Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton, MBAM and SAS say PC is clean. Is it really???


  • This topic is locked This topic is locked
30 replies to this topic

#1 XPUser24

XPUser24

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 October 2012 - 08:36 AM

Hi,

I was contacted by BT some time ago and told that my internet usage had exceeded my download limits. It turned out that someone was using my wireless connection (my fault - default password on the hub). The PC soon starting behaving strangely - Google redirecting, 50% CPU all the time, apps starting up by themselves etc. At the time I was relying on Windows Defender and ZoneAlarm for protection.

I decided this was a good time to backup all of my photos, music, work etc. to external drives, reformat the disk and re-install Windows XP. I deleted all partitions and re-created a new one using all space available. I went for the full format (not the quick one).

I purchased Norton Internet Security 2012 and download MBAM and SuperAntiSpyware. These found a few nasties on the external disks but managed to quarantine and removed them all. I then copied all of my files back onto the PC.

Since then I've been very careful not to download or execute anything that could contain malicious software but the PC now seems to run slower than before and the overall response seems sluggish. I'm wondering whether the PC still has some kind of infection. Perhaps some files on the external disks were infected when I backed up and I've re-infected the PC when copying everything back to the PC.

The system is an HP desktop running Windows XP SP3. Internet connection via BT Home Hub 1.0 with BT Vision connected.

I do the following to stay safe:
  • Windows Update set to automatic
  • Norton Internet Security 2012 - automatic updates enabled. Auto-scan every 6 hours. Finds the odd tracking cookie and automatically removes but nothing more
  • Block unwanted parasites with hosts file from winhelp2002 web site
  • Wired connection to BT Home Hub. Wireless disabled. Strong admin password
  • Latest version of Firefox with NoScript add-on. 3rd party cookies disabled and Microsoft DRM add-ins disabled
  • System Restore switched off
  • Java set to automatic updates (currently version 6 update 35)
  • All software installed from genuine CD/DVD.
  • Always browse the web using a 'user' account rather than admin account
  • Unplug PC from hub when not in use
  • Regular weekly definition update and scan using the free versions of MBAM and SAS
  • Regularly run CCleaner to remove temp files etc.
  • Have recently run scans in safe mode and nothing was found by Norton, SAS or MBAM
  • Have also scanned the external disks (not in safe mode) and nothing was found.
  • No P2P software of any kind
  • Only visit 'clean' web sites - Google, Hotmail, BBC, shopping on eBay, Amazon, ...etc.

I'd really like to scan the PC and the external disks to a deeper level to ensure everything is clean. I have a nagging feeling that something's not right. I've done some reading on this site and I wonder if a rootkit or something similar could be present and hiding from the tools I'm using.

I'd really appreciate some advice on what to do next. I don't want to start downloading further utilities and diagnostic tools without guidance on safe places to download from and expert help in understanding the results.

What should my next steps be?

Many thanks



BC AdBot (Login to Remove)

 


#2 Quote

Quote

  • Banned
  • 173 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 17 October 2012 - 09:03 AM

Hello and welcome to BC!

First of all, your version of Java is outdated, the last version of Java is Java 7 Update 7.

Pleas do this: UPDATE THE PROGRAM FIRST: Run a full scan of Malwarebytes' Anti-Malware. Post the logfile in your next reply.
Download and run SecurityChek and post the logfile in your next reply.

Turn also system restore back on, if something goes wrong you can restore it.

I think it is also beter for you to download KeyScrambler Personal. It will change all things you enter to a other icon in Firefox. (a will be / for example).
Posted Image

Pleas post in your next reply this logfiles:
  • Malwarebytes' Anti-Malware
  • SecurityChek
If you have any problems, tell it to me.




#3 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 October 2012 - 11:46 AM

Thanks, just want to check something... The Java Automatic update tells me that I'm on the latest version (6 update 35) and won't download version 7.

I guess I need to download version 7 'manually'. Where is the best place to get it from? And then Add/Remove programs to remove the old version 6?

Many thanks

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 AM

Posted 17 October 2012 - 11:47 AM

Hello XPUser24,

I don't think Quote has fully read your post. I see you mention MBAM says your machine is clean with scans run recently in safemode, and by your descriptions I'd like to take a different course of action. Let's save the updates for later.

Step :step1:


  • Double click ListParts.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

==========

Step :step2:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note*** If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

==========

Please include the ListParts log and the TDSSKiller log in your next reply!

bloopie

Edited by bloopie, 17 October 2012 - 11:50 AM.
Fixed typo


#5 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 17 October 2012 - 02:05 PM

Hi,

Thank you very much for the quick response. Here are the logs from ListParts and TDSSKiller as requested.


ListParts by Farbar Version: 16-10-2012
Ran by Admin (administrator) on 17-10-2012 at 19:46:18
Windows XP (X86)
Running From: C:\System\New Build Oct 2012\ListParts
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3061.11 MB
Available physical RAM: 2510.64 MB
Total Pagefile: 4946.21 MB
Available Pagefile: 4437.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.84 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.75 GB) (Free:408.01 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 466 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 466 GB Healthy System (partition with boot components)
======================================================================================================

****** End Of Log ******




19:48:02.0515 3844 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:48:02.0531 3844 ============================================================
19:48:02.0531 3844 Current date / time: 2012/10/17 19:48:02.0531
19:48:02.0531 3844 SystemInfo:
19:48:02.0531 3844
19:48:02.0531 3844 OS Version: 5.1.2600 ServicePack: 3.0
19:48:02.0531 3844 Product type: Workstation
19:48:02.0531 3844 ComputerName: PC-053DAA42FD
19:48:02.0531 3844 UserName: Admin
19:48:02.0531 3844 Windows directory: C:\WINDOWS
19:48:02.0531 3844 System windows directory: C:\WINDOWS
19:48:02.0531 3844 Processor architecture: Intel x86
19:48:02.0531 3844 Number of processors: 2
19:48:02.0531 3844 Page size: 0x1000
19:48:02.0531 3844 Boot type: Normal boot
19:48:02.0531 3844 ============================================================
19:48:04.0031 3844 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:48:04.0031 3844 ============================================================
19:48:04.0031 3844 \Device\Harddisk0\DR0:
19:48:04.0031 3844 MBR partitions:
19:48:04.0031 3844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:48:04.0031 3844 ============================================================
19:48:04.0062 3844 C: <-> \Device\Harddisk0\DR0\Partition1
19:48:04.0062 3844 ============================================================
19:48:04.0062 3844 Initialize success
19:48:04.0062 3844 ============================================================
19:48:26.0671 3356 ============================================================
19:48:26.0671 3356 Scan started
19:48:26.0671 3356 Mode: Manual; SigCheck; TDLFS;
19:48:26.0671 3356 ============================================================
19:48:26.0828 3356 ================ Scan system memory ========================
19:48:26.0828 3356 System memory - ok
19:48:26.0828 3356 ================ Scan services =============================
19:48:26.0859 3356 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:48:27.0453 3356 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
19:48:27.0453 3356 !SASCORE - detected UnsignedFile.Multi.Generic (1)
19:48:27.0500 3356 Abiosdsk - ok
19:48:27.0500 3356 abp480n5 - ok
19:48:27.0546 3356 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:48:27.0906 3356 ACPI - ok
19:48:27.0937 3356 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:48:28.0078 3356 ACPIEC - ok
19:48:28.0078 3356 adpu160m - ok
19:48:28.0109 3356 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:48:28.0203 3356 aec - ok
19:48:28.0234 3356 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:48:28.0265 3356 AFD - ok
19:48:28.0265 3356 Aha154x - ok
19:48:28.0265 3356 aic78u2 - ok
19:48:28.0281 3356 aic78xx - ok
19:48:28.0312 3356 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:48:28.0390 3356 Alerter - ok
19:48:28.0406 3356 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:48:28.0500 3356 ALG - ok
19:48:28.0500 3356 AliIde - ok
19:48:28.0500 3356 amsint - ok
19:48:28.0515 3356 AppMgmt - ok
19:48:28.0515 3356 asc - ok
19:48:28.0515 3356 asc3350p - ok
19:48:28.0515 3356 asc3550 - ok
19:48:28.0593 3356 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:48:28.0625 3356 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
19:48:28.0625 3356 aspnet_state - detected UnsignedFile.Multi.Generic (1)
19:48:28.0656 3356 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:48:28.0734 3356 AsyncMac - ok
19:48:28.0765 3356 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:48:28.0828 3356 atapi - ok
19:48:28.0843 3356 Atdisk - ok
19:48:28.0859 3356 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:48:28.0937 3356 Atmarpc - ok
19:48:28.0968 3356 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:48:29.0031 3356 AudioSrv - ok
19:48:29.0078 3356 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:48:29.0156 3356 audstub - ok
19:48:29.0187 3356 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:48:29.0265 3356 Beep - ok
19:48:29.0359 3356 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
19:48:29.0390 3356 BHDrvx86 - ok
19:48:29.0421 3356 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:48:29.0515 3356 BITS - ok
19:48:29.0546 3356 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:48:29.0562 3356 Browser - ok
19:48:29.0578 3356 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:48:29.0671 3356 cbidf2k - ok
19:48:29.0750 3356 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys
19:48:29.0765 3356 ccSet_NIS - ok
19:48:29.0765 3356 cd20xrnt - ok
19:48:29.0765 3356 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:48:29.0859 3356 Cdaudio - ok
19:48:29.0875 3356 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:48:29.0968 3356 Cdfs - ok
19:48:30.0000 3356 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:48:30.0093 3356 Cdrom - ok
19:48:30.0093 3356 Changer - ok
19:48:30.0125 3356 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:48:30.0203 3356 CiSvc - ok
19:48:30.0203 3356 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:48:30.0281 3356 ClipSrv - ok
19:48:30.0281 3356 CmdIde - ok
19:48:30.0281 3356 COMSysApp - ok
19:48:30.0296 3356 Cpqarray - ok
19:48:30.0296 3356 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:48:30.0375 3356 CryptSvc - ok
19:48:30.0375 3356 dac2w2k - ok
19:48:30.0375 3356 dac960nt - ok
19:48:30.0421 3356 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:48:30.0453 3356 DcomLaunch - ok
19:48:30.0500 3356 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:48:30.0578 3356 Dhcp - ok
19:48:30.0593 3356 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:48:30.0687 3356 Disk - ok
19:48:30.0687 3356 dmadmin - ok
19:48:30.0718 3356 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:48:30.0812 3356 dmboot - ok
19:48:30.0828 3356 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:48:30.0906 3356 dmio - ok
19:48:30.0953 3356 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:48:31.0031 3356 dmload - ok
19:48:31.0062 3356 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:48:31.0140 3356 dmserver - ok
19:48:31.0171 3356 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:48:31.0265 3356 DMusic - ok
19:48:31.0296 3356 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:48:31.0328 3356 Dnscache - ok
19:48:31.0359 3356 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:48:31.0453 3356 Dot3svc - ok
19:48:31.0453 3356 dpti2o - ok
19:48:31.0484 3356 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:48:31.0562 3356 drmkaud - ok
19:48:31.0593 3356 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:48:31.0671 3356 EapHost - ok
19:48:31.0734 3356 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:48:31.0750 3356 eeCtrl - ok
19:48:31.0765 3356 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:48:31.0781 3356 EraserUtilRebootDrv - ok
19:48:31.0796 3356 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:48:31.0875 3356 ERSvc - ok
19:48:31.0921 3356 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:48:31.0937 3356 Eventlog - ok
19:48:31.0968 3356 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:48:32.0015 3356 EventSystem - ok
19:48:32.0046 3356 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:48:32.0140 3356 Fastfat - ok
19:48:32.0171 3356 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:48:32.0218 3356 FastUserSwitchingCompatibility - ok
19:48:32.0234 3356 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:48:32.0296 3356 Fdc - ok
19:48:32.0312 3356 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:48:32.0390 3356 Fips - ok
19:48:32.0390 3356 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:48:32.0468 3356 Flpydisk - ok
19:48:32.0500 3356 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:48:32.0578 3356 FltMgr - ok
19:48:32.0593 3356 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:48:32.0671 3356 Fs_Rec - ok
19:48:32.0687 3356 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:48:32.0765 3356 Ftdisk - ok
19:48:32.0781 3356 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:48:32.0859 3356 Gpc - ok
19:48:32.0890 3356 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:48:32.0968 3356 HDAudBus - ok
19:48:33.0031 3356 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:48:33.0125 3356 helpsvc - ok
19:48:33.0156 3356 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:48:33.0234 3356 HidServ - ok
19:48:33.0250 3356 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:48:33.0343 3356 hidusb - ok
19:48:33.0375 3356 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:48:33.0468 3356 hkmsvc - ok
19:48:33.0468 3356 hpn - ok
19:48:33.0500 3356 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:48:33.0515 3356 HTTP - ok
19:48:33.0531 3356 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:48:33.0609 3356 HTTPFilter - ok
19:48:33.0609 3356 i2omgmt - ok
19:48:33.0609 3356 i2omp - ok
19:48:33.0625 3356 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:48:33.0703 3356 i8042prt - ok
19:48:33.0812 3356 [ C4018896856A1A1F1F3A0A6EE7206551 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:48:34.0031 3356 ialm - ok
19:48:34.0109 3356 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121016.001\IDSxpx86.sys
19:48:34.0109 3356 IDSxpx86 - ok
19:48:34.0140 3356 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:48:34.0250 3356 Imapi - ok
19:48:34.0281 3356 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:48:34.0359 3356 ImapiService - ok
19:48:34.0359 3356 ini910u - ok
19:48:34.0468 3356 [ 14B48553BE78472D2BD3A518658A1710 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:48:34.0593 3356 IntcAzAudAddService - ok
19:48:34.0593 3356 IntelIde - ok
19:48:34.0640 3356 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:48:34.0703 3356 intelppm - ok
19:48:34.0718 3356 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:48:34.0796 3356 Ip6Fw - ok
19:48:34.0812 3356 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:48:34.0890 3356 IpFilterDriver - ok
19:48:34.0906 3356 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:48:34.0968 3356 IpInIp - ok
19:48:35.0000 3356 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:48:35.0062 3356 IpNat - ok
19:48:35.0078 3356 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:48:35.0156 3356 IPSec - ok
19:48:35.0171 3356 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:48:35.0234 3356 IRENUM - ok
19:48:35.0265 3356 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:48:35.0343 3356 isapnp - ok
19:48:35.0421 3356 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:48:35.0437 3356 JavaQuickStarterService - ok
19:48:35.0453 3356 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:48:35.0531 3356 Kbdclass - ok
19:48:35.0546 3356 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:48:35.0625 3356 kbdhid - ok
19:48:35.0640 3356 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:48:35.0718 3356 kmixer - ok
19:48:35.0750 3356 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:48:35.0796 3356 KSecDD - ok
19:48:35.0843 3356 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:48:35.0906 3356 lanmanserver - ok
19:48:35.0937 3356 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:48:35.0953 3356 lanmanworkstation - ok
19:48:35.0953 3356 lbrtfdc - ok
19:48:36.0000 3356 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:48:36.0078 3356 LmHosts - ok
19:48:36.0078 3356 lxci_device - ok
19:48:36.0140 3356 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:48:36.0156 3356 MDM - ok
19:48:36.0171 3356 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:48:36.0265 3356 Messenger - ok
19:48:36.0296 3356 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:48:36.0390 3356 mnmdd - ok
19:48:36.0421 3356 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:48:36.0500 3356 mnmsrvc - ok
19:48:36.0515 3356 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:48:36.0578 3356 Modem - ok
19:48:36.0609 3356 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:48:36.0671 3356 Mouclass - ok
19:48:36.0687 3356 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:48:36.0765 3356 mouhid - ok
19:48:36.0781 3356 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:48:36.0859 3356 MountMgr - ok
19:48:36.0906 3356 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:48:36.0921 3356 MozillaMaintenance - ok
19:48:36.0937 3356 mraid35x - ok
19:48:36.0984 3356 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:48:37.0000 3356 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:48:37.0000 3356 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)
19:48:37.0015 3356 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:48:37.0078 3356 MRxDAV - ok
19:48:37.0109 3356 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:48:37.0156 3356 MRxSmb - ok
19:48:37.0203 3356 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:48:37.0296 3356 MSDTC - ok
19:48:37.0296 3356 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:48:37.0375 3356 Msfs - ok
19:48:37.0390 3356 MSIServer - ok
19:48:37.0421 3356 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:48:37.0484 3356 MSKSSRV - ok
19:48:37.0515 3356 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:48:37.0593 3356 MSPCLOCK - ok
19:48:37.0609 3356 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:48:37.0687 3356 MSPQM - ok
19:48:37.0703 3356 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:48:37.0765 3356 mssmbios - ok
19:48:37.0796 3356 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:48:37.0828 3356 Mup - ok
19:48:37.0843 3356 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:48:37.0937 3356 napagent - ok
19:48:38.0000 3356 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121016.021\NAVENG.SYS
19:48:38.0015 3356 NAVENG - ok
19:48:38.0046 3356 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121016.021\NAVEX15.SYS
19:48:38.0093 3356 NAVEX15 - ok
19:48:38.0109 3356 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:48:38.0187 3356 NDIS - ok
19:48:38.0234 3356 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:48:38.0250 3356 NdisTapi - ok
19:48:38.0281 3356 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:48:38.0359 3356 Ndisuio - ok
19:48:38.0359 3356 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:48:38.0453 3356 NdisWan - ok
19:48:38.0484 3356 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:48:38.0531 3356 NDProxy - ok
19:48:38.0546 3356 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:48:38.0609 3356 NetBIOS - ok
19:48:38.0625 3356 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:48:38.0718 3356 NetBT - ok
19:48:38.0750 3356 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:48:38.0812 3356 NetDDE - ok
19:48:38.0828 3356 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:48:38.0890 3356 NetDDEdsdm - ok
19:48:38.0984 3356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:48:39.0046 3356 Netlogon - ok
19:48:39.0078 3356 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:48:39.0171 3356 Netman - ok
19:48:39.0234 3356 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
19:48:39.0250 3356 NIS - ok
19:48:39.0265 3356 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:48:39.0296 3356 Nla - ok
19:48:39.0343 3356 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:48:39.0421 3356 Npfs - ok
19:48:39.0437 3356 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:48:39.0531 3356 Ntfs - ok
19:48:39.0546 3356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:48:39.0609 3356 NtLmSsp - ok
19:48:39.0656 3356 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:48:39.0734 3356 NtmsSvc - ok
19:48:39.0750 3356 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:48:39.0828 3356 Null - ok
19:48:39.0859 3356 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:48:39.0937 3356 NwlnkFlt - ok
19:48:39.0953 3356 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:48:40.0046 3356 NwlnkFwd - ok
19:48:40.0078 3356 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:48:40.0093 3356 ose - ok
19:48:40.0125 3356 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:48:40.0203 3356 Parport - ok
19:48:40.0218 3356 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:48:40.0296 3356 PartMgr - ok
19:48:40.0312 3356 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:48:40.0406 3356 ParVdm - ok
19:48:40.0406 3356 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:48:40.0468 3356 PCI - ok
19:48:40.0468 3356 PCIDump - ok
19:48:40.0500 3356 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:48:40.0562 3356 PCIIde - ok
19:48:40.0578 3356 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:48:40.0656 3356 Pcmcia - ok
19:48:40.0671 3356 PDCOMP - ok
19:48:40.0671 3356 PDFRAME - ok
19:48:40.0671 3356 PDRELI - ok
19:48:40.0671 3356 PDRFRAME - ok
19:48:40.0687 3356 perc2 - ok
19:48:40.0687 3356 perc2hib - ok
19:48:40.0703 3356 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:48:40.0718 3356 PlugPlay - ok
19:48:40.0718 3356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:48:40.0796 3356 PolicyAgent - ok
19:48:40.0828 3356 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:48:40.0921 3356 PptpMiniport - ok
19:48:40.0921 3356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:48:40.0984 3356 ProtectedStorage - ok
19:48:41.0000 3356 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:48:41.0093 3356 PSched - ok
19:48:41.0093 3356 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:48:41.0171 3356 Ptilink - ok
19:48:41.0171 3356 ql1080 - ok
19:48:41.0171 3356 Ql10wnt - ok
19:48:41.0187 3356 ql12160 - ok
19:48:41.0187 3356 ql1240 - ok
19:48:41.0187 3356 ql1280 - ok
19:48:41.0203 3356 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:48:41.0281 3356 RasAcd - ok
19:48:41.0296 3356 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:48:41.0375 3356 RasAuto - ok
19:48:41.0390 3356 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:48:41.0453 3356 Rasl2tp - ok
19:48:41.0500 3356 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:48:41.0562 3356 RasMan - ok
19:48:41.0562 3356 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:48:41.0640 3356 RasPppoe - ok
19:48:41.0640 3356 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:48:41.0718 3356 Raspti - ok
19:48:41.0750 3356 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:48:41.0812 3356 Rdbss - ok
19:48:41.0812 3356 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:48:41.0890 3356 RDPCDD - ok
19:48:41.0968 3356 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:48:42.0000 3356 RDPWD - ok
19:48:42.0046 3356 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:48:42.0109 3356 RDSessMgr - ok
19:48:42.0109 3356 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:48:42.0203 3356 redbook - ok
19:48:42.0234 3356 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:48:42.0312 3356 RemoteAccess - ok
19:48:42.0312 3356 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:48:42.0390 3356 RpcLocator - ok
19:48:42.0406 3356 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:48:42.0421 3356 RpcSs - ok
19:48:42.0453 3356 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:48:42.0515 3356 RSVP - ok
19:48:42.0562 3356 [ FAB826C3263328983165F09549EA9B13 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:48:42.0609 3356 RTLE8023xp - ok
19:48:42.0625 3356 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:48:42.0687 3356 SamSs - ok
19:48:42.0718 3356 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:48:42.0734 3356 SASDIFSV - ok
19:48:42.0734 3356 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:48:42.0750 3356 SASKUTIL - ok
19:48:42.0765 3356 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:48:42.0859 3356 SCardSvr - ok
19:48:42.0890 3356 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:48:42.0953 3356 Schedule - ok
19:48:42.0968 3356 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:48:43.0046 3356 Secdrv - ok
19:48:43.0062 3356 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:48:43.0140 3356 seclogon - ok
19:48:43.0171 3356 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:48:43.0250 3356 SENS - ok
19:48:43.0265 3356 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:48:43.0328 3356 Serial - ok
19:48:43.0343 3356 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:48:43.0421 3356 Sfloppy - ok
19:48:43.0468 3356 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:48:43.0531 3356 SharedAccess - ok
19:48:43.0546 3356 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:48:43.0562 3356 ShellHWDetection - ok
19:48:43.0562 3356 Simbad - ok
19:48:43.0562 3356 Sparrow - ok
19:48:43.0609 3356 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:48:43.0703 3356 splitter - ok
19:48:43.0734 3356 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:48:43.0796 3356 Spooler - ok
19:48:43.0812 3356 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:48:43.0890 3356 sr - ok
19:48:43.0921 3356 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:48:44.0000 3356 srservice - ok
19:48:44.0031 3356 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS
19:48:44.0046 3356 SRTSP - ok
19:48:44.0093 3356 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS
19:48:44.0109 3356 SRTSPX - ok
19:48:44.0140 3356 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:48:44.0171 3356 Srv - ok
19:48:44.0171 3356 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:48:44.0250 3356 SSDPSRV - ok
19:48:44.0281 3356 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:48:44.0359 3356 stisvc - ok
19:48:44.0390 3356 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:48:44.0468 3356 swenum - ok
19:48:44.0484 3356 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:48:44.0562 3356 swmidi - ok
19:48:44.0562 3356 SwPrv - ok
19:48:44.0562 3356 symc810 - ok
19:48:44.0562 3356 symc8xx - ok
19:48:44.0609 3356 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS
19:48:44.0625 3356 SymDS - ok
19:48:44.0671 3356 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS
19:48:44.0703 3356 SymEFA - ok
19:48:44.0734 3356 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:48:44.0734 3356 SymEvent - ok
19:48:44.0750 3356 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS
19:48:44.0765 3356 SymIRON - ok
19:48:44.0765 3356 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS
19:48:44.0781 3356 SYMTDI - ok
19:48:44.0781 3356 sym_hi - ok
19:48:44.0796 3356 sym_u3 - ok
19:48:44.0796 3356 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:48:44.0875 3356 sysaudio - ok
19:48:44.0906 3356 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:48:44.0984 3356 SysmonLog - ok
19:48:45.0015 3356 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:48:45.0093 3356 TapiSrv - ok
19:48:45.0109 3356 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:48:45.0125 3356 Tcpip - ok
19:48:45.0156 3356 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:48:45.0234 3356 TDPIPE - ok
19:48:45.0250 3356 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:48:45.0312 3356 TDTCP - ok
19:48:45.0328 3356 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:48:45.0390 3356 TermDD - ok
19:48:45.0437 3356 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:48:45.0500 3356 TermService - ok
19:48:45.0515 3356 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:48:45.0531 3356 Themes - ok
19:48:45.0531 3356 TosIde - ok
19:48:45.0531 3356 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:48:45.0625 3356 TrkWks - ok
19:48:45.0640 3356 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:48:45.0718 3356 Udfs - ok
19:48:45.0718 3356 ultra - ok
19:48:45.0750 3356 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:48:45.0828 3356 Update - ok
19:48:45.0843 3356 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:48:45.0921 3356 upnphost - ok
19:48:46.0000 3356 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:48:46.0062 3356 UPS - ok
19:48:46.0093 3356 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:48:46.0171 3356 usbccgp - ok
19:48:46.0203 3356 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:48:46.0281 3356 usbehci - ok
19:48:46.0281 3356 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:48:46.0359 3356 usbhub - ok
19:48:46.0390 3356 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:48:46.0468 3356 usbprint - ok
19:48:46.0500 3356 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:48:46.0562 3356 usbscan - ok
19:48:46.0578 3356 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:48:46.0656 3356 USBSTOR - ok
19:48:46.0656 3356 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:48:46.0718 3356 usbuhci - ok
19:48:46.0750 3356 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
19:48:46.0812 3356 USB_RNDIS - ok
19:48:46.0828 3356 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:48:46.0890 3356 VgaSave - ok
19:48:46.0890 3356 ViaIde - ok
19:48:46.0921 3356 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:48:46.0984 3356 VolSnap - ok
19:48:47.0015 3356 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:48:47.0078 3356 VSS - ok
19:48:47.0109 3356 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:48:47.0312 3356 W32Time - ok
19:48:47.0328 3356 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:48:47.0390 3356 Wanarp - ok
19:48:47.0390 3356 WDICA - ok
19:48:47.0406 3356 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:48:47.0484 3356 wdmaud - ok
19:48:47.0484 3356 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:48:47.0562 3356 WebClient - ok
19:48:47.0625 3356 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:48:47.0703 3356 winmgmt - ok
19:48:47.0734 3356 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:48:47.0812 3356 WmdmPmSN - ok
19:48:47.0828 3356 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:48:47.0921 3356 WmiApSrv - ok
19:48:47.0953 3356 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:48:48.0031 3356 wscsvc - ok
19:48:48.0046 3356 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:48:48.0109 3356 wuauserv - ok
19:48:48.0125 3356 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:48:48.0203 3356 WZCSVC - ok
19:48:48.0234 3356 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:48:48.0296 3356 xmlprov - ok
19:48:48.0296 3356 ================ Scan global ===============================
19:48:48.0328 3356 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:48:48.0359 3356 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:48:48.0375 3356 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:48:48.0390 3356 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:48:48.0390 3356 [Global] - ok
19:48:48.0390 3356 ================ Scan MBR ==================================
19:48:48.0406 3356 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:48:48.0578 3356 \Device\Harddisk0\DR0 - ok
19:48:48.0578 3356 ================ Scan VBR ==================================
19:48:48.0578 3356 [ 9BEA8E82383B9274900342FCE50D6253 ] \Device\Harddisk0\DR0\Partition1
19:48:48.0578 3356 \Device\Harddisk0\DR0\Partition1 - ok
19:48:48.0593 3356 ============================================================
19:48:48.0593 3356 Scan finished
19:48:48.0593 3356 ============================================================
19:48:48.0703 2836 Detected object count: 3
19:48:48.0703 2836 Actual detected object count: 3
19:49:18.0484 2836 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:18.0484 2836 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:18.0484 2836 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:18.0484 2836 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:49:18.0484 2836 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:49:18.0484 2836 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:54.0515 0220 ============================================================
19:50:54.0515 0220 Scan started
19:50:54.0515 0220 Mode: Manual; SigCheck; TDLFS;
19:50:54.0515 0220 ============================================================
19:50:54.0640 0220 ================ Scan system memory ========================
19:50:54.0640 0220 System memory - ok
19:50:54.0640 0220 ================ Scan services =============================
19:50:54.0671 0220 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:50:54.0765 0220 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
19:50:54.0765 0220 !SASCORE - detected UnsignedFile.Multi.Generic (1)
19:50:54.0796 0220 Abiosdsk - ok
19:50:54.0796 0220 abp480n5 - ok
19:50:54.0828 0220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:50:54.0921 0220 ACPI - ok
19:50:55.0015 0220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:50:55.0093 0220 ACPIEC - ok
19:50:55.0093 0220 adpu160m - ok
19:50:55.0140 0220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:50:55.0203 0220 aec - ok
19:50:55.0234 0220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:50:55.0250 0220 AFD - ok
19:50:55.0250 0220 Aha154x - ok
19:50:55.0265 0220 aic78u2 - ok
19:50:55.0265 0220 aic78xx - ok
19:50:55.0296 0220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:50:55.0375 0220 Alerter - ok
19:50:55.0390 0220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:50:55.0484 0220 ALG - ok
19:50:55.0484 0220 AliIde - ok
19:50:55.0484 0220 amsint - ok
19:50:55.0484 0220 AppMgmt - ok
19:50:55.0500 0220 asc - ok
19:50:55.0500 0220 asc3350p - ok
19:50:55.0500 0220 asc3550 - ok
19:50:55.0578 0220 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
19:50:55.0578 0220 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
19:50:55.0578 0220 aspnet_state - detected UnsignedFile.Multi.Generic (1)
19:50:55.0609 0220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:50:55.0687 0220 AsyncMac - ok
19:50:55.0718 0220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:50:55.0781 0220 atapi - ok
19:50:55.0781 0220 Atdisk - ok
19:50:55.0812 0220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:50:55.0890 0220 Atmarpc - ok
19:50:55.0921 0220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:50:55.0984 0220 AudioSrv - ok
19:50:56.0015 0220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:50:56.0078 0220 audstub - ok
19:50:56.0125 0220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:50:56.0203 0220 Beep - ok
19:50:56.0296 0220 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
19:50:56.0328 0220 BHDrvx86 - ok
19:50:56.0359 0220 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:50:56.0437 0220 BITS - ok
19:50:56.0484 0220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:50:56.0500 0220 Browser - ok
19:50:56.0515 0220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:50:56.0609 0220 cbidf2k - ok
19:50:56.0687 0220 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309000.009\ccSetx86.sys
19:50:56.0703 0220 ccSet_NIS - ok
19:50:56.0703 0220 cd20xrnt - ok
19:50:56.0703 0220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:50:56.0796 0220 Cdaudio - ok
19:50:56.0812 0220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:50:56.0890 0220 Cdfs - ok
19:50:56.0921 0220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:50:56.0984 0220 Cdrom - ok
19:50:57.0000 0220 Changer - ok
19:50:57.0031 0220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:50:57.0093 0220 CiSvc - ok
19:50:57.0093 0220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:50:57.0156 0220 ClipSrv - ok
19:50:57.0156 0220 CmdIde - ok
19:50:57.0171 0220 COMSysApp - ok
19:50:57.0171 0220 Cpqarray - ok
19:50:57.0187 0220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:50:57.0250 0220 CryptSvc - ok
19:50:57.0265 0220 dac2w2k - ok
19:50:57.0265 0220 dac960nt - ok
19:50:57.0312 0220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:50:57.0328 0220 DcomLaunch - ok
19:50:57.0343 0220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:50:57.0421 0220 Dhcp - ok
19:50:57.0437 0220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:50:57.0500 0220 Disk - ok
19:50:57.0500 0220 dmadmin - ok
19:50:57.0531 0220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:50:57.0609 0220 dmboot - ok
19:50:57.0625 0220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:50:57.0703 0220 dmio - ok
19:50:57.0718 0220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:50:57.0812 0220 dmload - ok
19:50:57.0828 0220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:50:57.0906 0220 dmserver - ok
19:50:57.0937 0220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:50:58.0015 0220 DMusic - ok
19:50:58.0046 0220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:50:58.0046 0220 Dnscache - ok
19:50:58.0078 0220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:50:58.0156 0220 Dot3svc - ok
19:50:58.0156 0220 dpti2o - ok
19:50:58.0156 0220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:50:58.0218 0220 drmkaud - ok
19:50:58.0250 0220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:50:58.0312 0220 EapHost - ok
19:50:58.0375 0220 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:50:58.0390 0220 eeCtrl - ok
19:50:58.0406 0220 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:50:58.0421 0220 EraserUtilRebootDrv - ok
19:50:58.0453 0220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:50:58.0515 0220 ERSvc - ok
19:50:58.0546 0220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:50:58.0578 0220 Eventlog - ok
19:50:58.0593 0220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:50:58.0625 0220 EventSystem - ok
19:50:58.0656 0220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:50:58.0734 0220 Fastfat - ok
19:50:58.0765 0220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:50:58.0765 0220 FastUserSwitchingCompatibility - ok
19:50:58.0781 0220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:50:58.0843 0220 Fdc - ok
19:50:58.0859 0220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:50:58.0921 0220 Fips - ok
19:50:58.0937 0220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:50:59.0000 0220 Flpydisk - ok
19:50:59.0015 0220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:50:59.0078 0220 FltMgr - ok
19:50:59.0078 0220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:50:59.0171 0220 Fs_Rec - ok
19:50:59.0171 0220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:50:59.0250 0220 Ftdisk - ok
19:50:59.0265 0220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:50:59.0328 0220 Gpc - ok
19:50:59.0343 0220 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:50:59.0406 0220 HDAudBus - ok
19:50:59.0453 0220 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:50:59.0531 0220 helpsvc - ok
19:50:59.0546 0220 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:50:59.0609 0220 HidServ - ok
19:50:59.0656 0220 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:50:59.0734 0220 hidusb - ok
19:50:59.0750 0220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:50:59.0828 0220 hkmsvc - ok
19:50:59.0828 0220 hpn - ok
19:50:59.0875 0220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:50:59.0875 0220 HTTP - ok
19:50:59.0890 0220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:50:59.0968 0220 HTTPFilter - ok
19:50:59.0968 0220 i2omgmt - ok
19:50:59.0968 0220 i2omp - ok
19:50:59.0984 0220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:51:00.0046 0220 i8042prt - ok
19:51:00.0171 0220 [ C4018896856A1A1F1F3A0A6EE7206551 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:51:00.0265 0220 ialm - ok
19:51:00.0343 0220 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121016.001\IDSxpx86.sys
19:51:00.0359 0220 IDSxpx86 - ok
19:51:00.0390 0220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:51:00.0453 0220 Imapi - ok
19:51:00.0468 0220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:51:00.0546 0220 ImapiService - ok
19:51:00.0546 0220 ini910u - ok
19:51:00.0656 0220 [ 14B48553BE78472D2BD3A518658A1710 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:51:00.0765 0220 IntcAzAudAddService - ok
19:51:00.0765 0220 IntelIde - ok
19:51:00.0781 0220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:51:00.0843 0220 intelppm - ok
19:51:00.0859 0220 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:51:00.0937 0220 Ip6Fw - ok
19:51:00.0953 0220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:51:01.0031 0220 IpFilterDriver - ok
19:51:01.0046 0220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:51:01.0125 0220 IpInIp - ok
19:51:01.0140 0220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:51:01.0203 0220 IpNat - ok
19:51:01.0203 0220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:51:01.0281 0220 IPSec - ok
19:51:01.0296 0220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:51:01.0359 0220 IRENUM - ok
19:51:01.0390 0220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:51:01.0468 0220 isapnp - ok
19:51:01.0546 0220 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:51:01.0562 0220 JavaQuickStarterService - ok
19:51:01.0578 0220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:51:01.0656 0220 Kbdclass - ok
19:51:01.0671 0220 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:51:01.0734 0220 kbdhid - ok
19:51:01.0750 0220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:51:01.0828 0220 kmixer - ok
19:51:01.0859 0220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:51:01.0890 0220 KSecDD - ok
19:51:01.0921 0220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:51:01.0953 0220 lanmanserver - ok
19:51:01.0968 0220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:51:01.0984 0220 lanmanworkstation - ok
19:51:01.0984 0220 lbrtfdc - ok
19:51:02.0015 0220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:51:02.0078 0220 LmHosts - ok
19:51:02.0093 0220 lxci_device - ok
19:51:02.0140 0220 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:51:02.0156 0220 MDM - ok
19:51:02.0171 0220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:51:02.0234 0220 Messenger - ok
19:51:02.0265 0220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:51:02.0375 0220 mnmdd - ok
19:51:02.0390 0220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:51:02.0468 0220 mnmsrvc - ok
19:51:02.0500 0220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:51:02.0562 0220 Modem - ok
19:51:02.0578 0220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:51:02.0656 0220 Mouclass - ok
19:51:02.0671 0220 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:51:02.0750 0220 mouhid - ok
19:51:02.0765 0220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:51:02.0828 0220 MountMgr - ok
19:51:02.0890 0220 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:51:02.0890 0220 MozillaMaintenance - ok
19:51:02.0906 0220 mraid35x - ok
19:51:02.0968 0220 [ 594B9D8194E3F4ECBF0325BD10BBEB05 ] MRENDIS5 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
19:51:02.0968 0220 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:51:02.0968 0220 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)
19:51:02.0984 0220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:51:03.0046 0220 MRxDAV - ok
19:51:03.0078 0220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:51:03.0093 0220 MRxSmb - ok
19:51:03.0156 0220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:51:03.0234 0220 MSDTC - ok
19:51:03.0234 0220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:51:03.0296 0220 Msfs - ok
19:51:03.0296 0220 MSIServer - ok
19:51:03.0328 0220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:51:03.0390 0220 MSKSSRV - ok
19:51:03.0406 0220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:51:03.0484 0220 MSPCLOCK - ok
19:51:03.0500 0220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:51:03.0578 0220 MSPQM - ok
19:51:03.0593 0220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:51:03.0656 0220 mssmbios - ok
19:51:03.0656 0220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:51:03.0671 0220 Mup - ok
19:51:03.0703 0220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:51:03.0765 0220 napagent - ok
19:51:03.0828 0220 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121016.021\NAVENG.SYS
19:51:03.0828 0220 NAVENG - ok
19:51:03.0875 0220 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121016.021\NAVEX15.SYS
19:51:03.0921 0220 NAVEX15 - ok
19:51:03.0937 0220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:51:04.0015 0220 NDIS - ok
19:51:04.0046 0220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:51:04.0046 0220 NdisTapi - ok
19:51:04.0093 0220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:51:04.0171 0220 Ndisuio - ok
19:51:04.0171 0220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:51:04.0234 0220 NdisWan - ok
19:51:04.0250 0220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:51:04.0281 0220 NDProxy - ok
19:51:04.0281 0220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:51:04.0359 0220 NetBIOS - ok
19:51:04.0359 0220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:51:04.0453 0220 NetBT - ok
19:51:04.0484 0220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:51:04.0546 0220 NetDDE - ok
19:51:04.0546 0220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:51:04.0625 0220 NetDDEdsdm - ok
19:51:04.0656 0220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:51:04.0718 0220 Netlogon - ok
19:51:04.0765 0220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:51:04.0828 0220 Netman - ok
19:51:04.0906 0220 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
19:51:04.0921 0220 NIS - ok
19:51:04.0921 0220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:51:04.0953 0220 Nla - ok
19:51:04.0968 0220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:51:05.0046 0220 Npfs - ok
19:51:05.0062 0220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:51:05.0140 0220 Ntfs - ok
19:51:05.0171 0220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:51:05.0234 0220 NtLmSsp - ok
19:51:05.0250 0220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:51:05.0328 0220 NtmsSvc - ok
19:51:05.0343 0220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:51:05.0421 0220 Null - ok
19:51:05.0437 0220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:51:05.0515 0220 NwlnkFlt - ok
19:51:05.0515 0220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:51:05.0609 0220 NwlnkFwd - ok
19:51:05.0625 0220 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:05.0640 0220 ose - ok
19:51:05.0656 0220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:51:05.0718 0220 Parport - ok
19:51:05.0718 0220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:51:05.0796 0220 PartMgr - ok
19:51:05.0828 0220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:51:05.0921 0220 ParVdm - ok
19:51:05.0921 0220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:51:05.0984 0220 PCI - ok
19:51:05.0984 0220 PCIDump - ok
19:51:06.0000 0220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:51:06.0078 0220 PCIIde - ok
19:51:06.0093 0220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:51:06.0156 0220 Pcmcia - ok
19:51:06.0156 0220 PDCOMP - ok
19:51:06.0156 0220 PDFRAME - ok
19:51:06.0171 0220 PDRELI - ok
19:51:06.0171 0220 PDRFRAME - ok
19:51:06.0171 0220 perc2 - ok
19:51:06.0171 0220 perc2hib - ok
19:51:06.0203 0220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:51:06.0218 0220 PlugPlay - ok
19:51:06.0218 0220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:51:06.0296 0220 PolicyAgent - ok
19:51:06.0296 0220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:51:06.0375 0220 PptpMiniport - ok
19:51:06.0375 0220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:51:06.0453 0220 ProtectedStorage - ok
19:51:06.0453 0220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:51:06.0515 0220 PSched - ok
19:51:06.0531 0220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:51:06.0625 0220 Ptilink - ok
19:51:06.0625 0220 ql1080 - ok
19:51:06.0640 0220 Ql10wnt - ok
19:51:06.0640 0220 ql12160 - ok
19:51:06.0640 0220 ql1240 - ok
19:51:06.0640 0220 ql1280 - ok
19:51:06.0671 0220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:51:06.0734 0220 RasAcd - ok
19:51:06.0765 0220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:51:06.0828 0220 RasAuto - ok
19:51:06.0828 0220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:51:06.0890 0220 Rasl2tp - ok
19:51:06.0921 0220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:51:06.0984 0220 RasMan - ok
19:51:06.0984 0220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:51:07.0046 0220 RasPppoe - ok
19:51:07.0062 0220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:51:07.0140 0220 Raspti - ok
19:51:07.0156 0220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:51:07.0218 0220 Rdbss - ok
19:51:07.0234 0220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:51:07.0312 0220 RDPCDD - ok
19:51:07.0343 0220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:51:07.0359 0220 RDPWD - ok
19:51:07.0390 0220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:51:07.0468 0220 RDSessMgr - ok
19:51:07.0468 0220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:51:07.0546 0220 redbook - ok
19:51:07.0578 0220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:51:07.0640 0220 RemoteAccess - ok
19:51:07.0656 0220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:51:07.0718 0220 RpcLocator - ok
19:51:07.0734 0220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:51:07.0750 0220 RpcSs - ok
19:51:07.0781 0220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:51:07.0843 0220 RSVP - ok
19:51:07.0890 0220 [ FAB826C3263328983165F09549EA9B13 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:51:07.0921 0220 RTLE8023xp - ok
19:51:07.0937 0220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:51:08.0000 0220 SamSs - ok
19:51:08.0031 0220 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:51:08.0031 0220 SASDIFSV - ok
19:51:08.0046 0220 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:51:08.0046 0220 SASKUTIL - ok
19:51:08.0046 0220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:51:08.0125 0220 SCardSvr - ok
19:51:08.0156 0220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:51:08.0234 0220 Schedule - ok
19:51:08.0250 0220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:51:08.0312 0220 Secdrv - ok
19:51:08.0328 0220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:51:08.0406 0220 seclogon - ok
19:51:08.0437 0220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:51:08.0515 0220 SENS - ok
19:51:08.0515 0220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:51:08.0593 0220 Serial - ok
19:51:08.0593 0220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:51:08.0671 0220 Sfloppy - ok
19:51:08.0703 0220 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:51:08.0765 0220 SharedAccess - ok
19:51:08.0796 0220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:51:08.0796 0220 ShellHWDetection - ok
19:51:08.0796 0220 Simbad - ok
19:51:08.0812 0220 Sparrow - ok
19:51:08.0843 0220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:51:08.0937 0220 splitter - ok
19:51:08.0968 0220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:51:08.0984 0220 Spooler - ok
19:51:08.0984 0220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:51:09.0062 0220 sr - ok
19:51:09.0093 0220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:51:09.0171 0220 srservice - ok
19:51:09.0203 0220 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309000.009\SRTSP.SYS
19:51:09.0218 0220 SRTSP - ok
19:51:09.0265 0220 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309000.009\SRTSPX.SYS
19:51:09.0281 0220 SRTSPX - ok
19:51:09.0312 0220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:51:09.0328 0220 Srv - ok
19:51:09.0328 0220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:51:09.0406 0220 SSDPSRV - ok
19:51:09.0421 0220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:51:09.0484 0220 stisvc - ok
19:51:09.0500 0220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:51:09.0578 0220 swenum - ok
19:51:09.0593 0220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:51:09.0656 0220 swmidi - ok
19:51:09.0656 0220 SwPrv - ok
19:51:09.0671 0220 symc810 - ok
19:51:09.0671 0220 symc8xx - ok
19:51:09.0703 0220 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMDS.SYS
19:51:09.0718 0220 SymDS - ok
19:51:09.0750 0220 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309000.009\SYMEFA.SYS
19:51:09.0781 0220 SymEFA - ok
19:51:09.0812 0220 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:51:09.0812 0220 SymEvent - ok
19:51:09.0828 0220 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309000.009\Ironx86.SYS
19:51:09.0843 0220 SymIRON - ok
19:51:09.0843 0220 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309000.009\SYMTDI.SYS
19:51:09.0859 0220 SYMTDI - ok
19:51:09.0875 0220 sym_hi - ok
19:51:09.0875 0220 sym_u3 - ok
19:51:09.0875 0220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:51:09.0953 0220 sysaudio - ok
19:51:09.0984 0220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:51:10.0062 0220 SysmonLog - ok
19:51:10.0093 0220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:51:10.0171 0220 TapiSrv - ok
19:51:10.0171 0220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:51:10.0187 0220 Tcpip - ok
19:51:10.0250 0220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:51:10.0312 0220 TDPIPE - ok
19:51:10.0328 0220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:51:10.0390 0220 TDTCP - ok
19:51:10.0421 0220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:51:10.0484 0220 TermDD - ok
19:51:10.0500 0220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:51:10.0578 0220 TermService - ok
19:51:10.0593 0220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:51:10.0609 0220 Themes - ok
19:51:10.0609 0220 TosIde - ok
19:51:10.0625 0220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:51:10.0703 0220 TrkWks - ok
19:51:10.0718 0220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:51:10.0796 0220 Udfs - ok
19:51:10.0796 0220 ultra - ok
19:51:10.0812 0220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:51:10.0890 0220 Update - ok
19:51:10.0906 0220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:51:10.0968 0220 upnphost - ok
19:51:10.0984 0220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:51:11.0062 0220 UPS - ok
19:51:11.0062 0220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:51:11.0125 0220 usbccgp - ok
19:51:11.0140 0220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:51:11.0203 0220 usbehci - ok
19:51:11.0218 0220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:51:11.0281 0220 usbhub - ok
19:51:11.0296 0220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:51:11.0375 0220 usbprint - ok
19:51:11.0390 0220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:51:11.0468 0220 usbscan - ok
19:51:11.0484 0220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:51:11.0546 0220 USBSTOR - ok
19:51:11.0546 0220 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:51:11.0609 0220 usbuhci - ok
19:51:11.0625 0220 [ BEE793D4A059CAEA55D6AC20E19B3A8F ] USB_RNDIS C:\WINDOWS\system32\DRIVERS\usb8023.sys
19:51:11.0703 0220 USB_RNDIS - ok
19:51:11.0734 0220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:51:11.0796 0220 VgaSave - ok
19:51:11.0796 0220 ViaIde - ok
19:51:11.0812 0220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:51:11.0890 0220 VolSnap - ok
19:51:11.0921 0220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:51:11.0984 0220 VSS - ok
19:51:12.0015 0220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:51:12.0093 0220 W32Time - ok
19:51:12.0109 0220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:51:12.0171 0220 Wanarp - ok
19:51:12.0171 0220 WDICA - ok
19:51:12.0187 0220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:51:12.0250 0220 wdmaud - ok
19:51:12.0265 0220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:51:12.0328 0220 WebClient - ok
19:51:12.0406 0220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:51:12.0468 0220 winmgmt - ok
19:51:12.0500 0220 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
19:51:12.0578 0220 WmdmPmSN - ok
19:51:12.0593 0220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:51:12.0671 0220 WmiApSrv - ok
19:51:12.0718 0220 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:51:12.0796 0220 wscsvc - ok
19:51:12.0812 0220 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:51:12.0875 0220 wuauserv - ok
19:51:12.0921 0220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:51:13.0000 0220 WZCSVC - ok
19:51:13.0015 0220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:51:13.0078 0220 xmlprov - ok
19:51:13.0078 0220 ================ Scan global ===============================
19:51:13.0093 0220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:51:13.0125 0220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:51:13.0156 0220 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:51:13.0171 0220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:51:13.0171 0220 [Global] - ok
19:51:13.0171 0220 ================ Scan MBR ==================================
19:51:13.0187 0220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:51:13.0359 0220 \Device\Harddisk0\DR0 - ok
19:51:13.0359 0220 ================ Scan VBR ==================================
19:51:13.0359 0220 [ 9BEA8E82383B9274900342FCE50D6253 ] \Device\Harddisk0\DR0\Partition1
19:51:13.0375 0220 \Device\Harddisk0\DR0\Partition1 - ok
19:51:13.0375 0220 ============================================================
19:51:13.0375 0220 Scan finished
19:51:13.0375 0220 ============================================================
19:51:13.0375 0208 Detected object count: 3
19:51:13.0375 0208 Actual detected object count: 3
19:52:10.0578 0208 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:10.0578 0208 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:10.0578 0208 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:10.0578 0208 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:10.0578 0208 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:10.0578 0208 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:15.0078 2536 Deinitialize success

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 AM

Posted 17 October 2012 - 03:20 PM

Hello again,

Thank you very much for the quick response.

My pleasure! :)

Nothing showing yet. Now I'd now like to get a deeper look in the machine and one of the logfiles cannot be posted here, so I'm moving this topic to the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

==========

Step :step1:

Let's create a FULL OTL Report
  • Please download OTL from the following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


==========

Step :step2:

Next, please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

==========

In your next reply, please include the following:

  • The OTL log
  • The OTL Extras log
  • The aswMBR log

bloopie

#7 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 18 October 2012 - 10:36 AM

Hi,

Thanks again, I will run these scans and post the logs this evening. Would you advise switching System Restore back on before going any further or is it best to leave it off?

Many thanks
Mike

#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 AM

Posted 18 October 2012 - 12:13 PM

Hi again,

Yes, sorry for not mentioning it before. You should switch it on and leave it on. Restore points can and will get infected, but having an infected restore point is better than having none at all. :wink:

We will be flushing out your system restore points later once we're sure you're clean, but for now make sure there is at least one restore point. Then you can run the scans.

And no worries about the delay. Take your time. :thumbup2:

bloopie

#9 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 18 October 2012 - 03:04 PM

Hi,

Here are the files from OTL and aswMBR.

Thanks again for your help...




OTL logfile created on: 18/10/2012 20:20:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.47% Memory free
4.83 Gb Paging File | 4.24 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 407.94 Gb Free Space | 87.59% Space Free | Partition Type: NTFS

Computer Name: PC-053DAA42FD | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 20:16:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/02 03:15:50 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 7300 Series\ezprint.exe
PRC - [2007/02/02 03:14:20 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 7300 Series\lxcimon.exe
PRC - [2007/02/02 03:13:44 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcicoms.exe
PRC - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2005/12/29 11:22:00 | 000,543,232 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe


========== Modules (No Company Name) ==========

MOD - [2006/10/30 16:59:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2005/08/08 15:01:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\lxcicnv4.dll
MOD - [2005/06/14 22:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Lexmark 7300 Series\iptk.dll
MOD - [2005/04/28 14:34:20 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark 7300 Series\lxcidrec.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/06 02:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2007/02/02 03:13:44 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxcicoms.exe -- (lxci_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/11 16:53:02 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121017.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/11 16:53:02 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121017.019\NAVENG.SYS -- (NAVENG)
DRV - [2012/10/09 20:08:37 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/09 20:08:31 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/09 20:08:31 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/10/06 18:02:32 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121017.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/09/28 01:02:52 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012/05/22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012/04/18 03:13:32 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symtdi.sys -- (SYMTDI)
DRV - [2012/04/18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2011/07/26 03:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/06 10:55:56 | 000,177,024 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/02/11 12:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/04/14 00:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/03/24 17:53:07 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}






IE - HKU\S-1-5-21-1078081533-1060284298-725345543-1006\..\SearchScopes,DefaultScope = {A13B47AA-8B07-44F8-8EDA-BE4F749A309F}
IE - HKU\S-1-5-21-1078081533-1060284298-725345543-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1078081533-1060284298-725345543-1006\..\SearchScopes\{A13B47AA-8B07-44F8-8EDA-BE4F749A309F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1078081533-1060284298-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.5.7.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/10/09 20:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/10/18 20:09:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/10 19:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/10/10 23:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/10/15 18:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/15 18:29:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/18 20:09:20 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN
[2012/10/09 20:04:48 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN
[2012/09/06 02:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/06 02:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/06 02:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/10 19:29:05 | 000,600,513 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16125 more lines...
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1078081533-1060284298-725345543-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 7300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LXCICATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcimon.exe] C:\Program Files\Lexmark 7300 Series\lxcimon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-1060284298-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349810928953 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/07 22:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 20:16:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/10/16 19:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Downloads
[2012/10/15 18:29:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/10/15 18:29:30 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/15 18:29:30 | 000,473,072 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/15 18:29:30 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/10/15 18:29:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/10/15 18:29:30 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/10/15 18:29:30 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/15 18:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/10/15 18:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Sun
[2012/10/14 17:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
[2012/10/14 17:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/10/14 17:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/10/14 17:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/13 09:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2012/10/13 09:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/13 09:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/13 09:20:05 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/10/13 09:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/12 08:45:48 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/10/12 08:43:30 | 003,293,184 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2012/10/12 08:43:30 | 002,643,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2012/10/12 08:43:30 | 002,334,720 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2012/10/12 08:43:30 | 001,668,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2012/10/12 08:43:30 | 000,530,968 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2012/10/12 08:43:30 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2012/10/12 08:43:30 | 000,204,800 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2012/10/12 08:43:30 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2012/10/12 08:43:30 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2012/10/12 08:43:30 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2012/10/12 08:43:30 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2012/10/12 08:43:30 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2012/10/12 08:43:30 | 000,184,320 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2012/10/12 08:43:30 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2012/10/12 08:43:30 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2012/10/12 08:43:30 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2012/10/12 08:43:30 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2012/10/12 08:43:30 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2012/10/12 08:43:30 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2012/10/12 08:43:30 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2012/10/12 08:43:30 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2012/10/12 08:43:30 | 000,176,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2012/10/12 08:43:30 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2012/10/12 08:43:30 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2012/10/12 08:43:30 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2012/10/12 08:43:30 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2012/10/12 08:43:30 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2012/10/12 08:43:30 | 000,170,520 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2012/10/12 08:43:30 | 000,163,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2012/10/12 08:43:30 | 000,159,744 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2012/10/12 08:43:30 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2012/10/12 08:43:30 | 000,151,040 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2012/10/12 08:43:30 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2012/10/12 08:43:30 | 000,131,072 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2012/10/12 08:43:30 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2012/10/12 08:43:30 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2012/10/12 08:43:30 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2012/10/12 08:43:30 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2012/10/12 08:43:30 | 000,102,400 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2012/10/12 08:43:30 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2012/10/12 08:43:30 | 000,048,128 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2012/10/12 08:43:30 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2012/10/12 08:43:28 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2012/10/12 08:43:28 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2012/10/12 08:43:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/10/12 08:42:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Graphics
[2012/10/12 08:41:04 | 000,000,000 | ---D | C] -- C:\Intel
[2012/10/11 08:45:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2012/10/11 08:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/10/11 08:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2012/10/11 08:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2012/10/11 08:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/10/11 08:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/10/11 08:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/10/11 08:44:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/10/11 08:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/10/11 08:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/10/11 08:43:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/10/10 23:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2012/10/10 23:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2012/10/10 20:35:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/10/10 20:16:56 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2012/10/10 20:16:55 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2012/10/10 20:16:54 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2012/10/10 20:16:52 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2012/10/10 20:16:51 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2012/10/10 20:16:50 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2012/10/10 20:16:49 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2012/10/10 20:16:47 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2012/10/10 20:16:45 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2012/10/10 20:16:43 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2012/10/10 20:16:40 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2012/10/10 20:16:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/10/10 20:16:33 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2012/10/10 20:16:33 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2012/10/10 20:16:33 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2012/10/10 20:16:33 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2012/10/10 20:16:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2012/10/10 20:16:33 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2012/10/10 20:16:32 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2012/10/10 20:16:32 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2012/10/10 20:12:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\PrivacIE
[2012/10/10 19:45:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/10/10 19:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/10/10 19:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/10 19:43:59 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/10/09 21:22:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache
[2012/10/09 21:15:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/10/09 21:14:42 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/10/09 21:14:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/10/09 21:14:41 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/10/09 21:14:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/10/09 21:14:41 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/10/09 21:07:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012/10/09 20:51:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/10/09 20:51:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/10/09 20:42:57 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/10/09 20:40:59 | 001,866,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2012/10/09 20:39:16 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2012/10/09 20:39:13 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/10/09 20:39:07 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/10/09 20:37:47 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/10/09 20:37:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/10/09 20:37:39 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2012/10/09 20:37:32 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2012/10/09 20:37:32 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/10/09 20:36:57 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/10/09 20:36:35 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/10/09 20:36:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/10/09 20:35:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2012/10/09 20:35:48 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2012/10/09 20:35:20 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2012/10/09 20:35:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2012/10/09 20:34:33 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msasn1.dll
[2012/10/09 20:32:55 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2012/10/09 20:32:54 | 002,192,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2012/10/09 20:32:54 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2012/10/09 20:32:53 | 002,027,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2012/10/09 20:32:35 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/10/09 20:32:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2012/10/09 20:32:16 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2012/10/09 20:32:14 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2012/10/09 20:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/10/09 20:26:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/10/09 20:21:54 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2012/10/09 20:21:45 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/10/09 20:08:17 | 000,924,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symefa.sys
[2012/10/09 20:08:17 | 000,574,112 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\srtsp.sys
[2012/10/09 20:08:17 | 000,388,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symtdi.sys
[2012/10/09 20:08:17 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symtdiv.sys
[2012/10/09 20:08:17 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symds.sys
[2012/10/09 20:08:17 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symnets.sys
[2012/10/09 20:08:17 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\ironx86.sys
[2012/10/09 20:08:17 | 000,132,768 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\ccsetx86.sys
[2012/10/09 20:08:17 | 000,032,928 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1309000.009\srtspx.sys
[2012/10/09 20:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1309000.009
[2012/10/09 20:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BT Home Hub
[2012/10/09 19:59:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2012/10/09 19:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2012/10/09 19:57:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2012/10/09 19:57:59 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL71.DLL
[2012/10/09 19:57:59 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ATL70.DLL
[2012/10/09 19:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/10/09 19:56:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Motive
[2012/10/09 19:56:42 | 000,000,000 | ---D | C] -- C:\Program Files\btbb_wcm
[2012/10/09 19:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2012/10/09 19:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2012/10/09 19:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\BT Home Hub
[2012/10/09 19:54:47 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2012/10/09 19:54:47 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2012/10/09 19:54:47 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2012/10/09 19:54:46 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2012/10/09 19:54:40 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2012/10/09 19:54:40 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2012/10/09 19:54:40 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2012/10/09 19:54:39 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2012/10/09 19:54:39 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2012/10/09 19:54:39 | 000,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2012/10/09 19:54:39 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2012/10/09 19:54:38 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2012/10/09 19:54:38 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2012/10/09 19:54:38 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2012/10/09 19:42:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/10/09 19:41:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2012/10/09 19:41:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\tmp.0000
[2012/10/09 18:33:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/10/09 18:29:54 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2012/10/09 18:29:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2012/10/09 18:29:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2012/10/09 18:29:52 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2012/10/09 18:29:52 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2012/10/09 18:29:51 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2012/10/09 18:29:48 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2012/10/09 18:29:48 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2012/10/09 18:29:48 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2012/10/09 18:29:48 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2012/10/09 18:29:48 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2012/10/09 18:29:48 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2012/10/09 18:29:48 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2012/10/09 18:29:48 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2012/10/09 18:29:48 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2012/10/09 18:29:47 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2012/10/09 18:29:47 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2012/10/09 18:29:47 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2012/10/09 18:29:47 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2012/10/09 18:29:47 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2012/10/09 18:29:47 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2012/10/09 18:29:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2012/10/09 18:29:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2012/10/09 18:29:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2012/10/09 18:29:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2012/10/09 18:29:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2012/10/09 18:29:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2012/10/09 18:29:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2012/10/09 18:29:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2012/10/09 18:29:46 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2012/10/09 18:29:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2012/10/09 18:29:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2012/10/09 18:29:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2012/10/09 18:29:46 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2012/10/09 18:29:45 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2012/10/09 18:29:45 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2012/10/09 18:29:45 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2012/10/09 18:29:45 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2012/10/09 18:29:45 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2012/10/09 18:29:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2012/10/09 18:29:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2012/10/09 18:29:45 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2012/10/09 18:29:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2012/10/09 18:29:45 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2012/10/09 18:29:45 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2012/10/09 18:29:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2012/10/09 18:29:45 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2012/10/09 18:29:44 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2012/10/09 18:29:44 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2012/10/09 18:29:44 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2012/10/09 18:29:44 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2012/10/09 18:29:44 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2012/10/09 18:29:44 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2012/10/09 18:29:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2012/10/09 18:29:44 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2012/10/09 18:29:44 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2012/10/09 18:29:44 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2012/10/09 18:29:44 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2012/10/09 18:29:44 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2012/10/09 18:29:44 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2012/10/09 18:29:44 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2012/10/09 18:29:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/10/09 18:29:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2012/10/09 18:29:43 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2012/10/09 18:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/10/09 18:29:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/10/09 18:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/10/09 18:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/10/09 18:29:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/10/09 18:29:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2012/10/09 18:28:56 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/10/09 18:28:00 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2012/10/09 18:28:00 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2012/10/09 18:28:00 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2012/10/09 18:28:00 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2012/10/09 18:28:00 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2012/10/09 18:28:00 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2012/10/09 18:28:00 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2012/10/09 18:28:00 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2012/10/09 18:28:00 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2012/10/09 18:28:00 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2012/10/09 18:28:00 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2012/10/09 18:28:00 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2012/10/09 18:28:00 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2012/10/09 18:28:00 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2012/10/09 18:28:00 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2012/10/09 18:28:00 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2012/10/09 18:28:00 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2012/10/09 18:28:00 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2012/10/09 18:28:00 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2012/10/09 18:28:00 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2012/10/09 18:28:00 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2012/10/09 18:28:00 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2012/10/09 18:28:00 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2012/10/09 18:28:00 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2012/10/09 18:28:00 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2012/10/09 18:28:00 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2012/10/09 18:28:00 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2012/10/09 18:28:00 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2012/10/09 18:28:00 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2012/10/09 18:28:00 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2012/10/09 18:28:00 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2012/10/09 18:28:00 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2012/10/09 18:28:00 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2012/10/09 18:28:00 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2012/10/09 18:28:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/10/09 18:27:59 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2012/10/09 18:27:59 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2012/10/09 18:27:59 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2012/10/09 18:27:59 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2012/10/09 18:27:59 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2012/10/09 18:27:59 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2012/10/09 18:27:59 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2012/10/09 18:27:59 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2012/10/09 18:27:59 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2012/10/09 18:27:59 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2012/10/09 18:27:59 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2012/10/09 18:27:59 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2012/10/09 18:27:59 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2012/10/09 18:27:59 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2012/10/09 18:27:59 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2012/10/09 18:27:59 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2012/10/09 18:27:58 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2012/10/09 18:27:58 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2012/10/09 18:27:58 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2012/10/09 18:27:58 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2012/10/09 18:27:58 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2012/10/09 18:27:58 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2012/10/09 18:27:58 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2012/10/09 18:27:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/10/09 18:25:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/10/09 18:25:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2012/10/08 18:46:20 | 000,000,000 | ---D | C] -- C:\Photos
[2012/10/07 23:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft
[2012/10/07 23:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Printer
[2012/10/07 23:30:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/10/07 23:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2012/10/07 23:29:57 | 000,462,848 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippcva611.dll
[2012/10/07 23:29:55 | 001,359,872 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippsa611.dll
[2012/10/07 23:29:55 | 000,151,552 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippja611.dll
[2012/10/07 23:29:54 | 002,428,928 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippia611.dll
[2012/10/07 23:29:52 | 000,225,280 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippi11.dll
[2012/10/07 23:29:52 | 000,184,320 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippsra611.dll
[2012/10/07 23:29:52 | 000,176,128 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ipps11.dll
[2012/10/07 23:29:52 | 000,094,208 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippcv11.dll
[2012/10/07 23:29:52 | 000,077,824 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippsr11.dll
[2012/10/07 23:29:52 | 000,065,536 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ippj11.dll
[2012/10/07 23:29:43 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2012/10/07 23:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft
[2012/10/07 23:28:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Applications
[2012/10/07 23:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\color
[2012/10/07 23:28:55 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/10/07 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/10/07 23:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2012/10/07 23:25:06 | 000,000,000 | ---D | C] -- C:\Work
[2012/10/07 23:23:53 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiafbdrv.dll
[2012/10/07 23:23:53 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2012/10/07 23:23:52 | 000,413,696 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcidrs.dll
[2012/10/07 23:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 7300 Series
[2012/10/07 23:23:33 | 000,442,368 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciutil.dll
[2012/10/07 23:23:30 | 000,200,704 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciinsb.dll
[2012/10/07 23:23:30 | 000,155,648 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciins.dll
[2012/10/07 23:23:30 | 000,131,072 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcijswr.dll
[2012/10/07 23:23:30 | 000,106,496 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxciinsr.dll
[2012/10/07 23:23:28 | 000,983,092 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lxcigf.dll
[2012/10/07 23:23:28 | 000,086,016 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcicub.dll
[2012/10/07 23:23:28 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcicur.dll
[2012/10/07 23:23:27 | 000,073,728 | ---- | C] (Lexmark International, Inc.) -- C:\WINDOWS\System32\lxcicu.dll
[2012/10/07 23:23:26 | 000,069,632 | ---- | C] (Lexmark International) -- C:\WINDOWS\System32\lxcicfg.dll
[2012/10/07 23:17:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities
[2012/10/07 23:17:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures
[2012/10/07 23:17:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music
[2012/10/07 23:17:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2012/10/07 23:17:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo
[2012/10/07 23:17:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012/10/07 23:17:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data
[2012/10/07 23:17:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup
[2012/10/07 23:17:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu
[2012/10/07 23:17:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents
[2012/10/07 23:17:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites
[2012/10/07 23:17:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Accessories
[2012/10/07 23:17:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies
[2012/10/07 23:17:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates
[2012/10/07 23:17:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood
[2012/10/07 23:17:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood
[2012/10/07 23:17:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings
[2012/10/07 23:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2012/10/07 23:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop
[2012/10/07 23:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}
[2012/10/07 23:12:36 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2012/10/07 23:10:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/10/07 23:10:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/10/07 23:10:32 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2012/10/07 23:10:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2012/10/07 23:10:31 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2012/10/07 23:10:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2012/10/07 23:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/10/07 23:10:30 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/10/07 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/10/07 23:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/10/07 23:10:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2012/10/07 23:10:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2012/10/07 23:10:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2012/10/07 23:10:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2012/10/07 23:10:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2012/10/07 23:10:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2012/10/07 23:10:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2012/10/07 23:10:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2012/10/07 23:10:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2012/10/07 23:10:27 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2012/10/07 23:10:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2012/10/07 23:10:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2012/10/07 23:10:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2012/10/07 23:10:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2012/10/07 23:10:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2012/10/07 23:10:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2012/10/07 23:10:25 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2012/10/07 23:10:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2012/10/07 23:10:25 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2012/10/07 23:10:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2012/10/07 23:10:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2012/10/07 23:10:25 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2012/10/07 23:10:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2012/10/07 23:10:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2012/10/07 23:10:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2012/10/07 23:10:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2012/10/07 23:10:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2012/10/07 23:10:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2012/10/07 23:10:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2012/10/07 23:10:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2012/10/07 23:10:24 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2012/10/07 23:10:24 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2012/10/07 23:10:24 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2012/10/07 23:10:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2012/10/07 23:10:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2012/10/07 23:10:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2012/10/07 23:10:24 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2012/10/07 23:10:24 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2012/10/07 23:10:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2012/10/07 23:10:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2012/10/07 23:10:22 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2012/10/07 23:10:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2012/10/07 23:10:22 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2012/10/07 23:10:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2012/10/07 23:10:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2012/10/07 23:10:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2012/10/07 23:10:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2012/10/07 23:10:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2012/10/07 23:10:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2012/10/07 23:10:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2012/10/07 23:10:20 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2012/10/07 23:10:20 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2012/10/07 23:10:20 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2012/10/07 23:10:20 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2012/10/07 23:10:20 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2012/10/07 23:10:20 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2012/10/07 23:10:20 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/10/07 23:10:20 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/10/07 23:10:20 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2012/10/07 23:10:20 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2012/10/07 23:10:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/10/07 23:10:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/10/07 23:10:20 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2012/10/07 23:10:20 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2012/10/07 23:10:20 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2012/10/07 23:10:19 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2012/10/07 23:10:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2012/10/07 23:10:19 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2012/10/07 23:10:19 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2012/10/07 23:10:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2012/10/07 23:10:19 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2012/10/07 23:10:19 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2012/10/07 23:10:19 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2012/10/07 23:10:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2012/10/07 23:10:19 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2012/10/07 23:10:19 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2012/10/07 23:10:19 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2012/10/07 23:10:19 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2012/10/07 23:10:19 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2012/10/07 23:10:18 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2012/10/07 23:10:18 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2012/10/07 23:10:18 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2012/10/07 23:10:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2012/10/07 23:10:18 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2012/10/07 23:10:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2012/10/07 23:10:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2012/10/07 23:10:17 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2012/10/07 23:10:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/10/07 23:10:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/10/07 23:10:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/10/07 23:10:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/10/07 23:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/10/07 23:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/10/07 23:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/10/07 23:10:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/10/07 23:09:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/10/07 23:09:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/10/07 23:09:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/10/07 23:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/10/07 23:06:05 | 000,000,000 | ---D | C] -- C:\System
[2012/10/07 23:03:30 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/10/07 23:03:30 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/10/07 23:03:30 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/10/07 23:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\OEM
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/10/07 23:03:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/10/07 22:57:58 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2012/10/07 22:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/10/07 22:33:21 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/10/07 22:33:21 | 000,060,872 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/10/07 22:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/10/07 22:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/10/07 22:32:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2012/10/07 22:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2012/10/07 22:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/10/07 22:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton Internet Security
[2012/10/07 22:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/10/07 22:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/10/07 22:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2012/10/07 22:30:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/07 22:27:01 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/10/07 22:25:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/10/07 22:25:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/10/07 22:25:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/10/07 22:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/10/07 22:25:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/10/07 22:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/10/07 22:23:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/10/07 22:23:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/10/07 22:23:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/10/07 22:23:57 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/10/07 22:23:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/10/07 22:23:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/10/07 22:23:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/10/07 22:23:56 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/10/07 22:23:56 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/10/07 22:23:56 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/10/07 22:23:56 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/10/07 22:23:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/10/07 22:23:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/10/07 22:23:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/10/07 22:23:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/10/07 22:23:54 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/10/07 22:23:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/10/07 22:23:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/10/07 22:23:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/10/07 22:23:54 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/10/07 22:23:54 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/10/07 22:23:54 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/10/07 22:23:53 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/10/07 22:23:53 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/10/07 22:23:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/10/07 22:23:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/10/07 22:23:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/10/07 22:23:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/10/07 22:23:51 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/10/07 22:23:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/10/07 22:23:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/10/07 22:23:51 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/10/07 22:23:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/10/07 22:23:51 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/10/07 22:23:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/10/07 22:23:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/10/07 22:23:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/10/07 22:23:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/10/07 22:23:51 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/10/07 22:23:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/10/07 22:23:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/10/07 22:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/10/07 22:23:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/10/07 22:23:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/10/07 22:23:49 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/10/07 22:23:49 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/10/07 22:23:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/10/07 22:23:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/10/07 22:23:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/10/07 22:23:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/10/07 22:23:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/10/07 22:23:48 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/10/07 22:23:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/10/07 22:23:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/10/07 22:23:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/10/07 22:23:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/10/07 22:23:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/10/07 22:23:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/10/07 22:23:46 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/10/07 22:23:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012/10/07 22:23:46 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/10/07 22:23:46 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012/10/07 22:23:46 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/10/07 22:23:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/10/07 22:23:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/10/07 22:23:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/10/07 22:23:45 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/10/07 22:23:44 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/10/07 22:23:43 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/10/07 22:23:43 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/10/07 22:23:41 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/10/07 22:23:41 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/10/07 22:23:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/10/07 22:23:39 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/10/07 22:23:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/10/07 22:23:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/10/07 22:23:39 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/10/07 22:23:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/10/07 22:23:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/10/07 22:23:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/10/07 22:23:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/10/07 22:23:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/10/07 22:23:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/10/07 22:23:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/10/07 22:23:37 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/10/07 22:23:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/10/07 22:23:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/10/07 22:23:37 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/10/07 22:23:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/10/07 22:23:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/10/07 22:23:36 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/10/07 22:23:36 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/10/07 22:23:36 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/10/07 22:23:36 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/10/07 22:23:36 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/10/07 22:23:36 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/10/07 22:23:36 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/10/07 22:23:36 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/10/07 22:23:36 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/10/07 22:23:35 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/10/07 22:23:35 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/10/07 22:23:35 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/10/07 22:23:35 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/10/07 22:23:35 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/10/07 22:23:35 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/10/07 22:23:35 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/10/07 22:23:35 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/10/07 22:23:35 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/10/07 22:23:35 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/10/07 22:23:34 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/10/07 22:23:34 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/10/07 22:23:34 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/10/07 22:23:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/10/07 22:23:32 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/10/07 22:23:28 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/10/07 22:23:27 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/10/07 22:23:26 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/10/07 22:23:26 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/10/07 22:23:26 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/10/07 22:23:26 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/10/07 22:23:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/10/07 22:23:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/10/07 22:23:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/10/07 22:23:24 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/10/07 22:23:24 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/10/07 22:23:24 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/10/07 22:23:24 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/10/07 22:23:24 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/10/07 22:23:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/10/07 22:23:21 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/10/07 22:23:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/10/07 22:23:20 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/10/07 22:23:20 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/10/07 22:23:20 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/10/07 22:23:20 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/10/07 22:23:20 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/10/07 22:23:20 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/10/07 22:23:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/10/07 22:23:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/10/07 22:23:19 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/10/07 22:23:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/10/07 22:23:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/10/07 22:23:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/10/07 22:23:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/10/07 22:23:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/10/07 22:23:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/10/07 22:23:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/10/07 22:23:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/10/07 22:23:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/10/07 22:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/10/07 22:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/10/07 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/07 22:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/07 22:22:02 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/10/07 22:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/10/07 22:22:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/10/07 22:21:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\fsc
[2012/10/07 22:21:29 | 000,000,000 | ---D | C] -- C:\AddOn
[2012/10/07 22:21:09 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/10/07 22:21:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/10/07 22:21:05 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/10/07 22:20:49 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2012/10/07 22:20:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/10/07 22:20:19 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/10/07 22:20:19 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/10/07 22:20:13 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/10/07 22:19:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/10/07 22:19:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2012/10/07 22:19:44 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2012/10/07 22:19:44 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2012/10/07 22:19:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2012/10/07 22:19:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2012/10/07 22:19:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2012/10/07 22:19:36 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2012/10/07 22:19:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2012/10/07 22:19:36 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2012/10/07 22:19:35 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2012/10/07 22:19:35 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2012/10/07 22:19:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2012/10/07 22:19:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2012/10/07 22:19:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2012/10/07 22:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/10/07 22:19:32 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2012/10/07 22:19:32 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2012/10/07 22:19:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2012/10/07 22:19:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2012/10/07 22:19:32 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2012/10/07 22:19:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2012/10/07 22:19:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/10/07 22:19:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2012/10/07 22:19:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2012/10/07 22:19:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/10/07 22:19:31 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2012/10/07 22:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/10/07 22:19:28 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2012/10/07 22:19:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/10/07 22:19:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/10/07 22:19:27 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2012/10/07 22:19:27 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2012/10/07 22:19:27 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2012/10/07 22:19:27 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2012/10/07 22:19:27 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2012/10/07 22:19:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2012/10/07 22:19:26 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2012/10/07 22:19:26 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/10/07 22:19:26 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/10/07 22:19:26 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2012/10/07 22:19:26 | 000,210,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/10/07 22:19:26 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2012/10/07 22:19:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2012/10/07 22:19:26 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/10/07 22:19:25 | 001,933,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/10/07 22:19:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/10/07 22:19:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/10/07 22:19:25 | 000,219,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/10/07 22:19:25 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2012/10/07 22:19:25 | 000,053,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/10/07 22:19:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/10/07 22:19:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/10/07 22:19:25 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2012/10/07 22:19:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2012/10/07 22:19:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2012/10/07 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/10/07 22:19:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2012/10/07 22:19:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2012/10/07 22:19:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2012/10/07 22:19:19 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2012/10/07 22:19:16 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2012/10/07 22:19:16 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2012/10/07 22:19:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/10/07 22:19:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2012/10/07 22:19:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2012/10/07 22:19:15 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2012/10/07 22:19:15 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2012/10/07 22:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2012/10/07 22:19:12 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2012/10/07 22:19:12 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2012/10/07 22:19:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2012/10/07 22:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/10/07 22:19:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2012/10/07 22:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/10/07 22:19:09 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2012/10/07 22:19:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2012/10/07 22:19:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2012/10/07 22:19:09 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2012/10/07 22:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/10/07 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/10/07 22:19:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/10/07 22:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/10/07 22:18:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/10/07 22:18:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/10/07 22:18:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/10/07 22:18:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/10/07 22:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/10/07 22:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/10/07 22:18:26 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2012/10/07 22:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/10/07 22:18:25 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2012/10/07 22:18:25 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2012/10/07 22:18:25 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2012/10/07 22:18:25 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2012/10/07 22:18:25 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2012/10/07 22:18:25 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2012/10/07 22:18:25 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2012/10/07 22:18:25 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2012/10/07 22:18:25 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2012/10/07 22:18:25 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2012/10/07 22:18:25 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2012/10/07 22:18:25 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2012/10/07 22:18:25 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2012/10/07 22:18:24 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2012/10/07 22:18:24 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2012/10/07 22:18:24 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2012/10/07 22:18:24 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2012/10/07 22:18:24 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2012/10/07 22:18:24 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2012/10/07 22:18:24 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2012/10/07 22:18:23 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2012/10/07 22:18:23 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2012/10/07 22:18:23 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2012/10/07 22:18:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2012/10/07 22:18:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2012/10/07 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/10/07 22:18:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2012/10/07 22:18:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2012/10/07 22:18:17 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2012/10/07 22:18:17 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2012/10/07 22:18:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2012/10/07 22:18:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2012/10/07 22:18:17 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2012/10/07 22:18:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2012/10/07 22:18:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2012/10/07 22:18:17 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2012/10/07 22:18:16 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2012/10/07 22:18:16 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2012/10/07 22:18:11 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2012/10/07 22:18:11 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2012/10/07 22:18:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2012/10/07 22:18:10 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2012/10/07 22:18:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2012/10/07 22:18:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2012/10/07 22:18:10 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2012/10/07 22:18:10 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2012/10/07 22:18:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2012/10/07 22:18:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2012/10/07 22:18:10 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2012/10/07 22:18:10 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2012/10/07 22:18:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2012/10/07 22:18:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2012/10/07 22:18:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2012/10/07 22:18:09 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2012/10/07 22:18:09 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2012/10/07 22:18:09 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2012/10/07 22:18:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2012/10/07 22:18:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2012/10/07 22:18:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2012/10/07 22:18:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2012/10/07 22:18:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2012/10/07 22:18:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2012/10/07 22:18:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2012/10/07 22:18:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2012/10/07 22:18:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2012/10/07 22:18:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2012/10/07 22:18:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2012/10/07 22:18:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2012/10/07 22:18:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2012/10/07 22:18:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2012/10/07 22:18:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2012/10/07 22:18:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2012/10/07 22:18:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2012/10/07 22:18:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2012/10/07 22:18:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2012/10/07 22:18:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2012/10/07 22:18:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2012/10/07 22:18:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2012/10/07 22:18:08 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2012/10/07 22:18:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2012/10/07 22:18:08 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2012/10/07 22:18:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2012/10/07 22:18:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2012/10/07 22:18:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2012/10/07 22:18:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2012/10/07 22:18:07 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2012/10/07 22:18:07 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2012/10/07 22:18:07 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2012/10/07 22:18:07 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2012/10/07 22:18:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2012/10/07 22:18:05 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2012/10/07 22:18:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2012/10/07 22:18:05 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2012/10/07 22:18:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2012/10/07 22:18:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2012/10/07 22:18:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2012/10/07 22:18:04 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2012/10/07 22:18:04 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2012/10/07 22:18:04 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2012/10/07 22:18:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2012/10/07 22:18:04 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2012/10/07 22:18:04 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2012/10/07 22:18:04 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2012/10/07 22:18:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2012/10/07 22:18:04 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2012/10/07 22:18:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2012/10/07 22:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/10/07 22:17:54 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2012/10/07 22:17:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2012/10/07 22:17:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2012/10/07 22:17:54 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2012/10/07 22:17:54 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2012/10/07 22:17:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2012/10/07 22:17:53 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2012/10/07 22:17:53 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2012/10/07 22:17:53 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2012/10/07 22:17:53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2012/10/07 22:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/10/07 22:17:52 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2012/10/07 22:17:52 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2012/10/07 22:17:52 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2012/10/07 22:17:52 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2012/10/07 22:17:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2012/10/07 22:17:52 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2012/10/07 22:17:52 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2012/10/07 22:17:51 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2012/10/07 22:17:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2012/10/07 22:17:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2012/10/07 22:17:51 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2012/10/07 22:17:51 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2012/10/07 22:17:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2012/10/07 22:17:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2012/10/07 22:17:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2012/10/07 22:17:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/10/07 22:17:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2012/10/07 22:17:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2012/10/07 22:17:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/10/07 22:17:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2012/10/07 22:17:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2012/10/07 22:17:48 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2012/10/07 22:17:44 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2012/10/07 22:17:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2012/10/07 22:17:44 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2012/10/07 22:17:44 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2012/10/07 22:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 20:16:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/10/18 20:08:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/18 20:06:02 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\System Restore.lnk
[2012/10/17 19:26:06 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/17 19:01:40 | 000,013,670 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/16 09:17:26 | 000,010,074 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121008.022
[2012/10/15 18:29:16 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/10/15 18:29:16 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/10/15 18:29:16 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/10/15 18:29:16 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/10/15 18:29:16 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/10/15 18:29:16 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/10/15 18:25:41 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/10/14 17:18:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\SAS.lnk
[2012/10/14 09:09:10 | 000,001,590 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Services.lnk
[2012/10/14 09:09:10 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Windows Update.lnk
[2012/10/14 09:09:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBAM.lnk
[2012/10/14 09:09:10 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Security Center.lnk
[2012/10/12 08:44:29 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/12 08:43:30 | 000,570,515 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB
[2012/10/11 08:49:21 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/10/11 08:47:11 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Word.lnk
[2012/10/10 19:45:56 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/10 19:45:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Internet.lnk
[2012/10/10 19:29:58 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/10/10 19:29:05 | 000,600,513 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/10 19:21:05 | 000,381,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/10 19:21:05 | 000,053,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/09 21:16:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 20:30:45 | 000,013,670 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012/10/09 20:30:43 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/10/09 20:10:06 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton.LNK
[2012/10/09 20:08:37 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/10/09 20:08:37 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/10/09 20:08:37 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/10/09 20:08:37 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/10/09 18:34:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/10/09 18:27:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/10/07 23:30:46 | 000,016,579 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2012/10/07 23:29:58 | 000,151,566 | ---- | M] () -- C:\WINDOWS\System32\UninstIPP.isu
[2012/10/07 23:29:43 | 000,000,324 | ---- | M] () -- C:\WINDOWS\setup.iss
[2012/10/07 23:17:37 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/10/07 22:25:35 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/10/07 22:24:05 | 000,000,308 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/10/07 22:20:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/07 22:20:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/10/07 22:20:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/10/07 22:20:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/10/07 22:20:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/10/07 22:20:57 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/10/07 22:20:57 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/10/07 22:20:50 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/07 22:19:00 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/07 22:17:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/18 20:06:00 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\System Restore.lnk
[2012/10/16 09:18:09 | 000,010,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\VT20121008.022
[2012/10/14 17:18:49 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\SAS.lnk
[2012/10/14 09:09:10 | 000,001,590 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Services.lnk
[2012/10/14 09:09:10 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Windows Update.lnk
[2012/10/14 09:09:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBAM.lnk
[2012/10/14 09:09:10 | 000,000,246 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Security Center.lnk
[2012/10/12 08:43:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2012/10/12 08:43:30 | 000,026,960 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/10/12 08:43:30 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/10/11 08:48:01 | 000,002,509 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Word.lnk
[2012/10/11 08:45:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/10/10 19:50:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/10 19:45:55 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/10 19:45:55 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Internet.lnk
[2012/10/10 19:33:14 | 000,600,513 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/10/09 20:40:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/10/09 20:40:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/10/09 20:30:46 | 000,013,670 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2012/10/09 20:30:43 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/10/09 20:09:48 | 000,570,515 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\Cat.DB
[2012/10/09 20:08:17 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symnetv.cat
[2012/10/09 20:08:17 | 000,007,492 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symds.cat
[2012/10/09 20:08:17 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symnet.cat
[2012/10/09 20:08:17 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\iron.cat
[2012/10/09 20:08:17 | 000,007,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\ccsetx86.cat
[2012/10/09 20:08:17 | 000,007,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\srtspx.cat
[2012/10/09 20:08:17 | 000,003,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symefa.inf
[2012/10/09 20:08:17 | 000,002,852 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symds.inf
[2012/10/09 20:08:17 | 000,001,469 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symnetv.inf
[2012/10/09 20:08:17 | 000,001,441 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symnet.inf
[2012/10/09 20:08:17 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\srtspx.inf
[2012/10/09 20:08:17 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\srtsp.inf
[2012/10/09 20:08:17 | 000,000,827 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\ccsetx86.inf
[2012/10/09 20:08:17 | 000,000,742 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\iron.inf
[2012/10/09 20:08:05 | 000,008,942 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symvtcer.dat
[2012/10/09 20:08:05 | 000,007,434 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\symefa.cat
[2012/10/09 20:08:05 | 000,007,380 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\srtsp.cat
[2012/10/09 20:08:05 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1309000.009\isolate.ini
[2012/10/09 19:58:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2012/10/09 19:54:47 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/10/09 19:54:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/10/09 19:54:40 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/10/09 19:54:40 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/10/09 18:29:53 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2012/10/09 18:29:53 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2012/10/09 18:29:53 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2012/10/09 18:29:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2012/10/09 18:29:53 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2012/10/09 18:29:53 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2012/10/09 18:29:53 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2012/10/09 18:29:53 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2012/10/09 18:29:53 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2012/10/09 18:29:53 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2012/10/09 18:29:53 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2012/10/09 18:29:53 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2012/10/09 18:29:52 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2012/10/09 18:29:52 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2012/10/09 18:29:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2012/10/09 18:29:52 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2012/10/09 18:29:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2012/10/09 18:29:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2012/10/09 18:29:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2012/10/09 18:29:52 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2012/10/09 18:29:52 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2012/10/09 18:29:52 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2012/10/09 18:29:52 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2012/10/09 18:29:52 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2012/10/09 18:29:52 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2012/10/09 18:29:52 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2012/10/09 18:29:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2012/10/09 18:29:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2012/10/09 18:29:52 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2012/10/09 18:29:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2012/10/09 18:29:52 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2012/10/09 18:29:52 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2012/10/09 18:29:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2012/10/09 18:29:52 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2012/10/09 18:29:52 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2012/10/09 18:29:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2012/10/09 18:29:52 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2012/10/09 18:29:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2012/10/09 18:29:52 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2012/10/09 18:29:52 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2012/10/09 18:29:52 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2012/10/09 18:29:52 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2012/10/09 18:29:52 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2012/10/09 18:29:52 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2012/10/09 18:29:52 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2012/10/09 18:29:52 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2012/10/09 18:29:52 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2012/10/09 18:29:52 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2012/10/09 18:29:52 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2012/10/09 18:29:52 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2012/10/09 18:29:52 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2012/10/09 18:29:52 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2012/10/09 18:29:52 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2012/10/09 18:29:52 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2012/10/09 18:29:52 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2012/10/09 18:29:52 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2012/10/09 18:29:52 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2012/10/09 18:29:52 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2012/10/09 18:29:52 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2012/10/09 18:29:52 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2012/10/09 18:29:52 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2012/10/09 18:29:52 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2012/10/09 18:29:52 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2012/10/09 18:29:52 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2012/10/09 18:29:51 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2012/10/09 18:29:51 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2012/10/09 18:29:51 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2012/10/09 18:29:51 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2012/10/09 18:29:51 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2012/10/09 18:29:51 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2012/10/09 18:29:51 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2012/10/09 18:29:51 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2012/10/09 18:29:51 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2012/10/09 18:29:51 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2012/10/09 18:29:51 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2012/10/09 18:29:51 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2012/10/09 18:29:51 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2012/10/09 18:29:51 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2012/10/09 18:29:51 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2012/10/09 18:29:51 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2012/10/09 18:28:00 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2012/10/09 18:27:59 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2012/10/09 18:27:59 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2012/10/08 07:20:13 | 000,061,591 | ---- | C] () -- C:\WINDOWS\ImageMike.gif
[2012/10/08 07:20:13 | 000,031,389 | ---- | C] () -- C:\WINDOWS\ImageAlison.gif
[2012/10/07 23:29:52 | 000,151,566 | ---- | C] () -- C:\WINDOWS\System32\UninstIPP.isu
[2012/10/07 23:29:52 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2012/10/07 23:29:41 | 000,009,606 | ---- | C] () -- C:\WINDOWS\System32\NEWSOFT
[2012/10/07 23:29:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2012/10/07 23:28:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2012/10/07 23:28:53 | 000,000,324 | ---- | C] () -- C:\WINDOWS\setup.iss
[2012/10/07 23:24:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcivs.dll
[2012/10/07 23:24:05 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxcicoin.dll
[2012/10/07 23:23:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcicnv4.dll
[2012/10/07 23:23:34 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lxciinst.dll
[2012/10/07 23:23:34 | 000,016,579 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2012/10/07 23:23:33 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciusb1.dll
[2012/10/07 23:23:33 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciinpa.dll
[2012/10/07 23:23:33 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciiesc.dll
[2012/10/07 23:23:33 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihcp.dll
[2012/10/07 23:23:32 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciserv.dll
[2012/10/07 23:23:32 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciprox.dll
[2012/10/07 23:23:31 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipmui.dll
[2012/10/07 23:23:31 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcipplc.dll
[2012/10/07 23:23:30 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcilmpm.dll
[2012/10/07 23:23:29 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcihbn3.dll
[2012/10/07 23:23:29 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxciih.exe
[2012/10/07 23:23:29 | 000,299,602 | ---- | C] () -- C:\WINDOWS\System32\lxcihelp.chm
[2012/10/07 23:23:27 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomc.dll
[2012/10/07 23:23:27 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicoms.exe
[2012/10/07 23:23:27 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicomm.dll
[2012/10/07 23:23:26 | 000,381,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcicfg.exe
[2012/10/07 23:23:26 | 000,001,710 | ---- | C] () -- C:\WINDOWS\System32\lxci.loc
[2012/10/07 23:22:57 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/10/07 23:22:45 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/10/07 23:17:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/10/07 23:17:34 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Outlook Express.lnk
[2012/10/07 23:17:03 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Internet Explorer.lnk
[2012/10/07 23:17:01 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Remote Assistance.lnk
[2012/10/07 23:17:01 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Windows Media Player.lnk
[2012/10/07 23:10:35 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/10/07 23:10:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/10/07 23:10:32 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/10/07 23:10:32 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/10/07 23:10:31 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/10/07 23:10:31 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/10/07 23:10:18 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/10/07 23:10:11 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2012/10/07 23:10:11 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/10/07 23:10:11 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/10/07 23:10:11 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/10/07 23:10:11 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/10/07 23:10:11 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/10/07 23:10:11 | 000,007,506 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/10/07 23:10:11 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/10/07 23:09:38 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/07 23:08:00 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/10/07 23:07:58 | 000,000,308 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/10/07 22:33:21 | 000,007,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/10/07 22:33:21 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2012/10/07 22:33:18 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton.LNK
[2012/10/07 22:25:35 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/10/07 22:24:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/10/07 22:23:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/10/07 22:23:39 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/10/07 22:23:36 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/10/07 22:23:36 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/10/07 22:23:34 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/10/07 22:23:30 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/10/07 22:23:27 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/10/07 22:23:20 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/10/07 22:22:59 | 000,017,638 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2012/10/07 22:22:58 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2012/10/07 22:20:59 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/10/07 22:20:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/10/07 22:20:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/10/07 22:20:59 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/10/07 22:20:59 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/10/07 22:20:57 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/10/07 22:20:57 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/10/07 22:20:56 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/10/07 22:20:04 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/10/07 22:19:42 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/10/07 22:19:42 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/10/07 22:19:36 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/10/07 22:19:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/10/07 22:18:12 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/10/07 22:18:12 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/10/07 22:18:12 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/10/07 22:18:12 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/10/07 22:18:12 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/10/07 22:18:12 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/10/07 22:18:12 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/10/07 22:18:12 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/10/07 22:18:12 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/10/07 22:18:12 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/10/07 22:18:12 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/10/07 22:18:09 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/10/07 22:18:09 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/10/07 22:18:08 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/10/07 22:18:04 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

========== ZeroAccess Check ==========

[2012/10/07 22:22:07 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >






OTL Extras logfile created on: 18/10/2012 20:20:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.47% Memory free
4.83 Gb Paging File | 4.24 Gb Available in Paging File | 87.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 407.94 Gb Free Space | 87.59% Space Free | Partition Type: NTFS

Computer Name: PC-053DAA42FD | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1078081533-1060284298-725345543-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxcicoms.exe" = C:\WINDOWS\system32\lxcicoms.exe:*:Enabled:Lexmark Communications System -- ( )
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
"{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}" = Presto! PageManager 7.12.10
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"BT Home Hub" = BT Home Hub
"BT Wireless Connection Manager" = BT Wireless Connection Manager
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Lexmark 7300 Series" = Lexmark 7300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2012 15:39:40 | Computer Name = PC-053DAA42FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/10/2012 15:40:18 | Computer Name = PC-053DAA42FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/10/2012 16:19:27 | Computer Name = PC-053DAA42FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 10/10/2012 16:19:33 | Computer Name = PC-053DAA42FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/10/2012 19:21:56 | Computer Name = PC-053DAA42FD | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 19.9.0.9, faulting module
asoelnch.exe, version 19.9.0.9, fault address 0x000019d6.

[ System Events ]
Error - 17/10/2012 14:03:08 | Computer Name = PC-053DAA42FD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 ccSet_NIS eeCtrl Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SASDIFSV
SASKUTIL
SRTSPX
SymIRON
SYMTDI
Tcpip

Error - 17/10/2012 14:34:43 | Computer Name = PC-053DAA42FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/10/2012 15:08:16 | Computer Name = PC-053DAA42FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/10/2012 15:09:16 | Computer Name = PC-053DAA42FD | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 17/10/2012 15:09:16 | Computer Name = PC-053DAA42FD | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 17/10/2012 15:09:16 | Computer Name = PC-053DAA42FD | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 17/10/2012 15:09:16 | Computer Name = PC-053DAA42FD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 ccSet_NIS eeCtrl Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
SASDIFSV
SASKUTIL
SRTSPX
SymIRON
SYMTDI
Tcpip

Error - 17/10/2012 15:14:49 | Computer Name = PC-053DAA42FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 17/10/2012 15:57:10 | Computer Name = PC-053DAA42FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 17/10/2012 22:00:16 | Computer Name = PC-053DAA42FD | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Flash Player (KB923789).


< End of report >




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 20:41:30
-----------------------------
20:41:30.515 OS Version: Windows 5.1.2600 Service Pack 3
20:41:30.515 Number of processors: 2 586 0x170A
20:41:30.515 ComputerName: PC-053DAA42FD UserName: Admin
20:41:32.171 Initialize success
20:45:38.390 AVAST engine defs: 12101801
20:46:32.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:46:32.140 Disk 0 Vendor: ST3500418AS HP34 Size: 476940MB BusType: 3
20:46:32.156 Disk 0 MBR read successfully
20:46:32.156 Disk 0 MBR scan
20:46:32.187 Disk 0 Windows XP default MBR code
20:46:32.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
20:46:32.187 Disk 0 scanning sectors +976752000
20:46:32.250 Disk 0 scanning C:\WINDOWS\system32\drivers
20:46:39.859 Service scanning
20:46:49.453 Modules scanning
20:46:53.359 Disk 0 trace - called modules:
20:46:53.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:46:53.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4c0ab8]
20:46:53.390 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a4cb3b8]
20:46:53.390 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a4ca940]
20:46:56.156 AVAST engine scan C:\WINDOWS
20:47:05.781 AVAST engine scan C:\WINDOWS\system32
20:48:38.734 AVAST engine scan C:\WINDOWS\system32\drivers
20:49:01.406 AVAST engine scan C:\Documents and Settings\Admin
20:49:28.156 AVAST engine scan C:\Documents and Settings\All Users
20:49:56.312 Scan finished successfully
20:53:48.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
20:53:48.937 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 AM

Posted 18 October 2012 - 05:51 PM

Hello again,

I'd like you to run another tool for me:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In addition to the Combofix log, please let me know if the computer is still running slow, and if you had any trouble with the above steps!

bloopie

#11 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 19 October 2012 - 02:54 AM

Hi,

All done. Installed Recovery Console. No errors or warnings. No reboot required.

Here you go...

(Off to work now... will have a play on the PC tonight and let you know if still running slowly)

Many thanks
Mike


ComboFix 12-10-18.03 - Admin 19/10/2012 8:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3061.2400 [GMT 1:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Desktop\Security Center.lnk
c:\documents and settings\Alison\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msstdfmt.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-12 07:41 . 2012-10-12 07:44 -------- d-----w- C:\Intel
2012-10-11 07:43 . 2012-10-11 07:43 -------- d-----r- C:\MSOCache
2012-10-10 18:43 . 2012-10-19 07:31 -------- d-----w- C:\Downloads
2012-10-08 17:46 . 2012-10-08 22:07 -------- d-----w- C:\Photos
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:29 . 2012-08-30 20:29 81920 ------w- c:\windows\system32\ieencode.dll
2012-08-28 15:14 . 2004-09-29 18:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-09-06 01:27 . 2012-10-10 18:45 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LXCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-02-02 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-02-02 103344]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"btbb_wcm_McciTrayApp"="c:\program files\btbb_wcm\McciTrayApp.exe" [2005-12-29 543232]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-26 137752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcicoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309000.009\symds.sys [09/10/2012 20:08 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309000.009\symefa.sys [09/10/2012 20:08 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [28/09/2012 01:02 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309000.009\ccsetx86.sys [09/10/2012 20:08 132768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309000.009\ironx86.sys [09/10/2012 20:08 149624]
R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [09/10/2012 20:08 138272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/10/2012 20:08 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121018.001\IDSXpx86.sys [19/10/2012 08:26 373728]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 19:54 116608]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/10/2012 19:45 114144]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\amltwito.default\
FF - ExtSQL: 2012-10-10 19:21; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF - ExtSQL: 2012-10-10 23:48; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF - ExtSQL: 2012-10-15 18:29; jqs@sun.com; c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - ExtSQL: 2012-10-15 18:29; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-19 08:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-10-19 08:44:51
ComboFix-quarantined-files.txt 2012-10-19 07:44
.
Pre-Run: 437,921,583,104 bytes free
Post-Run: 438,064,439,296 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 46117B48E8C927EA036EC2AAB7F0B30A

#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 AM

Posted 19 October 2012 - 04:27 PM

Hello again,

Combofix has taken care of some things, but I suspect we can find some more.

The first scan I will have you run in step 2 below will not take long at all, however the MBAM scan can take 1-3 hours, and the ESET scan can similarly take around 3 hours. ESET may even take longer depending on your internet speed and the size of your hard drive.

==========

Step :step1:

Launch MBAM and fully update it. Once updated just close the program for now.

Step :step2:

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer after the run of RKill! If you do, you will need to run the application again.

Step :step3:

Now Launch MBAM again and run a full system scan. Remove all it finds and you may reboot the machine now if needed.

==========

Step :step4:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

==========

In your next reply, please include the following:

  • The RKill log
  • The MBAM log
  • The ESET log
  • Any problems? How is the machine running now?

bloopie

#13 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 21 October 2012 - 03:50 AM

Hi, thanks I'll give this a go today/tomorrow. Is it safe to run ESET with the anti-virus disabled? Doesn't it open my PC up to further problems running for several hours connected to the internet with no AV? Or will the Norton firewall still provide the necessary protection? Sorry for the stupid questions... just want to be sure before I go ahead...

Many thanks
Mike

#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:06:45 AM

Posted 21 October 2012 - 09:19 AM

Hi again,

The questions are not stupid at all and it's good to know what you're getting into! :thumbup2:

Indeed you will be connected to the internet for a time without an AV running, but the site itself is safe so you needn't worry too much.

You won't be "actively" surfing the net and clicking unknown links during the scan which is the easiest way to get infected in the first place. You'll be idle at only one safe site, and that site will be scanning your computer for infections. :wink:

When the scan is finished be sure to copy the logfile! Please run the scans in the order of the steps I outlined above, that's very important.

Take your time, and I'll be looking for the logs when your finished. :)

bloopie

#15 XPUser24

XPUser24
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 21 October 2012 - 10:45 AM

Hi,

I've run rkill and mbam and all seems fine. Log files saved (but not posted yet).

I Tried to run ESET in IE8 and it did something odd. I ticked the checkbox [YES, I accept the Terms of Use] and then clicked the [Start] button. The system played the brief sound that normally plays when the information bar appears at the top of the window. But the information bar didn't appear. Instead a yellow balloon appeared telling me that a tab had been recovered.

The terms of use checkbox was still checked and greyed out and the start button also greyed out so I couldn't go any further.

I checked my IE security settings which were set to custom (not sure why) and I reset to Medium/High. I closed IE and tried the whole thing again. Same thing happened - no information bar.

What should I do next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users