Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible BIOS virus, "mpsmhyfn.exe"


  • This topic is locked This topic is locked
21 replies to this topic

#1 Jeebus

Jeebus

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 27 March 2011 - 05:42 AM

As requested in original topic, posting DDS and GMER logs.
Original topic: http://www.bleepingcomputer.com/forums/topic387310.html

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 11:07:29.82 on 27/03/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.788 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\ejbatyvw\mpsmhyfn.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-26 20:30:37 -------- d-sha-r- C:\cmdcons
2011-03-26 20:30:19 98816 ----a-w- c:\windows\sed.exe
2011-03-26 20:30:19 89088 ----a-w- c:\windows\MBR.exe
2011-03-26 20:30:19 256512 ----a-w- c:\windows\PEV.exe
2011-03-26 20:30:19 161792 ----a-w- c:\windows\SWREG.exe
2011-03-25 00:02:18 -------- d-----w- C:\drivers
2011-03-25 00:01:30 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
.
============= FINISH: 11:07:54.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:15 AM

Posted 02 April 2011 - 07:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 04 April 2011 - 05:09 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 22:22:49.23 on 04/04/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.788 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\User\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\ejbatyvw\mpsmhyfn.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-27 11:51:56 170397 ----a-w- c:\windows\system32\wscntfymgr.exe
2011-03-26 20:30:37 -------- d-sha-r- C:\cmdcons
2011-03-26 20:30:19 98816 ----a-w- c:\windows\sed.exe
2011-03-26 20:30:19 89088 ----a-w- c:\windows\MBR.exe
2011-03-26 20:30:19 256512 ----a-w- c:\windows\PEV.exe
2011-03-26 20:30:19 161792 ----a-w- c:\windows\SWREG.exe
2011-03-25 00:02:18 -------- d-----w- C:\drivers
2011-03-25 00:01:30 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
.
==================== Find3M ====================
.
.
============= FINISH: 22:23:17.15 ===============

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 PM

Posted 05 April 2011 - 06:55 AM

Hello Jeebus ! Welcome to BleepingComputer Forums! :welcome:


My name is Georgi and and I will be helping you with your computer problems.


Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.



IMPORTANT NOTE :exclame:


I am afraid that you may have a file infector on board which is never good.
This would involve a full reformat as the only way to cure it.
However, I would like to confirm my suspicions first.






Open notepad and copy/paste the text in the codebox below into it:


@echo off
for %%g in (

C:\Program Files\ejbatyvw\mpsmhyfn.exe
C:\Documents and Settings\User\Start Menu\Programs\Startup\mpsmhyfn.exe
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\mpsmhyfn.exe

) do zip Files_for_submission %%g
del %0


Save this as grab.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this:Posted Image
Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop. Please send me this file via personal message.





Next please...



Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\System32\smss.exe

note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/


Please repeat the procedure for the following files as well:


C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Movie Maker\moviemk.exe




Regards,
Georgi

cXfZ4wS.png


#5 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 07 April 2011 - 03:30 PM

mpsmhyfn.exe can't be found anywhere now for some reason, I've manually checked all three locations with "show hidden files and folders" and "show system files" enabled, but there's nothing to be found. Hoever it's still listed under WinLogon in Regedit and there are still multiple instances of iexplore.exe running as soon as the computer starts so somthing's still happening in the background.

I haven't done anything with the laptop other than what I've been asked to do in this thread so no files have been changed, I haven't even turned it on other than to perform the steps asked of me.

Regardless, here are the results from VirusTotal of the files you asked for:

--------------------------

smss.exe

Antivirus results
AhnLab-V3 - 2011.04.08.00 - 2011.04.07 - -
AntiVir - 7.11.6.4 - 2011.04.07 - -
Antiy-AVL - 2.0.3.7 - 2011.04.06 - -
Avast - 4.8.1351.0 - 2011.04.07 - -
Avast5 - 5.0.677.0 - 2011.04.01 - -
AVG - 10.0.0.1190 - 2011.04.07 - -
BitDefender - 7.2 - 2011.04.07 - -
CAT-QuickHeal - 11.00 - 2011.04.07 - -
ClamAV - 0.97.0.0 - 2011.04.07 - -
Commtouch - 5.2.11.5 - 2011.04.06 - -
Comodo - 8259 - 2011.04.07 - -
DrWeb - 5.0.2.03300 - 2011.04.07 - -
eSafe - 7.0.17.0 - 2011.04.04 - -
eTrust-Vet - 36.1.8259 - 2011.04.07 - -
F-Prot - 4.6.2.117 - 2011.04.07 - -
F-Secure - 9.0.16440.0 - 2011.04.07 - -
Fortinet - 4.2.254.0 - 2011.04.07 - -
GData - 22 - 2011.04.07 - -
Ikarus - T3.1.1.103.0 - 2011.04.07 - -
Jiangmin - 13.0.900 - 2011.04.07 - -
K7AntiVirus - 9.96.4320 - 2011.04.07 - -
Kaspersky - 7.0.0.125 - 2011.04.07 - -
McAfee - 5.400.0.1158 - 2011.04.07 - -
McAfee-GW-Edition - 2010.1C - 2011.04.07 - -
Microsoft - 1.6702 - 2011.04.07 - -
NOD32 - 6023 - 2011.04.07 - -
Norman - 6.07.07 - 2011.04.07 - -
Panda - 10.0.3.5 - 2011.04.07 - -
PCTools - 7.0.3.5 - 2011.04.07 - -
Prevx - 3.0 - 2011.04.07 - -
Rising - 23.52.03.06 - 2011.04.07 - -
Sophos - 4.64.0 - 2011.04.07 - -
SUPERAntiSpyware - 4.40.0.1006 - 2011.04.06 - -
Symantec - 20101.3.2.89 - 2011.04.07 - -
TheHacker - 6.7.0.1.168 - 2011.04.07 - -
TrendMicro - 9.200.0.1012 - 2011.04.07 - -
TrendMicro-HouseCall - 9.200.0.1012 - 2011.04.07 - -
VBA32 - 3.12.14.3 - 2011.04.07 - -
VIPRE - 8949 - 2011.04.07 - -
ViRobot - 2011.4.7.4398 - 2011.04.07 - -
VirusBuster - 13.6.293.1 - 2011.04.07 - -
File info:
MD5: 5f816c1f539266d2d4c78694239da0b5
SHA1: 406503e95e8bf9b387b201aac141520e5f266ff4
SHA256: 10bfccf4effc3813a563d528dc5464827bef10ae21d6b9c1138930228e7047d1
File size: 50688 bytes
Scan date: 2011-04-07 19:47:10 (UTC)

csrss.exe - 0 results
File info:
MD5: 44f275c64738ea2056e3d9580c23b60f
SHA1: 9b81fe32842db93292a59a87e73ca113701f7e3b
SHA256: 5d4b7306e71a44440e7f0b32a373aec120c01b69f87756589e39eb85c40cd742
File size: 6144 bytes
Scan date: 2011-04-07 20:07:41 (UTC)

winlogon.exe - 0 results
File info:
MD5: 53a8857723277b1d6d5ee60a9f85b117
SHA1: 45e29cef3100d12d24a9a36992bfd37ea5739ca7
SHA256: 7cd68891d5f65be3f045b1c4314d4cfba030bc96ece71d240ad1a1404f1325ea
File size: 509440 bytes
Scan date: 2011-04-07 20:09:43 (UTC)

services.exe - 1 result
Antivirus results
Symantec - 20101.3.2.89 - 2011.04.07 - WS.Reputation.1
File info:
MD5: c519e15665cd89a91ad383fce3cb556a
SHA1: 75b6774627e006668c0a41bb06fb806d68f74cd5
SHA256: c2488c0b7d3c05ca5b23154aedd07efc592b7e5008100fa4416be8dfee551b24
File size: 110592 bytes
Scan date: 2011-04-07 20:05:04 (UTC)

svchost.exe - 0 results
File info:
MD5: 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1: 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
File size: 14336 bytes
Scan date: 2011-04-07 20:15:15 (UTC)

explorer.exe - 0 results
File info:
MD5: 2bb75b7f548d82a099125d0c5971de7d
SHA1: 185175ea4de39ee61909577a6a93ed3d8f354377
SHA256: 7a0d86aa7e718e1f9df8afbee9672d00ecf8e3da4f258b5accd12a343132fea0
File size: 1033728 bytes
Scan date: 2011-04-07 20:03:04 (UTC)

moviemk.exe - 0 results
File info:
MD5: b7781e3638280007c0a50b7f8f28b45b
SHA1: 756dc839f0f65ed1ea810d66f0bc6e377afd966c
SHA256: 7f19492e1ad25ddba08eda9e5cecf4aff901d7bb95448e9563f86256d14861b1
File size: 3558912 bytes
Scan date: 2011-04-07 20:16:18 (UTC)

Edited by Jeebus, 07 April 2011 - 03:30 PM.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 PM

Posted 07 April 2011 - 03:51 PM

Hi Jeebus,



Not looking good. It seems that some system files are patched.
Let's take a deeper look.



Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply



Regards,
Georgi

cXfZ4wS.png


#7 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 08 April 2011 - 12:06 PM

Hi

ComboFix says it detected the presence of a rootkit and restarted the laptop before scannning. I've attached the logfile to this post.

It doesn't seem to have made a differnce by itself though, there usual symptoms are still presenting themselves.

Thanks

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 PM

Posted 09 April 2011 - 07:13 AM

Hi Jeebus,



Sorry for the delay !
I had some personal issues to resolve.



Delete your copy of Combofix and download a fresh one from here.

Save it your desktop but do not run it yet ! <--- important !!!



We need to execute a CFScript to clean some remnants.


Please do this:


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic387394.html

KILLALL::
Collect::
c:\program files\ejbatyvw\mpsmhyfn.exe
SRPEEK::
c:\windows\system32\sfcfiles.dll
FileLook::
c:\windows\system32\wuaucltmgr.exe
c:\windows\system32\wscntfymgr.exe
DirLook::
c:\windows\pchealth\helpctr
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

3. Close any open browsers.

4. Referring to the picture above, drag CFScript into ComboFix.exe

5. When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Successful".

**NOTE**
  • IF for some reason Combofix fails to upload anything you will see that message:
    Posted Image
  • Please double-click this file: C:\CF-Submit.htm and follow the instructions there to upload that zipped file.


6. When Combifix finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.


c:\windows\system32\wuaucltmgr.exe
c:\windows\system32\wscntfymgr.exe


note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Please post back the results of the scan in your next post.

If Virustotal is busy, try the same at Virscan: http://virscan.org/



Regards,
Georgi

cXfZ4wS.png


#9 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 09 April 2011 - 08:03 AM

Hi, no worries about the delay, I'm just grateful for the help!

I've attached the new ComboFix log results, and ComboFix also supposedly uploaded the files with no errors also. However when I try to access VirusTotal or Virscan, both websites are unavilable, saying "Cannot find server", and not just on the infected computer. None of the computers I try to access from can reach either site, so I'm assuming they're both expereience technical difficulties. I'll try access them again later today.

For now, here's the log file you requested.

Thanks again!

EDIT: I can now access VirusTotal from my own computers, but the infected laptop is still unable to connect to it, saying "Cannot find server". None of the computers can reach virscan.org still. I'm guessing whatever's on the infected laptop is now blocking VirusTotal, even though I could access it fine before.

Attached Files


Edited by Jeebus, 09 April 2011 - 08:09 AM.


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 PM

Posted 09 April 2011 - 08:24 AM

Hello Jeebus,





Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    mpsmhyfn.exe
    :regfind
    mpsmhyfn.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt





We need to run an OTL Custom Scan


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    /md5start
    smss.exe
    svchost.exe
    csrss.exe
    explorer.exe
    winlogon.exe
    services.exe
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Regards,
Georgi

cXfZ4wS.png


#11 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 09 April 2011 - 08:35 AM

Hi

When I try to run SystemLook I get an error message box,

"C:\Documents and Settings\User\Desktop\SystemLook.exe
This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem."

It runs fine on my other computers, I'm assuming whatever's on the laptop is preventing it from running.

Thanks

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 PM

Posted 09 April 2011 - 08:40 AM

Hi Jeebus,


Ok, please proceed with the OTL scan.

Thanks !



Regards,
Georgi

cXfZ4wS.png


#13 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 09 April 2011 - 08:56 AM

OTL logfile created on: 09/04/2011 14:47:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 778.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.05 Gb Total Space | 138.50 Gb Free Space | 95.49% Space Free | Partition Type: NTFS
Drive E: | 123.21 Mb Total Space | 65.53 Mb Free Space | 53.18% Space Free | Partition Type: FAT

Computer Name: USER-CA3987A608 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 14:29:10 | 000,754,198 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 05:42:42 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
PRC - [2004/11/08 19:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 14:29:10 | 000,754,198 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/08 19:17:50 | 000,238,932 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)


========== Driver Services (SafeList) ==========

DRV - [2007/05/02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm




IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-776561741-492894223-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-776561741-492894223-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/04/09 13:49:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-492894223-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-776561741-492894223-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-776561741-492894223-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-776561741-492894223-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\ejbatyvw\mpsmhyfn.exe) - C:\Program Files\ejbatyvw\mpsmhyfn.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/25 00:53:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/12/03 16:19:20 | 000,620,465 | ---- | M] () - E:\Autoruns(2).zip -- [ FAT ]
O32 - AutoRun File - [2011/01/23 18:04:46 | 000,000,000 | ---D | M] - E:\Autoruns -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 14:32:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2011/04/09 14:31:31 | 000,754,198 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/04/09 13:52:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/09 13:38:41 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/04/09 13:36:44 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/04/09 13:36:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/04/07 20:55:21 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2011/04/07 20:55:20 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/04/07 20:53:26 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/04/07 20:53:25 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/04/07 20:53:25 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/04/07 20:51:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\UserData
[2011/04/04 22:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\colin logs
[2011/03/27 11:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2011/03/26 21:30:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/26 21:30:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/26 21:30:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/26 21:30:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/26 21:30:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/26 21:29:43 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011/03/26 21:20:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/26 21:20:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/26 21:17:50 | 001,345,408 | ---- | C] (Lenovo Group Limited ) -- C:\Documents and Settings\User\Desktop\1yuj18us.exe
[2011/03/25 01:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/03/25 01:04:09 | 000,238,932 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2011/03/25 01:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/03/25 01:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/03/25 01:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\ejbatyvw
[2011/03/25 01:02:18 | 000,000,000 | ---D | C] -- C:\drivers
[2011/03/25 01:01:30 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2011/03/25 00:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Identities
[2011/03/25 00:58:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/03/25 00:58:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Pictures
[2011/03/25 00:58:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents\My Music
[2011/03/25 00:58:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Application Data\Microsoft
[2011/03/25 00:58:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Cookies
[2011/03/25 00:58:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\SendTo
[2011/03/25 00:58:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Application Data
[2011/03/25 00:58:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Startup
[2011/03/25 00:58:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu
[2011/03/25 00:58:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\My Documents
[2011/03/25 00:58:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Favorites
[2011/03/25 00:58:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Start Menu\Programs\Accessories
[2011/03/25 00:58:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Templates
[2011/03/25 00:58:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\PrintHood
[2011/03/25 00:58:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\NetHood
[2011/03/25 00:58:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\User\Local Settings
[2011/03/25 00:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Microsoft
[2011/03/25 00:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop
[2011/03/25 00:57:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/25 00:57:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/03/25 00:57:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/03/25 00:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/03/25 00:56:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/03/25 00:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/03/25 00:55:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/03/25 00:55:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/03/25 00:55:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/03/25 00:55:44 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/03/25 00:55:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/03/25 00:55:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/03/25 00:55:43 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/03/25 00:55:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/03/25 00:55:42 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/03/25 00:55:41 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/03/25 00:55:41 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/03/25 00:55:39 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/03/25 00:55:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/03/25 00:55:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/03/25 00:55:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/03/25 00:55:37 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/03/25 00:55:37 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/03/25 00:55:37 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/03/25 00:55:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/03/25 00:55:36 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/03/25 00:55:36 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/03/25 00:55:36 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/03/25 00:55:34 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/03/25 00:55:32 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/03/25 00:55:32 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/03/25 00:55:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/03/25 00:55:31 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/03/25 00:55:31 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/03/25 00:55:31 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/03/25 00:55:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/03/25 00:55:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/03/25 00:55:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/03/25 00:55:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/03/25 00:55:30 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/03/25 00:55:30 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/03/25 00:55:30 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/03/25 00:55:30 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/03/25 00:55:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/03/25 00:55:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/03/25 00:55:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/03/25 00:55:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/03/25 00:55:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/03/25 00:55:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/03/25 00:55:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/03/25 00:55:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/03/25 00:55:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/03/25 00:55:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/03/25 00:55:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/03/25 00:55:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/03/25 00:55:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/03/25 00:55:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/03/25 00:55:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/03/25 00:55:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/03/25 00:55:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/03/25 00:55:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/03/25 00:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/03/25 00:55:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/03/25 00:55:24 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/03/25 00:55:23 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/03/25 00:55:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/03/25 00:55:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/03/25 00:55:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/03/25 00:55:21 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/03/25 00:55:20 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/03/25 00:55:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/03/25 00:55:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/03/25 00:55:18 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/03/25 00:55:18 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/03/25 00:55:18 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/03/25 00:55:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/03/25 00:55:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/03/25 00:55:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/03/25 00:55:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/03/25 00:55:17 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/03/25 00:55:17 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/03/25 00:55:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/03/25 00:55:16 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/03/25 00:55:16 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/03/25 00:55:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/03/25 00:55:12 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/03/25 00:55:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/03/25 00:55:08 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/03/25 00:55:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/03/25 00:55:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2011/03/25 00:55:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/03/25 00:55:03 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/03/25 00:55:03 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/03/25 00:55:02 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/03/25 00:55:02 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/03/25 00:55:02 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/03/25 00:55:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/03/25 00:55:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/03/25 00:55:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/03/25 00:55:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/03/25 00:55:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/03/25 00:54:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/03/25 00:54:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/03/25 00:54:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/03/25 00:54:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/03/25 00:54:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/03/25 00:54:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/03/25 00:54:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/03/25 00:54:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/03/25 00:54:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/03/25 00:54:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/03/25 00:54:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/03/25 00:54:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/03/25 00:54:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/03/25 00:54:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/03/25 00:54:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/03/25 00:54:57 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/03/25 00:54:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/03/25 00:54:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/03/25 00:54:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/03/25 00:54:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/03/25 00:54:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/03/25 00:54:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/03/25 00:54:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/03/25 00:54:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/03/25 00:54:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/03/25 00:54:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/03/25 00:54:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/03/25 00:54:56 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/03/25 00:54:55 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/03/25 00:54:55 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/03/25 00:54:55 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/03/25 00:54:55 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/03/25 00:54:54 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/03/25 00:54:54 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/03/25 00:54:54 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/03/25 00:54:54 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/03/25 00:54:54 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/03/25 00:54:54 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/03/25 00:54:53 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/03/25 00:54:53 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/03/25 00:54:53 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/03/25 00:54:53 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/03/25 00:54:53 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/03/25 00:54:53 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/03/25 00:54:52 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/03/25 00:54:52 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/03/25 00:54:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/03/25 00:54:52 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/03/25 00:54:52 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/03/25 00:54:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/03/25 00:54:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/03/25 00:54:47 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/03/25 00:54:36 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/03/25 00:54:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/03/25 00:54:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/03/25 00:54:34 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/03/25 00:54:34 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/03/25 00:54:34 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/03/25 00:54:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/03/25 00:54:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/03/25 00:54:34 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/03/25 00:54:34 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/03/25 00:54:33 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/03/25 00:54:33 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/03/25 00:54:33 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/03/25 00:54:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/03/25 00:54:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/03/25 00:54:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/03/25 00:54:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/03/25 00:54:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/03/25 00:54:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/03/25 00:54:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/03/25 00:54:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/03/25 00:54:32 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/03/25 00:54:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/03/25 00:54:32 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/03/25 00:54:32 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/03/25 00:54:32 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/03/25 00:54:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/03/25 00:54:31 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2011/03/25 00:54:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/03/25 00:54:31 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/03/25 00:54:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/03/25 00:54:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/03/25 00:54:30 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/03/25 00:54:30 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/03/25 00:54:30 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/03/25 00:54:30 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/03/25 00:54:30 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/03/25 00:54:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/03/25 00:54:29 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2011/03/25 00:54:29 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/03/25 00:54:25 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/03/25 00:54:24 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/03/25 00:54:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/03/25 00:54:22 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/03/25 00:54:22 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/03/25 00:54:22 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/03/25 00:54:22 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/03/25 00:54:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/03/25 00:54:22 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/03/25 00:54:21 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/03/25 00:54:21 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/03/25 00:54:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/03/25 00:54:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/03/25 00:54:20 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/03/25 00:54:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/03/25 00:54:20 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/03/25 00:54:19 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/03/25 00:54:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/03/25 00:54:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/03/25 00:54:12 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/03/25 00:54:12 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/03/25 00:54:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/03/25 00:54:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/03/25 00:54:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/03/25 00:54:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/03/25 00:54:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/03/25 00:54:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/03/25 00:54:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/03/25 00:54:08 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/03/25 00:54:08 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/03/25 00:54:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/03/25 00:54:07 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/03/25 00:54:04 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/03/25 00:54:04 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/03/25 00:54:04 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/03/25 00:54:04 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/03/25 00:54:04 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/03/25 00:54:04 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/03/25 00:54:03 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/03/25 00:54:03 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/03/25 00:54:03 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/03/25 00:54:03 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/03/25 00:54:03 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/03/25 00:54:03 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/03/25 00:54:03 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/03/25 00:54:03 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/03/25 00:54:02 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/03/25 00:54:02 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/03/25 00:54:02 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/03/25 00:54:02 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/03/25 00:54:02 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/03/25 00:54:01 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/03/25 00:54:00 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/03/25 00:53:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/03/25 00:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/03/25 00:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/03/25 00:53:55 | 000,000,000 | ---D | C] -- C:\DELL
[2011/03/25 00:53:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/03/25 00:52:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/03/25 00:52:37 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/03/25 00:52:37 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/03/25 00:52:27 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/03/25 00:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/03/25 00:52:03 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2011/03/25 00:52:03 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2011/03/25 00:52:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2011/03/25 00:52:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2011/03/25 00:52:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/03/25 00:52:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2011/03/25 00:51:55 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2011/03/25 00:51:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/03/25 00:51:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2011/03/25 00:51:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2011/03/25 00:51:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/03/25 00:51:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/03/25 00:51:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2011/03/25 00:51:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2011/03/25 00:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/03/25 00:51:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/03/25 00:51:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/03/25 00:51:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/03/25 00:51:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2011/03/25 00:51:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2011/03/25 00:51:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/03/25 00:51:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/03/25 00:51:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2011/03/25 00:51:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/03/25 00:51:50 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2011/03/25 00:51:50 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2011/03/25 00:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/03/25 00:51:48 | 000,726,078 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2011/03/25 00:51:47 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2011/03/25 00:51:47 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2011/03/25 00:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/03/25 00:51:46 | 000,851,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2011/03/25 00:51:46 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/03/25 00:51:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/03/25 00:51:45 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/03/25 00:51:45 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/03/25 00:51:45 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/03/25 00:51:45 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/03/25 00:51:45 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/03/25 00:51:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2011/03/25 00:51:44 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/03/25 00:51:44 | 000,327,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/03/25 00:51:44 | 000,327,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2011/03/25 00:51:44 | 000,209,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2011/03/25 00:51:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/03/25 00:51:44 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/03/25 00:51:43 | 001,929,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2011/03/25 00:51:43 | 000,217,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2011/03/25 00:51:43 | 000,194,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/03/25 00:51:43 | 000,194,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2011/03/25 00:51:43 | 000,172,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/03/25 00:51:43 | 000,172,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2011/03/25 00:51:43 | 000,053,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/03/25 00:51:43 | 000,035,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/03/25 00:51:43 | 000,035,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011/03/25 00:51:43 | 000,022,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2011/03/25 00:51:42 | 000,575,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/03/25 00:51:42 | 000,575,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2011/03/25 00:51:42 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2011/03/25 00:51:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/03/25 00:51:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2011/03/25 00:51:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2011/03/25 00:51:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/03/25 00:51:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2011/03/25 00:51:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/03/25 00:51:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2011/03/25 00:51:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/03/25 00:51:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2011/03/25 00:51:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2011/03/25 00:51:39 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2011/03/25 00:51:39 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2011/03/25 00:51:39 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2011/03/25 00:51:39 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2011/03/25 00:51:39 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2011/03/25 00:51:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2011/03/25 00:51:38 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/03/25 00:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/03/25 00:51:26 | 000,565,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2011/03/25 00:51:26 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2011/03/25 00:51:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2011/03/25 00:51:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2011/03/25 00:51:26 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2011/03/25 00:51:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2011/03/25 00:51:25 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2011/03/25 00:51:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2011/03/25 00:51:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/03/25 00:51:23 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2011/03/25 00:51:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/03/25 00:51:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2011/03/25 00:51:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/03/25 00:51:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2011/03/25 00:51:23 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/03/25 00:51:23 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2011/03/25 00:51:22 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2011/03/25 00:51:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2011/03/25 00:51:21 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2011/03/25 00:51:20 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2011/03/25 00:51:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/03/25 00:51:20 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2011/03/25 00:51:20 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2011/03/25 00:51:19 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2011/03/25 00:51:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/03/25 00:51:19 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2011/03/25 00:51:19 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2011/03/25 00:51:19 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2011/03/25 00:51:19 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2011/03/25 00:51:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2011/03/25 00:51:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2011/03/25 00:51:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2011/03/25 00:51:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/03/25 00:51:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/03/25 00:51:18 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2011/03/25 00:51:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/03/25 00:51:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2011/03/25 00:51:18 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2011/03/25 00:51:18 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/03/25 00:51:18 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2011/03/25 00:51:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2011/03/25 00:51:18 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/03/25 00:51:18 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2011/03/25 00:51:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/03/25 00:51:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2011/03/25 00:51:17 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2011/03/25 00:51:17 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2011/03/25 00:51:17 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2011/03/25 00:51:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2011/03/25 00:51:17 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2011/03/25 00:51:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2011/03/25 00:51:16 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2011/03/25 00:51:16 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2011/03/25 00:51:16 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2011/03/25 00:51:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2011/03/25 00:51:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2011/03/25 00:51:16 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2011/03/25 00:51:16 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2011/03/25 00:51:16 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2011/03/25 00:51:15 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2011/03/25 00:51:15 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2011/03/25 00:51:15 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/03/25 00:51:15 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2011/03/25 00:51:15 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2011/03/25 00:51:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/03/25 00:51:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2011/03/25 00:51:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2011/03/25 00:51:15 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/03/25 00:51:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2011/03/25 00:51:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2011/03/25 00:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/03/25 00:51:14 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/03/25 00:51:14 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2011/03/25 00:51:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2011/03/25 00:51:14 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2011/03/25 00:51:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/03/25 00:51:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2011/03/25 00:51:13 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2011/03/25 00:51:12 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2011/03/25 00:51:12 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2011/03/25 00:51:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2011/03/25 00:51:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/03/25 00:51:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2011/03/25 00:51:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2011/03/25 00:51:12 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2011/03/25 00:51:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/03/25 00:51:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2011/03/25 00:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/03/25 00:51:11 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/03/25 00:51:11 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2011/03/25 00:51:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/03/25 00:51:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2011/03/25 00:51:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/03/25 00:51:11 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2011/03/25 00:51:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2011/03/25 00:51:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2011/03/25 00:51:11 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2011/03/25 00:51:10 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2011/03/25 00:51:10 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2011/03/25 00:51:10 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2011/03/25 00:51:10 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2011/03/25 00:51:10 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2011/03/25 00:51:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2011/03/25 00:51:10 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2011/03/25 00:51:09 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2011/03/25 00:51:09 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2011/03/25 00:51:09 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2011/03/25 00:51:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2011/03/25 00:51:09 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2011/03/25 00:51:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2011/03/25 00:51:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2011/03/25 00:51:09 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2011/03/25 00:51:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2011/03/25 00:51:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2011/03/25 00:51:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2011/03/25 00:51:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2011/03/25 00:51:08 | 000,565,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2011/03/25 00:51:08 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2011/03/25 00:51:08 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2011/03/25 00:51:08 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2011/03/25 00:51:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2011/03/25 00:51:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2011/03/25 00:51:08 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2011/03/25 00:51:08 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2011/03/25 00:51:08 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2011/03/25 00:51:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2011/03/25 00:51:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2011/03/25 00:51:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2011/03/25 00:51:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2011/03/25 00:51:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2011/03/25 00:51:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2011/03/25 00:51:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2011/03/25 00:51:07 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/03/25 00:51:07 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2011/03/25 00:51:07 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2011/03/25 00:51:07 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2011/03/25 00:51:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2011/03/25 00:51:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2011/03/25 00:51:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2011/03/25 00:51:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2011/03/25 00:51:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2011/03/25 00:51:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2011/03/25 00:51:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2011/03/25 00:51:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2011/03/25 00:51:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2011/03/25 00:51:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2011/03/25 00:51:06 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2011/03/25 00:51:06 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2011/03/25 00:51:06 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2011/03/25 00:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/03/25 00:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/03/25 00:51:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/03/25 00:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/03/25 00:50:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/03/25 00:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/03/25 00:50:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/03/25 00:50:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/03/25 00:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/03/25 00:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/03/25 00:50:02 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/03/25 00:50:02 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/03/25 00:50:02 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/03/25 00:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/03/25 00:50:01 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2011/03/25 00:50:01 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2011/03/25 00:50:01 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2011/03/25 00:50:01 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2011/03/25 00:50:01 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2011/03/25 00:50:01 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2011/03/25 00:50:01 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2011/03/25 00:50:01 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2011/03/25 00:50:01 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2011/03/25 00:50:01 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2011/03/25 00:50:00 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2011/03/25 00:50:00 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2011/03/25 00:50:00 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2011/03/25 00:50:00 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2011/03/25 00:50:00 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2011/03/25 00:50:00 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2011/03/25 00:50:00 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2011/03/25 00:50:00 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2011/03/25 00:49:59 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2011/03/25 00:49:59 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2011/03/25 00:49:59 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2011/03/25 00:49:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/03/25 00:49:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2011/03/25 00:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/03/25 00:49:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/03/25 00:49:52 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/03/25 00:49:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2011/03/25 00:49:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/03/25 00:49:52 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/03/25 00:49:52 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2011/03/25 00:49:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2011/03/25 00:49:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/03/25 00:49:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/03/25 00:49:51 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2011/03/25 00:49:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2011/03/25 00:49:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/03/25 00:49:46 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/03/25 00:49:46 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2011/03/25 00:49:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/03/25 00:49:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/03/25 00:49:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/03/25 00:49:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/03/25 00:49:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/03/25 00:49:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/03/25 00:49:45 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/03/25 00:49:45 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/03/25 00:49:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/03/25 00:49:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/03/25 00:49:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/03/25 00:49:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/03/25 00:49:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/03/25 00:49:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2011/03/25 00:49:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/03/25 00:49:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2011/03/25 00:49:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/03/25 00:49:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2011/03/25 00:49:44 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/03/25 00:49:44 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2011/03/25 00:49:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/03/25 00:49:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2011/03/25 00:49:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/03/25 00:49:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2011/03/25 00:49:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/03/25 00:49:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2011/03/25 00:49:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/03/25 00:49:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2011/03/25 00:49:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2011/03/25 00:49:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/03/25 00:49:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/03/25 00:49:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2011/03/25 00:49:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/03/25 00:49:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2011/03/25 00:49:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/03/25 00:49:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2011/03/25 00:49:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/03/25 00:49:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2011/03/25 00:49:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/03/25 00:49:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2011/03/25 00:49:43 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2011/03/25 00:49:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2011/03/25 00:49:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2011/03/25 00:49:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2011/03/25 00:49:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2011/03/25 00:49:40 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2011/03/25 00:49:40 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2011/03/25 00:49:40 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2011/03/25 00:49:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2011/03/25 00:49:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2011/03/25 00:49:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2011/03/25 00:49:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2011/03/25 00:49:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2011/03/25 00:49:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2011/03/25 00:49:40 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2011/03/25 00:49:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2011/03/25 00:49:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2011/03/25 00:49:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2011/03/25 00:49:26 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/03/25 00:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/03/25 00:49:25 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2011/03/25 00:49:25 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/03/25 00:49:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2011/03/25 00:49:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/03/25 00:49:25 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/03/25 00:49:25 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2011/03/25 00:49:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/03/25 00:49:25 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/03/25 00:49:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2011/03/25 00:49:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/03/25 00:49:24 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/03/25 00:49:24 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2011/03/25 00:49:24 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/03/25 00:49:24 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2011/03/25 00:49:24 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2011/03/25 00:49:24 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/03/25 00:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/03/25 00:49:23 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/03/25 00:49:23 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2011/03/25 00:49:23 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/03/25 00:49:23 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/03/25 00:49:23 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2011/03/25 00:49:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/03/25 00:49:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2011/03/25 00:49:23 | 000,022,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2011/03/25 00:49:23 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2011/03/25 00:49:22 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2011/03/25 00:49:22 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/03/25 00:49:21 | 002,689,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011/03/25 00:49:21 | 001,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011/03/25 00:49:21 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2011/03/25 00:49:21 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/03/25 00:49:21 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2011/03/25 00:49:21 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2011/03/25 00:49:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/03/25 00:49:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2011/03/25 00:49:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2011/03/25 00:49:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/03/25 00:49:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2011/03/25 00:49:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/03/25 00:49:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2011/03/25 00:49:20 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2011/03/25 00:49:20 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2011/03/25 00:49:20 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/03/25 00:49:20 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2011/03/25 00:49:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/03/25 00:49:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2011/03/25 00:49:20 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2011/03/25 00:49:20 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/03/25 00:49:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/03/25 00:49:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2011/03/25 00:49:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/03/25 00:49:20 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2011/03/25 00:49:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2011/03/25 00:49:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2011/03/25 00:49:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/03/25 00:49:19 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/03/25 00:49:19 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2011/03/25 00:49:19 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/03/25 00:49:19 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2011/03/25 00:49:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/03/25 00:49:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2011/03/25 00:49:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/03/25 00:49:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2011/03/25 00:49:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2011/03/25 00:49:18 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2011/03/25 00:49:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2011/03/25 00:49:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/03/25 00:49:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2011/03/25 00:49:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2011/03/25 00:49:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/03/25 00:49:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2011/03/25 00:49:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/03/25 00:49:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2011/03/25 00:49:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2011/03/25 00:49:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/03/25 00:49:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2011/03/25 00:49:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2011/03/25 00:49:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/03/25 00:49:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2011/03/25 00:49:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/03/25 00:49:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2011/03/25 00:49:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/03/25 00:49:17 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2011/03/25 00:49:17 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2011/03/25 00:49:17 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2011/03/25 00:49:17 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2011/03/25 00:49:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2011/03/25 00:49:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/03/25 00:49:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2011/03/25 00:49:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/03/25 00:49:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/03/25 00:49:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2011/03/25 00:49:16 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2011/03/25 00:49:16 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2011/03/25 00:49:16 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2011/03/25 00:49:16 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/03/25 00:49:16 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2011/03/25 00:49:16 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2011/03/25 00:49:16 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/03/25 00:49:15 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2011/03/25 00:49:15 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2011/03/25 00:49:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2011/03/25 00:49:14 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2011/03/25 00:49:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2011/03/25 00:49:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2011/03/25 00:49:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2011/03/25 00:49:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2011/03/25 00:49:14 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2011/03/25 00:49:14 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2011/03/25 00:49:14 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2011/03/25 00:49:14 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2011/03/25 00:49:14 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2011/03/25 00:49:14 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2011/03/25 00:49:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2011/03/25 00:49:14 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2011/03/25 00:49:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2011/03/25 00:49:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2011/03/25 00:49:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2011/03/25 00:49:13 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2011/03/25 00:49:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2011/03/25 00:49:13 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2011/03/25 00:49:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2011/03/25 00:49:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2011/03/25 00:49:13 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2011/03/25 00:49:13 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2011/03/25 00:49:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2011/03/25 00:49:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2011/03/25 00:49:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2011/03/25 00:49:13 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2011/03/25 00:49:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2011/03/25 00:49:12 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2011/03/25 00:49:12 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2011/03/25 00:49:12 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2011/03/25 00:49:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2011/03/25 00:49:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2011/03/25 00:49:11 | 001,358,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2011/03/25 00:49:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2011/03/25 00:49:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/03/25 00:49:11 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/03/25 00:49:11 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2011/03/25 00:49:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/03/25 00:49:11 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2011/03/25 00:49:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/03/25 00:49:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2011/03/25 00:48:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/03/24 23:56:07 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2011/03/24 23:56:01 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2011/03/24 23:56:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2011/03/24 23:55:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/03/24 23:50:43 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/03/24 23:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/03/24 23:50:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2011/03/24 23:50:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2011/03/24 23:50:40 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2011/03/24 23:50:39 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2011/03/24 23:50:39 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2011/03/24 23:50:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/03/24 23:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/03/24 23:50:38 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/03/24 23:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/03/24 23:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/03/24 23:50:36 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2011/03/24 23:50:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2011/03/24 23:50:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2011/03/24 23:50:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2011/03/24 23:50:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2011/03/24 23:50:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2011/03/24 23:50:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/03/24 23:50:34 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/03/24 23:50:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2011/03/24 23:50:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2011/03/24 23:50:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/03/24 23:50:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/03/24 23:50:32 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2011/03/24 23:50:32 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2011/03/24 23:50:30 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/03/24 23:50:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2011/03/24 23:50:30 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/03/24 23:50:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2011/03/24 23:50:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/03/24 23:50:30 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/03/24 23:50:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2011/03/24 23:50:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2011/03/24 23:50:30 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/03/24 23:50:30 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/03/24 23:50:30 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/03/24 23:50:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2011/03/24 23:50:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2011/03/24 23:50:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2011/03/24 23:50:29 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/03/24 23:50:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2011/03/24 23:50:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/03/24 23:50:29 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/03/24 23:50:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2011/03/24 23:50:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2011/03/24 23:50:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/03/24 23:50:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/03/24 23:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2011/03/24 23:50:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2011/03/24 23:50:27 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/03/24 23:50:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/03/24 23:50:27 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2011/03/24 23:50:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2011/03/24 23:50:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/03/24 23:50:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/03/24 23:50:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/03/24 23:50:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2011/03/24 23:50:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2011/03/24 23:50:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2011/03/24 23:50:23 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2011/03/24 23:50:23 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/03/24 23:50:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/03/24 23:50:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/03/24 23:50:22 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/03/24 23:50:22 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2011/03/24 23:50:22 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2011/03/24 23:50:22 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/03/24 23:50:22 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/03/24 23:50:22 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/03/24 23:50:22 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/03/24 23:50:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/03/24 23:50:22 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/03/24 23:50:22 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/03/24 23:50:22 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/03/24 23:50:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/03/24 23:50:22 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/03/24 23:50:22 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/03/24 23:50:22 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/03/24 23:50:22 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/03/24 23:50:21 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/03/24 23:50:21 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/03/24 23:50:21 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/03/24 23:50:21 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/03/24 23:50:21 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/03/24 23:50:21 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/03/24 23:50:21 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/03/24 23:50:21 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/03/24 23:50:21 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/03/24 23:50:21 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/03/24 23:50:21 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/03/24 23:50:20 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2011/03/24 23:50:20 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/03/24 23:50:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/03/24 23:50:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2011/03/24 23:50:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2011/03/24 23:50:20 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2011/03/24 23:50:20 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/03/24 23:50:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/03/24 23:50:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/03/24 23:50:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/03/24 23:50:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/03/24 23:50:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/03/24 23:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/03/24 23:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/03/24 23:49:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/03/24 23:49:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/03/24 23:49:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/03/24 23:49:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/03/24 23:49:27 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/03/24 23:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/03/24 23:44:49 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/03/24 23:44:49 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/03/24 23:44:49 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/03/24 23:44:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/03/24 23:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/09 14:33:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/09 14:32:24 | 000,170,397 | ---- | M] () -- C:\WINDOWS\System32\wscntfymgr.exe
[2011/04/09 14:29:10 | 000,754,198 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2011/04/09 14:28:48 | 000,248,846 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
[2011/04/09 13:49:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/09 13:44:28 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/09 13:39:40 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/09 13:25:42 | 004,317,112 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/04/08 17:51:21 | 000,170,397 | ---- | M] () -- C:\WINDOWS\System32\wuaucltmgr.exe
[2011/04/08 17:50:15 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 22:20:22 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.pif
[2011/03/27 11:07:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2011/03/27 11:05:55 | 000,312,814 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/27 11:05:55 | 000,040,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/27 11:05:18 | 000,799,107 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/03/27 11:01:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/03/26 21:30:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/26 21:24:34 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2011/03/26 20:55:26 | 001,345,408 | ---- | M] (Lenovo Group Limited ) -- C:\Documents and Settings\User\Desktop\1yuj18us.exe
[2011/03/25 00:58:54 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/25 00:58:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/25 00:56:57 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/03/25 00:55:57 | 000,000,605 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/25 00:53:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/25 00:53:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/25 00:53:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/25 00:53:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/25 00:53:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/25 00:53:32 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/25 00:53:32 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/25 00:53:32 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/25 00:53:21 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/25 00:50:57 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/25 00:48:15 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/24 23:50:46 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2011/03/20 17:07:56 | 000,475,146 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 14:28:48 | 000,248,846 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SystemLook.exe
[2011/04/08 17:51:21 | 000,170,397 | ---- | C] () -- C:\WINDOWS\System32\wuaucltmgr.exe
[2011/04/08 17:50:37 | 004,317,112 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2011/04/04 22:22:42 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.pif
[2011/04/04 22:22:42 | 000,475,146 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.exe
[2011/03/27 12:51:56 | 000,170,397 | ---- | C] () -- C:\WINDOWS\System32\wscntfymgr.exe
[2011/03/27 11:07:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2011/03/27 11:06:38 | 000,799,107 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2011/03/27 11:06:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Defogger.exe
[2011/03/26 21:30:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/26 21:30:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/26 21:30:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/26 21:30:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/26 21:30:19 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/26 21:30:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/26 21:30:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/25 01:04:09 | 000,254,348 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/03/25 00:58:54 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/03/25 00:58:45 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Outlook Express.lnk
[2011/03/25 00:58:43 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/25 00:58:43 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Internet Explorer.lnk
[2011/03/25 00:58:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Remote Assistance.lnk
[2011/03/25 00:58:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Windows Media Player.lnk
[2011/03/25 00:56:57 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/03/25 00:55:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/25 00:55:17 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/03/25 00:55:00 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/03/25 00:54:55 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/03/25 00:54:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/03/25 00:54:52 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/03/25 00:54:41 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/03/25 00:54:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/03/25 00:54:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/03/25 00:54:22 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/03/25 00:53:45 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/25 00:53:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/25 00:53:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/25 00:53:45 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/03/25 00:53:45 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/03/25 00:53:32 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/25 00:53:32 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/25 00:53:30 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/25 00:52:26 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/03/25 00:52:15 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/03/25 00:52:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/03/25 00:52:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/03/25 00:51:55 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/03/25 00:51:21 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2011/03/25 00:50:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/25 00:50:10 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/03/25 00:50:09 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/03/25 00:49:48 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/03/25 00:49:47 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/03/25 00:49:47 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/03/25 00:49:47 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/03/25 00:49:47 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/03/25 00:49:47 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/03/25 00:49:47 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/03/25 00:49:47 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/03/25 00:49:47 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/03/25 00:49:47 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/03/25 00:49:47 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/03/25 00:49:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/03/25 00:49:44 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/03/25 00:49:44 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/03/25 00:49:39 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/03/24 23:50:46 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2011/03/24 23:50:45 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/03/24 23:50:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/24 23:50:40 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/03/24 23:50:40 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/03/24 23:50:40 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/03/24 23:50:39 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/03/24 23:50:20 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/03/24 23:50:07 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/03/24 23:50:07 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/03/24 23:50:07 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/03/24 23:50:07 | 000,402,264 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/03/24 23:50:07 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/03/24 23:50:07 | 000,171,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2011/03/24 23:50:07 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/03/24 23:50:07 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/03/24 23:50:07 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/03/24 23:50:07 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/03/24 23:50:07 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/03/24 23:50:07 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/03/24 23:50:07 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/03/24 23:50:07 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/03/24 23:50:07 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/03/24 23:50:07 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/03/24 23:50:07 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/03/24 23:49:26 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/24 23:48:28 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2011/03/24 23:48:24 | 000,000,605 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/03/05 20:18:34 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\FontReg.exe
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/12 15:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/12 15:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/12 15:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/12 15:03:20 | 000,312,814 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/12 15:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/12 15:03:19 | 000,040,844 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/12 15:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/12 14:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/12 14:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/12 14:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

========== Custom Scans ==========



< MD5 for: CSRSS.EXE >
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\explorer.exe
[2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=2BB75B7F548D82A099125D0C5971DE7D -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/12/23 16:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/12/23 16:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\dllcache\services.exe
[2009/12/23 16:05:20 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=C519E15665CD89A91AD383FCE3CB556A -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >
[2008/04/14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008/04/14 05:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004/08/04 01:56:58 | 000,152,576 | ---- | M] (Microsoft Corporation) MD5=DA5CF1C368B33D75602FD6B3A7F5E0C6 -- C:\cmdcons\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINLOGON.EXE >
[2009/04/02 15:56:36 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2009/04/02 15:56:36 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2009/04/02 15:56:36 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=53A8857723277B1D6D5EE60A9F85B117 -- C:\WINDOWS\system32\winlogon.exe

< End of report >



------------------------------------



OTL Extras logfile created on: 09/04/2011 14:47:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 778.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.05 Gb Total Space | 138.50 Gb Free Space | 95.49% Space Free | Partition Type: NTFS
Drive E: | 123.21 Mb Total Space | 65.53 Mb Free Space | 53.18% Space Free | Partition Type: FAT

Computer Name: USER-CA3987A608 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 09/04/2011 09:31:34 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\User\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 09/04/2011 09:32:04 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 09/04/2011 09:32:04 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 09/04/2011 09:32:04 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\User\Desktop\iexplore.exe.
Reference
error message: The operation completed successfully. .

Error - 09/04/2011 09:32:14 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 09/04/2011 09:32:14 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 09/04/2011 09:32:14 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\User\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .

Error - 09/04/2011 09:33:55 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 09/04/2011 09:33:55 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 09/04/2011 09:33:55 | Computer Name = USER-CA3987A608 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Documents and Settings\User\Desktop\SystemLook.exe.
Reference
error message: The operation completed successfully. .


< End of report >

#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:15 PM

Posted 10 April 2011 - 09:52 AM

Hi Jeebus,


Since we are going to use a USB flash drive to transport files and logs back and forth we should disinfect the both computers to avoid re-infection.


Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Please run it on both computers (the clean and the infected one).



Next please use a clean PC to download the following tool:
Click here to download Kaspersky Virus Removal Tool.

  • Use a usb flash drive to move the setup file to the infected PC. (don't forget to use Flash_Desinfector first).
  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop.
  • After that leave what is selected and put a check next to My Computer.
  • Click on the option that says Threat Detection and change it to Disinfect => Do not select, delete if disinfection fails.
  • Then click on Start Scan.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done no log will be produced.
  • Click on the bottom where it says Report to open the report.
  • Then highlight of of the items found by using ctrl + a on your keyboard to select all or use your mouse to select all then right click and choose copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.


Note: This tool will self uninstall when you close it so please save the log before closing it.




Regards,
Georgi

cXfZ4wS.png


#15 Jeebus

Jeebus
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Glasgow, Scotland
  • Local time:10:15 AM

Posted 10 April 2011 - 12:09 PM

Hey

The log should be attached to this post

Thanks!

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users