . 2009-09-24 20:56 1054208 c:\winnt\system32\dllcache\DANIM.DLL
+ 2003-07-14 12:00 . 2005-08-30 09:29 2532112 c:\winnt\system32\dllcache\cdosys.dll
+ 2002-08-29 06:14 . 2010-04-14 14:49 1018368 c:\winnt\system32\dllcache\BROWSEUI.DLL
+ 2003-07-14 12:00 . 2009-09-24 20:56 1054208 c:\winnt\system32\DANIM.DLL
+ 2010-05-20 20:12 . 2010-05-20 20:12 4587577 c:\winnt\system32\crpe32.dll
+ 2003-07-14 12:00 . 2005-08-30 09:29 2532112 c:\winnt\system32\cdosys.dll
+ 2010-04-14 14:49 . 2010-04-14 14:49 1018368 c:\winnt\system32\BROWSEUI.DLL
+ 2010-05-20 20:11 . 2010-05-20 20:11 1454080 c:\winnt\system\SmWizard.exe
+ 2010-10-13 23:17 . 2010-10-13 23:17 1867264 c:\winnt\Installer\3afc45.msi
+ 2005-02-19 00:28 . 2010-05-03 08:17 1650448 c:\winnt\Driver Cache\i386\win32k.sys
+ 2010-05-28 09:35 . 2010-02-16 04:15 1691648 c:\winnt\Driver Cache\i386\ntoskrnl.exe
+ 2010-05-28 09:35 . 2010-02-16 04:16 1736576 c:\winnt\Driver Cache\i386\ntkrpamp.exe
+ 2010-05-28 09:35 . 2010-02-16 04:16 1714368 c:\winnt\Driver Cache\i386\ntkrnlpa.exe
+ 2010-05-28 09:35 . 2010-02-16 04:15 1715264 c:\winnt\Driver Cache\i386\ntkrnlmp.exe
+ 2007-01-10 10:09 . 2007-01-10 10:09 2290688 c:\winnt\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\SQLSTPCustomDLL.dll
+ 2010-06-12 12:58 . 2010-03-05 08:49 1352192 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\shdocvw.dll
+ 2010-06-12 12:58 . 2010-02-25 09:31 2710528 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\mshtml.dll
+ 2010-06-12 12:58 . 2010-03-05 08:49 1018368 c:\winnt\$NtUninstallKB982381-IE6SP1-20100414.120000$\browseui.dll
+ 2010-05-28 07:20 . 2005-02-06 20:35 6301696 c:\winnt\$NtUninstallKB980232$\sp3res.dll
+ 2010-05-28 07:19 . 2005-04-08 03:54 1100048 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\shdocvw.dll
+ 2010-05-28 07:19 . 2005-04-08 03:54 2295568 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\mshtml.dll
+ 2010-05-28 07:19 . 2003-07-14 12:00 1133840 c:\winnt\$NtUninstallKB980182-IE6SP1-20100305.120000$\danim.dll
+ 2010-05-28 10:21 . 2005-05-06 03:45 1690432 c:\winnt\$NtUninstallKB979683$\ntoskrnl.exe
+ 2010-05-28 10:21 . 2006-09-12 11:48 1735808 c:\winnt\$NtUninstallKB979683$\ntkrpamp.exe
+ 2010-05-28 10:21 . 2005-05-06 03:45 1713280 c:\winnt\$NtUninstallKB979683$\ntkrnlpa.exe
+ 2010-05-28 10:21 . 2006-09-12 11:48 1714432 c:\winnt\$NtUninstallKB979683$\ntkrnlmp.exe
+ 2010-06-12 12:46 . 2009-08-14 07:04 1649904 c:\winnt\$NtUninstallKB979559$\win32k.sys
+ 2010-05-28 07:22 . 2002-08-29 07:06 2479104 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\msoeres.dll
+ 2010-05-28 07:22 . 2002-08-29 07:06 1174016 c:\winnt\$NtUninstallKB978542-OE6SP1-20100202.120000$\msoe.dll
+ 2010-06-12 12:44 . 2009-11-03 03:48 1227776 c:\winnt\$NtUninstallKB975562_DX9$\quartz.dll
+ 2010-05-28 10:30 . 2003-05-30 09:00 1136640 c:\winnt\$NtUninstallKB975560_DX9$\quartz.dll
+ 2010-05-28 10:25 . 2005-02-18 16:28 1634128 c:\winnt\$NtUninstallKB969947$\win32k.sys
+ 2010-05-28 10:23 . 2005-01-12 11:39 1427728 c:\winnt\$NtUninstallKB969059$\query.dll
+ 2010-05-28 10:26 . 2006-07-13 07:09 2362640 c:\winnt\$NtUninstallKB967715$\shell32.dll
+ 2010-05-28 10:21 . 2002-08-29 04:29 2352128 c:\winnt\$NtUninstallKB958869-IE6SP1-20090818.120000$\vgx.dll
+ 2010-05-28 07:29 . 2006-09-06 04:58 1110528 c:\winnt\$NtUninstallKB955069$\msxml3.dll
+ 2010-05-28 07:31 . 2006-04-23 08:01 1202448 c:\winnt\$NtUninstallKB952004$\msdtctm.dll
+ 2010-05-28 07:31 . 2006-03-06 05:07 1842672 c:\winnt\$NtUninstallKB952004$\dtcsetup.exe
+ 2010-05-28 07:22 . 2004-07-19 18:56 1507600 c:\winnt\$NtUninstallKB950749$\msjet40.dll
+ 2010-05-31 21:58 . 2005-05-04 13:45 2890240 c:\winnt\$NtUninstallKB927891$\msi.dll
+ 2007-04-06 21:28 . 2010-05-28 19:37 32472008 c:\winnt\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-14 20752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-07-14 186640]
.
c:\documents and settings\Default User.WINNT\Start Menu\Programs\Startup\
Camio Viewer.lnk.disabled [2008-11-3 724]
.
c:\documents and settings\nobody\Start Menu\Programs\Startup\
Camio Viewer.lnk.disabled [2006-5-7 714]
.
c:\documents and settings\Jeff Haley\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-7-27 41042]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 389120]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"btbb_wcm_McciTrayApp"=c:\program files\btbb_wcm\McciTrayApp.exe
.
R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [14/10/2010 12:20 AM 64288]
R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\winnt\system32\drivers\ausbmon.sys [21/07/2010 6:20 PM 19744]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\winnt\system32\drivers\libusb0.sys [31/03/2010 3:43 PM 28160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 1:15 PM 1357464]
S2 VPCAppSv;Virtual PC Application Services;c:\winnt\system32\drivers\vpcappsv.sys [30/09/2001 5:51 PM 9216]
S3 lsermous;Logitech Serial Mouse Driver;c:\winnt\system32\drivers\lsermous.sys [17/02/2006 7:52 PM 55120]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [06/11/2007 9:22 PM 34064]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [14/07/2003 1:00 PM 24784]
S3 S3Inc;S3Inc;c:\winnt\system32\drivers\s3mini.sys [31/12/2006 9:30 AM 177344]
S3 SiS630;SiS630;c:\winnt\system32\drivers\sis630p.sys [16/03/2007 1:01 AM 161747]
S3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [14/02/2006 5:18 PM 32768]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [10/04/2009 7:21 PM 9038]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b38ccd6&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q=
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
Notify-avgrsstarter - avgrsstx.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-27 02:08
Windows 5.0.2195 Service Pack 4 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{68BF5EB3-9CF1-C96B-F406-167ECB09CABF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(212)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2011-03-27 02:14:28
ComboFix-quarantined-files.txt 2011-03-27 01:14
ComboFix2.txt 2010-05-23 02:10
ComboFix3.txt 2010-05-21 03:32
ComboFix4.txt 2010-05-21 00:14
ComboFix5.txt 2011-03-27 00:49
.
Pre-Run: 88,175,931,392 bytes free
Post-Run: 88,250,261,504 bytes free
.
- - End Of File - - 3F252BA886A4957528FE19FC7280C93C

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 27 March 2011 - 07:59 AM

Hello, sortmymotor.


Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\winnt\system32\d3d9.dll
C:\winnt\system32\internat.exe


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 2

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    comres.*
    d3d9.*
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task



Step 3
Please post C:\qoobox\combofix5.txt in your reply. It looks like CF ran twice.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 27 March 2011 - 08:32 AM

c:\winnt\system32\d3d9.dll

Nothing found by any of the scanners

C:\winnt\system32\internat.exe

Nothing found by all but one of the scanners
emsisoft "no result available"

SystemLook would not run and displayed the following message
The procedure entry point IsWow64Process could not be located in the dynamic link library KERNEL32.dll

Below is the Combofix log. Under Other Deletions it has remove some files that are needed.

ComboFix 10-05-19.02 - Jeff Haley 20/05/2010 12:26:38.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.382.202 [GMT 1:00]
Running from: c:\documents and settings\Jeff Haley\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeff Haley\Desktop\EnigmaAccess.exe
c:\documents and settings\Jeff Haley\Desktop\idafree49.exe
c:\documents and settings\Jeff Haley\Desktop\nvu-1.0-win32-installer-full.exe
c:\documents and settings\Jeff Haley\Desktop\OnyxSetupV2.0.15.0.exe
c:\documents and settings\Jeff Haley\Desktop\Ren ID33.exe
c:\documents and settings\Jeff Haley\Recent\MRADIO.EXE.pif
c:\documents and settings\Jeff Haley\Recent\WinZip running DOS program.pif
c:\program files\Apache Group\Apache2\bin\Apache.exe
c:\program files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
c:\program files\Common Files\Microsoft Shared\MSInfo\MSIOFF9.OCX
c:\program files\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE
c:\program files\Common Files\Microsoft Shared\MSInfo\OFFPRVPS.DLL
c:\program files\INSTALL.LOG
c:\program files\LibUSB-Win32\unins000.exe
c:\program files\Mozilla Firefox\freebl3.dll
c:\program files\Mozilla Firefox\nssdbm3.dll
c:\program files\Mozilla Firefox\Plugins\NPZoneSB.dll
c:\program files\Mozilla Firefox\softokn3.dll
c:\winnt\Crystal
c:\winnt\Crystal\U2DDISK.dll
c:\winnt\Crystal\U2DMAPI.dll
c:\winnt\Crystal\u2dnotes.dll
c:\winnt\Crystal\u2dpost.dll
c:\winnt\Crystal\u2dvim.dll
c:\winnt\Crystal\U2FCR.dll
c:\winnt\Crystal\U2FDIF.dll
c:\winnt\Crystal\U2FHTML.dll
c:\winnt\Crystal\U2FSEPV.dll
c:\winnt\Crystal\U2FTEXT.dll
c:\winnt\Crystal\U2FWKS.dll
c:\winnt\Crystal\U2FWORDW.dll
c:\winnt\Crystal\U2FXLS.dll
c:\winnt\INRES.DLL
c:\winnt\IsUninst.exe
c:\winnt\iun507.exe
c:\winnt\MIDIDEF.EXE
c:\winnt\msagent\agtctl15.tlb
c:\winnt\P17DEF.EXE
c:\winnt\php_mysql.dll
c:\winnt\Speech\vcauto.tlb
c:\winnt\Speech\vtxtauto.tlb
c:\winnt\System\cmicnfg.cpl
c:\winnt\System\cmids3d.dll
c:\winnt\System\SmWizard.exe
c:\winnt\system32\A3d.dll
c:\winnt\system32\Ac3audio.ax
c:\winnt\system32\ac3filter.cpl
c:\winnt\system32\activeds.tlb
c:\winnt\system32\ATL70.DLL
c:\winnt\system32\Audio3D.dll
c:\winnt\system32\bdeadmin.cpl
c:\winnt\system32\CEUTIL.DLL
c:\winnt\system32\CFX32.OCX
c:\winnt\system32\cmirmdrv.exe
c:\winnt\system32\cmuda.dll
c:\winnt\system32\COMMTB32.DLL
c:\winnt\system32\crpe32.dll
c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe
c:\winnt\unins000.exe
c:\winnt\uninst.exe
c:\winnt\Web\default.htt
c:\winnt\winhelp.ini

c:\winnt\system32\comres.dll . . . is infected!!

Infected copy of c:\winnt\system32\qmgr.dll was found and disinfected
Restored copy from - c:\winnt\system32\BITS\qmgr.dll

c:\winnt\system32\comres.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ENGINE
-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-20 to 2010-05-20 )))))))))))))))))))))))))))))))
.

2016-04-12 06:11 . 2003-03-24 15:52 94208 -c--a-w- c:\winnt\system32\dllcache\fpencode.dll
2010-05-19 12:44 . 2010-05-19 12:44 -------- d-----w- C:\MAAutos
2010-05-19 08:34 . 2010-05-19 11:42 -------- d-----w- C:\HoylesGarage
2010-05-19 08:11 . 2010-05-19 11:37 -------- d-----w- C:\decoder
2010-05-18 03:58 . 2010-05-18 03:58 -------- d-----w- C:\fport
2010-05-11 09:27 . 2010-05-11 09:28 -------- d-----w- C:\Process Explorer
2010-04-26 16:45 . 2010-04-26 16:45 447 ----a-w- c:\temp\RADIONAMES.zip
2010-04-25 11:18 . 2010-04-25 11:27 -------- d-----w- C:\BDM
2010-04-22 14:48 . 2010-04-22 14:48 28574815 ----a-w- C:\A400RadioSetup.zip
2010-04-21 12:17 . 2010-04-21 12:17 242696 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\avg9\update\backup\avgtdix.sys
2010-04-21 12:15 . 2010-04-21 12:15 1689952 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\avg9\update\backup\avgupd.dll
2010-04-20 17:35 . 2010-04-25 17:20 -------- d-----w- C:\FreescaleBDM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-15 04:38 . 2006-12-31 07:32 3 ----a-w- c:\winnt\system32\BSETUP.TMP
2010-05-20 11:45 . 2008-03-24 23:32 48863249 ----a-w- c:\winnt\Internet Logs\tvDebug.zip
2010-05-20 11:41 . 2010-03-31 14:43 -------- d-----w- c:\program files\LibUSB-Win32
2010-05-20 10:13 . 2010-02-12 15:54 0 ----a-w- c:\documents and settings\Jeff Haley\Local Settings\Application Data\prvlcl.dat
2010-05-20 07:42 . 2008-12-08 08:17 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-05 21:01 . 2010-03-22 15:32 25645347 ----a-w- C:\A400DOSSetup.zip
2010-04-21 12:17 . 2009-12-28 15:21 242896 ----a-w- c:\winnt\system32\drivers\avgtdix.sys
2010-04-16 11:35 . 2009-04-19 18:43 1 ----a-w- c:\documents and settings\Jeff Haley\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-09 16:06 . 2010-04-09 16:06 683879 ----a-w- C:\A400ECUSetup.zip
2010-04-06 19:57 . 2009-02-20 17:14 -------- d-----w- c:\documents and settings\Jeff Haley\Application Data\TeamViewer
2010-03-31 15:13 . 2010-03-31 14:22 -------- d-----w- c:\program files\UrJTAG
2010-03-24 18:29 . 2009-12-28 15:20 -------- d---a-w- c:\documents and settings\All Users.WINNT\Application Data\avg9
2010-03-23 12:16 . 2010-03-23 12:16 -------- d-----w- c:\program files\WinPcap
2010-03-19 17:18 . 2010-03-19 17:21 2317824 ----a-w- c:\winnt\Internet Logs\xDB18.tmp
2010-03-17 14:13 . 2010-03-17 14:13 12464 ----a-w- c:\winnt\system32\avgrsstx.dll
2010-03-17 14:13 . 2008-03-25 07:21 29512 ----a-w- c:\winnt\system32\drivers\avgmfx86.sys
2010-03-17 14:10 . 2008-07-23 22:32 216200 ----a-w- c:\winnt\system32\drivers\avgldx86.sys
2008-07-13 16:48 . 2006-02-18 01:29 21952 ---h--w- c:\program files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-07-14 111376]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-14 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-07-14 186640]

c:\documents and settings\Default User.WINNT\Start Menu\Programs\Startup\
Camio Viewer.lnk.disabled [2008-11-3 724]

c:\documents and settings\Jeff Haley\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-7-27 41042]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 14:13 12464 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"btbb_wcm_McciTrayApp"=c:\program files\btbb_wcm\McciTrayApp.exe

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [13/12/2009 12:30 AM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [23/07/2008 11:32 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [28/12/2009 4:21 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/03/2010 3:13 PM 308064]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\winnt\system32\drivers\libusb0.sys [31/03/2010 3:43 PM 28160]
S2 VPCAppSv;Virtual PC Application Services;c:\winnt\system32\drivers\vpcappsv.sys [30/09/2001 5:51 PM 9216]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [02/12/2009 2:19 PM 1181328]
S3 lsermous;Logitech Serial Mouse Driver;c:\winnt\system32\drivers\lsermous.sys [17/02/2006 7:52 PM 55120]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [06/11/2007 9:22 PM 34064]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [14/07/2003 1:00 PM 24784]
S3 S3Inc;S3Inc;c:\winnt\system32\drivers\s3mini.sys [31/12/2006 9:30 AM 177344]
S3 SiS630;SiS630;c:\winnt\system32\drivers\sis630p.sys [16/03/2007 1:01 AM 161747]
S3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [14/02/2006 5:18 PM 32768]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [10/04/2009 7:21 PM 9038]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\winnt\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-05-20 c:\winnt\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-05-20 c:\winnt\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-05-20 c:\winnt\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]

2010-05-20 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 17:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-HPDJ Taskbar Utility - c:\winnt\system32\spool\drivers\w32x86\3\hpztsb03.exe
AddRemove-C-Media Audio Driver - c:\winnt\system32\cmirmdrv.exe
AddRemove-LibUSB-Win32_is1 - c:\program files\LibUSB-Win32\unins000.exe
AddRemove-SiS7018 - c:\progra~1\SiS7018\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7018
AddRemove-Spybot - Search & Destroy_is1 - c:\winnt\unins000.exe
AddRemove-VAG_Pin_Calculator_1.0 - c:\winnt\iun507.exe
AddRemove-Windows CE Services - c:\winnt\ISUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 12:46
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{684EB4FD-48E3-561C-A54A-7FE158CA112E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abblnmlfeioddpndjbfhkcbaaikcpiimim"=hex:61,61,00,00
"maijinhkohfgppbfldcofhcgco"=hex:61,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(212)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1412)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\winnt\system32\locator.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2010-05-20 12:53:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-20 11:53

Pre-Run: 94,967,361,536 bytes free
Post-Run: 95,105,896,448 bytes free

- - End Of File - - BB43C7699772C91DEF50ECB5343DC6AE

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 27 March 2011 - 03:57 PM

Hello, sortmymotor.

That may be an issue then as this run of Combofix was May 20th last year. What files in particular are you concerned about? They've been quarantined for the last 10 months or so.


In regards to the SystemLook, which version did you try running? It sounds like you downloaded the 64-bit one. Try downloading it from the link below (Download mirror #1) and running the System Look script above.

Download Mirror #1





Step 1



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
C:\Documents and Settings\All Users.WINNT\Application Data\giajzima.dav
DDS::
uInternet Settings,ProxyOverride = 127.0.0.1;<local>
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 27 March 2011 - 06:22 PM

Before I continue and just to let you know systemlook downloaded from your latest link still gives the same error.

#11 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 March 2011 - 12:03 PM

ComboFix log

ComboFix 11-03-27.02 - Jeff Haley 28/03/2011 17:37:31.7.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.382.121 [GMT 1:00]
Running from: c:\documents and settings\Jeff Haley\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\Jeff Haley\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\All Users.WINNT\Application Data\giajzima.dav"
.
/wow section - STAGE 10
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 )))))))))))))))))))))))))))))))
.
.
2016-04-12 06:11 . 2003-03-24 15:52 94208 -c--a-w- c:\winnt\system32\dllcache\fpencode.dll
2016-04-12 06:11 . 2003-03-24 15:52 94208 ----a-w- c:\program files\Common Files\Microsoft Shared\web server extensions\40\bin\fpencode.dll
2016-04-12 05:43 . 2003-07-14 12:00 1167584 ----a-r- c:\winnt\SET56.tmp
2016-04-12 05:43 . 2003-07-14 12:00 13785 ----a-r- c:\winnt\SET2E.tmp
2016-04-12 04:28 . 2003-07-14 12:00 1167584 ----a-r- c:\winnt\SET55.tmp
2016-04-12 04:28 . 2003-07-14 12:00 13785 ----a-r- c:\winnt\SET2D.tmp
2011-03-27 07:12 . 2011-03-27 07:12 -------- d-----w- c:\program files\Common Files\Java
2011-03-24 20:27 . 2011-03-24 20:28 -------- d-----w- C:\JouleLicencesAlex
2011-03-17 17:05 . 2011-03-17 17:06 -------- d-----w- C:\INDEXNUM
2011-03-15 12:29 . 2011-03-15 12:29 -------- d--h--w- c:\documents and settings\All Users.WINNT\Application Data\Common Files
2011-03-07 09:21 . 2011-03-07 09:22 -------- d-----w- C:\indexnumlatest
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-15 04:38 . 2006-12-31 07:32 3 ----a-w- c:\winnt\system32\BSETUP.TMP
2011-03-28 12:04 . 2011-03-28 12:04 23228916 ----a-w- C:\A400DOSSetup0185.zip
2011-03-28 10:07 . 2011-03-25 11:50 1174146 ----a-w- C:\A400RadioSetup.zip
2011-03-23 16:59 . 2010-11-11 18:45 1174534 ----a-w- C:\A400RadioSetupNorthWestParts.zip
2011-03-22 23:06 . 2011-03-22 23:06 1173852 ----a-w- C:\A400RadioSetupERS0389.zip
2011-03-10 21:46 . 2011-03-10 21:45 1173285 ----a-w- C:\A400RadioSetupMobileAudio0380.zip
2011-03-08 09:18 . 2011-03-08 09:18 186030 ----a-w- C:\Gammav.zip
2011-03-04 02:24 . 2010-04-09 16:06 713086 ----a-w- C:\A400ECUSetup.zip
2011-02-18 06:53 . 2011-02-18 06:53 24324137 ----a-w- C:\A400DOSSetupJRDecodes0119.zip
2011-02-16 20:32 . 2011-02-16 20:32 24324125 ----a-w- C:\A400DOSSetupKeynet0818.zip
2011-02-16 20:25 . 2011-02-16 20:25 1171827 ----a-w- C:\A400RadioSetupKeynet0818.zip
2011-02-11 18:17 . 2011-02-03 02:39 1171968 ----a-w- C:\A400RadioSetup0002.zip
2011-02-08 09:14 . 2010-07-06 20:00 113365574 ----a-w- C:\A400RadioHelpSetup.zip
2011-02-03 02:38 . 2011-02-03 02:38 24324158 ----a-w- C:\A400DOSSetup0002.zip
2011-02-02 20:40 . 2010-05-26 14:55 472808 ----a-w- c:\winnt\system32\deployJava1.dll
2011-02-02 18:19 . 2010-05-26 14:55 73728 ----a-w- c:\winnt\system32\javacpl.cpl
2011-01-14 10:51 . 2011-01-14 10:51 1170316 ----a-w- C:\A400RadioSetup0409.zip
2011-01-13 16:07 . 2011-01-12 19:55 814211 ----a-w- C:\400RadioCommunicar.zip
2011-01-12 19:48 . 2010-07-12 09:08 25645320 ----a-w- C:\A400DOSSetup0409.zip
2011-01-07 11:02 . 2010-07-28 09:05 24326097 ----a-w- C:\A400DOSSetup0121.zip
2011-01-04 12:03 . 2011-01-04 12:03 24324105 ----a-w- C:\A400DOSSetupVector0298.zip
2011-01-03 18:58 . 2011-01-03 18:58 102400 ----a-w- c:\winnt\RegBootClean.exe
.
.
------- Sigcheck -------
.
.
[-] 2004-07-09 04:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
c:\winnt\System32\comres.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot_2011-03-27_01.08.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-27 07:01 . 2011-03-27 07:01 16384 c:\winnt\system32\Perflib_Perfdata_484.dat
+ 2011-03-27 07:01 . 2011-02-02 20:40 157472 c:\winnt\system32\javaws.exe
+ 2011-03-27 07:01 . 2011-02-02 20:40 145184 c:\winnt\system32\javaw.exe
- 2010-11-12 09:30 . 2010-09-15 04:50 145184 c:\winnt\system32\javaw.exe
+ 2011-03-27 07:01 . 2011-02-02 20:40 145184 c:\winnt\system32\java.exe
- 2010-11-12 09:30 . 2010-09-15 04:50 145184 c:\winnt\system32\java.exe
+ 2011-03-27 07:12 . 2011-03-27 07:12 180224 c:\winnt\Installer\173ec13.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 919016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2003-07-14 20752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-07-14 186640]
.
c:\documents and settings\Default User.WINNT\Start Menu\Programs\Startup\
Camio Viewer.lnk.disabled [2008-11-3 724]
.
c:\documents and settings\nobody\Start Menu\Programs\Startup\
Camio Viewer.lnk.disabled [2006-5-7 714]
.
c:\documents and settings\Jeff Haley\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Monitor Apache Servers.lnk - c:\program files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-7-27 41042]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-18 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
avgrsstx.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"btbb_wcm_McciTrayApp"=c:\program files\btbb_wcm\McciTrayApp.exe
.
R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [14/10/2010 12:20 AM 64288]
R3 ausbmon;Advanced USB Port Monitor Filter Driver;c:\winnt\system32\drivers\ausbmon.sys [21/07/2010 6:20 PM 19744]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\winnt\system32\drivers\libusb0.sys [31/03/2010 3:43 PM 28160]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 1:15 PM 1357464]
S2 VPCAppSv;Virtual PC Application Services;c:\winnt\system32\drivers\vpcappsv.sys [30/09/2001 5:51 PM 9216]
S3 lsermous;Logitech Serial Mouse Driver;c:\winnt\system32\drivers\lsermous.sys [17/02/2006 7:52 PM 55120]
S3 NPF;NetGroup Packet Filter Driver;c:\winnt\system32\drivers\npf.sys [06/11/2007 9:22 PM 34064]
S3 openhci;Microsoft USB Open Host Controller Driver;c:\winnt\system32\drivers\openhci.sys [14/07/2003 1:00 PM 24784]
S3 S3Inc;S3Inc;c:\winnt\system32\drivers\s3mini.sys [31/12/2006 9:30 AM 177344]
S3 SiS630;SiS630;c:\winnt\system32\drivers\sis630p.sys [16/03/2007 1:01 AM 161747]
S3 SISNIC2K;SiS PCI Fast Ethernet Adapter Driver for NDIS5;c:\winnt\system32\drivers\sisnic2k.sys [14/02/2006 5:18 PM 32768]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [10/04/2009 7:21 PM 9038]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-27 c:\winnt\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 23:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagead/preview/en/preview.html
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b38ccd6&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q=
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-28 17:52
Windows 5.0.2195 Service Pack 4 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{68BF5EB3-9CF1-C96B-F406-167ECB09CABF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(212)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
- - - - - - - > 'explorer.exe'(1288)
c:\winnt\system32\SHDOCVW.DLL
.
Completion time: 2011-03-28 17:58:49
ComboFix-quarantined-files.txt 2011-03-28 16:58
ComboFix2.txt 2011-03-28 00:25
ComboFix3.txt 2011-03-27 01:14
ComboFix4.txt 2010-05-23 02:10
ComboFix5.txt 2011-03-28 16:33
.
Pre-Run: 88,132,677,632 bytes free
Post-Run: 88,113,082,368 bytes free
.
- - End Of File - - 4AFE9A5392BE16D19C6BDDD1F484D536

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 28 March 2011 - 05:31 PM

Hello, sortmymotor.

OK, Systemlook likely isn't compatible with Windows 2000. You'll have to bear with me, I only have limited experience working on Windows 2000 so some of our tools may not be compatible. That being said, that's a likely false positive anyway.



Step 1

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :OTL
    IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;<local>
    O16 - DPF: {32564D57-0000-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv8ax.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Filter\Class Install Handler - No CLSID value found
    O18 - Protocol\Filter\deflate - No CLSID value found
    O18 - Protocol\Filter\gzip - No CLSID value found
    O18 - Protocol\Filter\lzdhtml - No CLSID value found
    O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
    
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2


Please launch Task Manager, go to the Processes tab, and click the Memory header to sort by RAM usage. What processes (e.g. svchost.exe) are using the most RAM?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 March 2011 - 06:02 PM

First OTL log. Now runnign second scan.

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Starting removal of ActiveX control {32564D57-0000-0010-8000-00AA00389B71}
C:\WINNT\Downloaded Program Files\wmv8ax.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32564D57-0000-0010-8000-00AA00389B71}\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ deleted successfully.
File Protocol\Filter\Class Install Handler - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.

OTL by OldTimer - Version 3.2.22.3 log created on 03282011_234256

#14 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 March 2011 - 07:20 PM

OTL log after reboot

OTL logfile created on: 29/03/2011 1:04:55 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeff Haley\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

382.00 Mb Total Physical Memory | 101.00 Mb Available Physical Memory | 26.00% Memory free
738.00 Mb Paging File | 403.00 Mb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 900 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 82.19 Gb Free Space | 71.79% Space Free | Partition Type: NTFS
Drive E: | 254.86 Mb Total Space | 122.67 Mb Free Space | 48.13% Space Free | Partition Type: FAT

Computer Name: JEFF | User Name: Jeff Haley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/28 23:41:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
PRC - [2011/03/24 10:28:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/14 00:59:39 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/14 00:59:38 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/03/13 23:11:10 | 000,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/03/13 23:11:08 | 000,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINNT\system32\ZoneLabs\vsmon.exe
PRC - [2006/11/10 12:00:00 | 000,389,120 | ---- | M] (WinZip Computing LP) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/07/27 16:59:08 | 000,041,042 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
PRC - [2003/07/14 13:00:00 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/07/14 13:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe


========== Modules (SafeList) ==========

MOD - [2011/03/28 23:41:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
MOD - [2003/07/14 13:00:00 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/14 00:59:38 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/05/20 21:10:42 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2010/05/20 21:10:38 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Group\Apache2\bin\Apache.exe -- (Apache2)
SRV - [2010/01/25 11:02:20 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/03/13 23:11:08 | 000,075,304 | ---- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINNT\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2004/09/07 08:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/07/14 13:00:00 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2003/07/14 13:00:00 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/07/14 13:00:00 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2003/07/14 13:00:00 | 000,068,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/07/14 13:00:00 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 12:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\hidserv.exe -- (HidServ)


========== Driver Services (SafeList) ==========

DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINNT\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/22 15:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/07/07 18:53:02 | 000,028,160 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2009/03/02 18:08:16 | 000,019,744 | --S- | M] (AGG Software (http://www.aggsoft.com)) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ausbmon.sys -- (ausbmon)
DRV - [2008/03/13 23:11:18 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINNT\system32\vsdatant.sys -- (vsdatant)
DRV - [2008/02/27 03:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINNT\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)
DRV - [2006/05/29 07:07:33 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2006/05/04 12:02:06 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2006/02/14 17:18:10 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sisnic2k.sys -- (SISNIC2K)
DRV - [2005/07/07 09:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\P17.sys -- (P17)
DRV - [2005/03/12 20:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rt2500usb.sys -- (rt2500usb) DWL-G122(rev.B)
DRV - [2005/01/10 11:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 11:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/07/14 13:00:00 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/07/14 13:00:00 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2003/07/14 13:00:00 | 000,102,160 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nbf.sys -- (Nbf)
DRV - [2003/07/14 13:00:00 | 000,091,408 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2003/07/14 13:00:00 | 000,065,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/07/14 13:00:00 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/07/14 13:00:00 | 000,058,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/14 13:00:00 | 000,037,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nmnt.sys -- (nm)
DRV - [2003/07/14 13:00:00 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/07/14 13:00:00 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/07/14 13:00:00 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/07/14 13:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2003/07/14 13:00:00 | 000,009,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2003/07/14 13:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2003/07/14 13:00:00 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/07/14 13:00:00 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/07/14 13:00:00 | 000,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\sglfb.sys -- (sglfb)
DRV - [2003/07/14 13:00:00 | 000,002,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2003/06/19 12:05:04 | 000,068,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2002/11/04 23:35:24 | 000,161,747 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sis630p.sys -- (SiS630)
DRV - [2002/10/21 13:47:16 | 000,006,891 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/08/30 10:50:16 | 000,400,590 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sis7018.sys -- (SiS7018) Service for SiS7018 Driver (WDM)
DRV - [2002/08/20 18:21:32 | 000,009,472 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/02/07 16:38:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
DRV - [2001/12/18 14:45:04 | 000,003,279 | ---- | M] (VIA Technologies. Inc.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\VIAPFD.SYS -- (VIAPFD)
DRV - [2001/09/30 17:51:52 | 000,009,216 | ---- | M] (Connectix Corporation) [Kernel | Auto | Stopped] -- C:\WINNT\system32\drivers\vpcappsv.sys -- (VPCAppSv)
DRV - [2001/07/25 16:49:54 | 000,033,207 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\DM9PCI5.SYS -- (DM9102)
DRV - [2001/04/13 03:00:00 | 000,037,248 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2000/10/25 21:27:24 | 000,003,000 | R--- | M] () [Kernel | Auto | Running] -- C:\WINNT\system32\SetupNT.sys -- (SetupNT)
DRV - [1999/09/27 20:26:50 | 000,055,120 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\lsermous.sys -- (lsermous)
DRV - [1998/10/06 03:26:48 | 000,177,344 | R--- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\s3mini.sys -- (S3Inc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b38ccd6&v=6.103.018.001&i=23&tp=ab&iy=b&ychte=uk&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 10:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 10:29:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/05 14:09:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/03/28 07:21:09 | 000,000,000 | ---D | M]

[2010/10/21 20:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Extensions
[2010/10/21 20:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/28 17:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions
[2010/03/26 14:45:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/03 15:23:21 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/02/14 00:11:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Jeff Haley\Application Data\Mozilla\Firefox\Profiles\gxgktbuk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/03/28 17:25:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/26 15:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/12 10:30:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/27 08:01:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/27 02:08:07 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\Toolbar\ShellBrowser: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\.DEFAULT..\Run: [internat.exe] C:\WINNT\System32\internat.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
O4 - Startup: C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O4 - Startup: C:\Documents and Settings\Default User.WINNT\Start Menu\Programs\Startup\Camio Viewer.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Jeff Haley\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\nobody\Start Menu\Programs\Startup\Camio Viewer.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-764733703-1343024091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm ()
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINNT\system32\NWPROVAU.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237473326688 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/13 17:50:26 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINNT\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/28 23:42:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/27 08:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/27 08:01:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2011/03/27 08:01:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe
[2011/03/27 08:01:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe
[2011/03/24 21:27:57 | 000,000,000 | ---D | C] -- C:\JouleLicencesAlex
[2011/03/17 18:05:09 | 000,000,000 | ---D | C] -- C:\INDEXNUM
[2011/03/15 13:29:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Common Files
[2011/03/07 10:21:03 | 000,000,000 | ---D | C] -- C:\indexnumlatest
[2010/05/20 21:11:50 | 000,065,536 | ---- | C] ( ) -- C:\WINNT\System32\A3d.dll
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[17 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016/04/13 04:19:05 | 000,069,632 | ---- | M] () -- C:\WINNT\System32\system.mdw
[2011/03/29 00:09:34 | 000,000,472 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2011/03/29 00:08:45 | 000,352,922 | ---- | M] () -- C:\WINNT\System32\vsconfig.xml
[2011/03/28 23:59:06 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_264.dat
[2011/03/28 23:41:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff Haley\Desktop\OTL.exe
[2011/03/28 17:32:15 | 004,304,820 | R--- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\etavaresCF.exe
[2011/03/28 15:51:12 | 000,010,462 | ---- | M] () -- C:\WINNT\UEDIT32.INI
[2011/03/28 13:04:23 | 023,228,916 | ---- | M] () -- C:\A400DOSSetup0185.zip
[2011/03/28 11:32:46 | 000,001,204 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2011/03/28 11:07:22 | 001,174,146 | ---- | M] () -- C:\A400RadioSetup.zip
[2011/03/28 00:20:28 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\SystemLook.exe
[2011/03/27 18:36:48 | 000,000,026 | ---- | M] () -- C:\WINNT\process.ini
[2011/03/27 08:01:24 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_484.dat
[2011/03/27 02:21:46 | 001,198,872 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/03/27 02:19:57 | 000,001,491 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Firefox.lnk
[2011/03/27 02:08:07 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2011/03/27 01:49:06 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_338.dat
[2011/03/27 00:44:45 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_254.dat
[2011/03/26 23:36:26 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4c4.dat
[2011/03/26 23:12:15 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat
[2011/03/26 23:11:38 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat
[2011/03/26 23:05:19 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2011/03/26 22:32:36 | 000,256,662 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\mshta.jpg
[2011/03/26 20:59:38 | 000,002,273 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\Attach.zip
[2011/03/26 20:42:05 | 073,282,271 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2011/03/26 20:17:15 | 000,293,019 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\gmer.zip
[2011/03/26 20:14:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\prvlcl.dat
[2011/03/26 20:11:52 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_498.dat
[2011/03/26 20:11:09 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\dds.scr
[2011/03/26 20:08:16 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\defogger_reenable
[2011/03/26 20:07:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\Defogger.exe
[2011/03/25 03:17:30 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2011/03/24 14:07:20 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/23 17:59:58 | 001,174,534 | ---- | M] () -- C:\A400RadioSetupNorthWestParts.zip
[2011/03/23 00:06:18 | 001,173,852 | ---- | M] () -- C:\A400RadioSetupERS0389.zip
[2011/03/20 18:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\gmer.exe
[2011/03/18 05:34:02 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/03/15 16:42:24 | 022,660,026 | ---- | M] () -- C:\A400DOSSetupBlueIce0707.rar
[2011/03/10 22:46:01 | 001,173,285 | ---- | M] () -- C:\A400RadioSetupMobileAudio0380.zip
[2011/03/08 10:18:34 | 000,186,030 | ---- | M] () -- C:\Gammav.zip
[2011/03/08 09:05:15 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3ac.dat
[2011/03/07 09:27:32 | 000,001,559 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Mozilla Thunderbird.lnk
[2011/03/04 03:24:39 | 000,713,086 | ---- | M] () -- C:\A400ECUSetup.zip
[2011/02/28 17:48:43 | 158,067,944 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/02/28 14:24:55 | 001,126,532 | ---- | M] () -- C:\WINNT\Personal\EXPRESS AND STAR ratecard-2010-v2midres.pdf
[2011/02/28 11:47:55 | 001,126,532 | ---- | M] () -- C:\Documents and Settings\Jeff Haley\Desktop\ratecard-2010-v2midres.pdf
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[17 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016/04/12 07:11:16 | 000,094,208 | ---- | C] () -- C:\WINNT\System32\dllcache\fpencode.dll
[2016/04/12 05:39:21 | 000,065,832 | ---- | C] () -- C:\WINNT\Santa Fe Stucco.bmp
[2016/04/12 05:39:21 | 000,017,336 | ---- | C] () -- C:\WINNT\Gone Fishing.bmp
[2016/04/12 05:39:21 | 000,001,272 | ---- | C] () -- C:\WINNT\Blue Lace 16.bmp
[2011/03/28 23:59:06 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_264.dat
[2011/03/28 13:04:23 | 023,228,916 | ---- | C] () -- C:\A400DOSSetup0185.zip
[2011/03/27 14:23:41 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\SystemLook.exe
[2011/03/27 08:01:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_484.dat
[2011/03/27 01:49:06 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_338.dat
[2011/03/27 01:11:00 | 004,304,820 | R--- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\etavaresCF.exe
[2011/03/27 00:44:45 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_254.dat
[2011/03/26 23:36:26 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c4.dat
[2011/03/26 23:12:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat
[2011/03/26 23:11:38 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_260.dat
[2011/03/26 23:05:18 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_27c.dat
[2011/03/26 22:32:35 | 000,256,662 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\mshta.jpg
[2011/03/26 20:59:37 | 000,002,273 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\Attach.zip
[2011/03/26 20:17:14 | 000,293,019 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\gmer.zip
[2011/03/26 20:11:52 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_498.dat
[2011/03/26 20:11:33 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\dds.scr
[2011/03/26 20:08:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\defogger_reenable
[2011/03/26 20:07:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\Defogger.exe
[2011/03/25 12:50:16 | 001,174,146 | ---- | C] () -- C:\A400RadioSetup.zip
[2011/03/25 03:17:30 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_280.dat
[2011/03/23 00:06:14 | 001,173,852 | ---- | C] () -- C:\A400RadioSetupERS0389.zip
[2011/03/20 18:07:56 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\gmer.exe
[2011/03/15 16:41:06 | 022,660,026 | ---- | C] () -- C:\A400DOSSetupBlueIce0707.rar
[2011/03/10 22:45:54 | 001,173,285 | ---- | C] () -- C:\A400RadioSetupMobileAudio0380.zip
[2011/03/08 10:18:34 | 000,186,030 | ---- | C] () -- C:\Gammav.zip
[2011/03/08 09:05:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3ac.dat
[2011/02/28 17:35:48 | 158,067,944 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2011/02/28 14:24:54 | 001,126,532 | ---- | C] () -- C:\WINNT\Personal\EXPRESS AND STAR ratecard-2010-v2midres.pdf
[2011/02/28 11:47:49 | 001,126,532 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Desktop\ratecard-2010-v2midres.pdf
[2011/02/10 02:35:47 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c8.dat
[2011/01/26 09:22:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2011/01/23 19:09:54 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_288.dat
[2011/01/03 19:58:22 | 000,102,400 | ---- | C] () -- C:\WINNT\RegBootClean.exe
[2010/11/12 10:30:57 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_c98.dat
[2010/11/06 18:17:46 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_290.dat
[2010/10/31 12:31:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_28c.dat
[2010/10/30 11:28:11 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2010/10/23 11:07:34 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3bc.dat
[2010/10/15 09:04:44 | 000,015,880 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe
[2010/08/28 11:25:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_154.dat
[2010/07/31 11:24:00 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_39c.dat
[2010/07/25 13:53:12 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_158.dat
[2010/07/10 12:29:41 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\ftdiunin.exe
[2010/07/10 12:29:41 | 000,000,115 | ---- | C] () -- C:\WINNT\System32\ftdiun2k.ini
[2010/07/10 10:39:51 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_15c.dat
[2010/07/08 10:18:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2a0.dat
[2010/07/02 11:22:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3cc.dat
[2010/06/24 09:54:39 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c4.dat
[2010/06/16 07:55:55 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[2010/06/13 16:51:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b8.dat
[2010/06/10 08:13:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat
[2010/06/09 02:57:16 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b0.dat
[2010/06/02 22:09:24 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d4.dat
[2010/05/23 13:25:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c8.dat
[2010/05/23 02:40:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_478.dat
[2010/05/22 10:44:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3d0.dat
[2010/05/21 04:09:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2010/05/21 03:03:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_298.dat
[2010/05/20 21:12:21 | 000,691,545 | ---- | C] () -- C:\WINNT\unins000.exe
[2010/05/20 21:12:08 | 000,233,472 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.exe
[2010/05/20 12:21:49 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/05/20 12:21:49 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/05/20 12:21:49 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/05/20 12:21:49 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/05/20 12:21:49 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/02/22 00:16:20 | 000,000,026 | ---- | C] () -- C:\WINNT\process.ini
[2010/02/12 16:54:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\prvlcl.dat
[2009/12/16 13:31:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\housecall.guid.cache
[2009/10/17 08:14:53 | 001,470,464 | ---- | C] () -- C:\WINNT\libmysql.dll
[2009/09/24 21:53:13 | 000,000,037 | ---- | C] () -- C:\WINNT\iltwain.ini
[2009/09/17 17:29:46 | 000,004,131 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\giajzima.dav
[2009/08/22 02:37:39 | 000,110,592 | ---- | C] () -- C:\WINNT\System32\PushSource.dll
[2009/08/22 02:37:38 | 004,447,949 | ---- | C] () -- C:\WINNT\System32\libavcodec.dll
[2009/08/22 02:37:38 | 000,558,205 | ---- | C] () -- C:\WINNT\System32\libmplayer.dll
[2009/08/22 02:37:38 | 000,144,057 | ---- | C] () -- C:\WINNT\System32\libmpeg2_ff.dll
[2009/08/22 02:37:38 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\ff_wmv9.dll
[2009/08/22 02:37:37 | 000,485,888 | ---- | C] () -- C:\WINNT\System32\ff_libfaad2.dll
[2009/08/22 02:37:37 | 000,257,024 | ---- | C] () -- C:\WINNT\System32\ff_libdts.dll
[2009/08/22 02:37:37 | 000,183,296 | ---- | C] () -- C:\WINNT\System32\ff_samplerate.dll
[2009/08/22 02:37:37 | 000,178,688 | ---- | C] () -- C:\WINNT\System32\ff_libmad.dll
[2009/08/22 02:37:37 | 000,113,152 | ---- | C] () -- C:\WINNT\System32\ff_unrar.dll
[2009/08/22 02:37:37 | 000,067,584 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2009/08/22 02:37:36 | 003,112,448 | ---- | C] () -- C:\WINNT\System32\ffdshow.dll
[2009/08/22 02:37:36 | 000,142,848 | ---- | C] () -- C:\WINNT\System32\ff_liba52.dll
[2009/05/29 18:22:30 | 000,053,248 | R--- | C] () -- C:\WINNT\System32\P17CPI.dll
[2009/05/29 18:22:29 | 000,064,512 | R--- | C] () -- C:\WINNT\System32\P17.dll
[2009/04/19 19:56:56 | 000,001,024 | -HS- | C] () -- C:\Documents and Settings\All Users.WINNT\Application Data\pub2pdfpro.dll
[2009/04/19 19:56:36 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfmonnt.dll
[2009/04/19 19:56:33 | 000,000,156 | ---- | C] () -- C:\WINNT\System32\psconv.ini
[2009/04/14 02:09:40 | 000,012,976 | ---- | C] () -- C:\WINNT\winsight.ini
[2009/03/28 07:17:41 | 000,001,204 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2009/03/28 07:06:54 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2009/03/28 07:06:52 | 000,258,424 | ---- | C] () -- C:\WINNT\System32\qasf.dll
[2009/02/19 18:37:49 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\YCRWin32.dll
[2009/02/19 18:29:06 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2009/02/15 02:05:10 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Jeff Haley\Local Settings\Application Data\PUTTY.RND
[2008/12/10 12:33:18 | 000,017,920 | ---- | C] () -- C:\WINNT\System32\implode.dll
[2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINNT\System32\qt-dx331.dll
[2008/11/06 17:33:02 | 000,012,288 | ---- | C] () -- C:\WINNT\System32\DivXWMPExtType.dll
[2008/06/22 14:22:44 | 000,000,087 | ---- | C] () -- C:\WINNT\TDW.INI
[2008/03/25 04:38:41 | 000,002,550 | ---- | C] () -- C:\WINNT\unins000.dat
[2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll
[2007/10/25 03:27:23 | 000,001,156 | ---- | C] () -- C:\WINNT\mozver.dat
[2007/10/25 03:23:48 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2007/06/13 11:58:21 | 000,003,980 | ---- | C] () -- C:\WINNT\SWDEPEND.INI
[2007/05/03 23:32:18 | 000,000,075 | ---- | C] () -- C:\WINNT\DATAMGR.INI
[2007/04/07 22:45:01 | 000,005,606 | ---- | C] () -- C:\WINNT\System32\stci.dll
[2007/04/06 18:56:49 | 000,004,212 | -H-- | C] () -- C:\WINNT\System32\zllictbl.dat
[2007/04/06 18:55:56 | 000,796,312 | ---- | C] () -- C:\WINNT\System32\libeay32_0.9.6l.dll
[2007/03/16 02:05:47 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\IDEproperty.dll
[2007/03/16 01:32:08 | 000,000,092 | ---- | C] () -- C:\WINNT\CMISETUP.INI
[2007/03/16 01:32:08 | 000,000,026 | ---- | C] () -- C:\WINNT\CMCDPLAY.INI
[2007/03/16 01:01:10 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\sis730.bin
[2007/03/16 01:01:09 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\sis300.bin
[2007/03/16 01:01:09 | 000,049,152 | ---- | C] () -- C:\WINNT\System32\sis630.bin
[2007/03/16 00:58:18 | 000,139,264 | ---- | C] () -- C:\WINNT\System32\setuplib.dll
[2007/03/16 00:58:18 | 000,086,275 | ---- | C] () -- C:\WINNT\System32\waitwnd.exe
[2007/02/21 21:52:19 | 000,000,376 | ---- | C] () -- C:\WINNT\mozregistry.dat
[2007/01/11 22:23:16 | 000,010,462 | ---- | C] () -- C:\WINNT\UEDIT32.INI
[2007/01/06 02:47:26 | 000,000,398 | ---- | C] () -- C:\WINNT\infoview.ini
[2007/01/06 02:47:13 | 000,000,090 | ---- | C] () -- C:\WINNT\VBA.INI
[2007/01/06 02:46:04 | 000,078,438 | ---- | C] () -- C:\WINNT\EXTRACT.EXE
[2006/12/31 08:33:27 | 000,003,000 | R--- | C] () -- C:\WINNT\System32\SetupNT.sys
[2006/12/11 14:59:58 | 000,000,115 | ---- | C] () -- C:\WINNT\VBCE.INI
[2006/12/10 18:30:50 | 000,001,665 | ---- | C] () -- C:\WINNT\ExterCDRW100.ini
[2006/10/29 22:18:35 | 000,047,374 | ---- | C] () -- C:\WINNT\php.ini
[2006/04/06 22:21:06 | 000,002,670 | ---- | C] () -- C:\WINNT\ODBC.INI
[2006/02/18 02:29:52 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2006/02/18 02:28:32 | 000,015,004 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2006/02/17 19:50:00 | 000,004,534 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2006/02/17 19:34:16 | 000,125,320 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2005/07/07 10:26:56 | 000,005,627 | ---- | C] () -- C:\WINNT\System32\Ludap17.ini
[2005/03/08 07:17:08 | 000,000,054 | ---- | C] () -- C:\WINNT\System32\ctzapxx.ini
[2004/12/19 14:29:40 | 000,106,496 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2004/12/19 14:17:10 | 000,614,400 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2003/07/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2003/07/14 13:00:00 | 000,283,038 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2003/07/14 13:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2003/07/14 13:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2003/07/14 13:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/07/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2003/07/14 13:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2003/07/14 13:00:00 | 000,033,144 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2003/07/14 13:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2003/07/14 13:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/07/14 13:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2003/07/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2003/07/14 13:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\cmirmdrv.dll
[2002/10/06 19:42:56 | 000,237,568 | ---- | C] () -- C:\WINNT\System32\OggDS.dll
[2002/10/05 00:04:24 | 000,921,600 | ---- | C] () -- C:\WINNT\System32\VorbisEnc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\WINNT\System32\vorbis.dll
[2002/10/05 00:04:16 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\ogg.dll
[2002/05/16 00:38:40 | 000,091,136 | ---- | C] () -- C:\WINNT\System32\mp4fil32.dll
[1999/09/25 11:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 11:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/01/22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\MSRTEDIT.DLL
[1998/09/18 02:53:24 | 001,716,224 | ---- | C] () -- C:\WINNT\System32\s3vogl.dll
[1997/12/19 00:03:38 | 000,210,944 | ---- | C] () -- C:\WINNT\System32\msvcrt10.dll
[1997/08/01 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINNT\System32\WRKGADM.EXE
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\ODBCSTF.DLL
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINNT\System32\DOCOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 864 bytes -> C:\WINNT\Personal\drawing2.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 864 bytes -> C:\WINNT\Personal\drawing1.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7684 bytes -> C:\WINNT\Personal\christmas card.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3740 bytes -> C:\WINNT\Personal\img1.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3304 bytes -> C:\WINNT\Personal\img3.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2300 bytes -> C:\WINNT\Personal\img4.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1620 bytes -> C:\WINNT\Personal\img8.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1512 bytes -> C:\WINNT\Personal\img6.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1444 bytes -> C:\WINNT\Personal\img9.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1444 bytes -> C:\WINNT\Personal\img7.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1416 bytes -> C:\WINNT\Personal\img10.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1396 bytes -> C:\WINNT\Personal\img12.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1392 bytes -> C:\WINNT\Personal\img5.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 12524 bytes -> C:\WINNT\Personal\img11.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:276B24AA
@Alternate Data Stream - 11628 bytes -> C:\WINNT\Personal\img2.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >

#15 sortmymotor

sortmymotor
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:33 PM

Posted 28 March 2011 - 08:14 PM

Process memory

Firefox 88,924K
Thunderbird 48,304K
vsmon 24,196K
services 16,720K
spoolsv 15,272K
svchost 11,560K




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users