Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine redirect/pop-up & pop-unders [Solved]

Started by Selena Nichols , May 20 2009 09:12 AM

  • This topic is locked This topic is locked

#1
Selena Nichols
Posted 20 May 2009 - 09:12 AM

Selena Nichols

    Member

  • Member
  • PipPip
  • 16 posts
Hello all, hope someone can help me out-

Symptoms: When clicking on any search engine results links I am re-directed to spam sites. Pop-up and pop-unders as well. Problem present in both IE 6.0 and Firefox 3.0.10. I attempted install IE 7.0 but could not access the download.

System:
Windows XP Professional
Version 2002
Service Pack 2

HP Compaq dc5700 Microtower
Pentium D CPU 3.40GHz

Steps taken thus far:

-Successfully ran ATF Cleaner against Windows and Firefox

-Ran SysRestorePoint.exe but received a pop-up "Restore Point creation Failed!"
When I closed the pop-up saying that a new restore point HAD been created.

-Successfully ran ERUNT

-I was unable to run MBAM at all. I had to download it onto another computer and install from
a CD, but even after installation I could not run MBAM on the infected computer.

-Ran a full scan of the computer with Avira AntiVir Personal, rebooted computer at its direction

-Could not run Windows Update via IE or Firefox. Both browsers gave Google error pages
"The requested URL /windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5 was not found on this server."

-Installed and ran Rooter.exe (log below)

-Installed and ran OTListIt2 (logs below)

Thank you in advance to anyone who can help me!

Selena

Rooter Log
*****
Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:66056 Mo/Free:786 Mo)
D:\ [Fixed] - NTFS - (Total:10244 Mo/Free:230 Mo)
E:\ [CD-Rom] (Total:646 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:2 Mo/Free:0 Mo)

Wed 05/20/2009|10:31

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Avira\AntiVir Desktop\sched.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
---------- C:\Program Files\PDF Complete\pdfsvc.exe
---------- C:\WINDOWS\system32\HPZipm12.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\USB Disk Win98 Driver\Res.EXE
---------- C:\WINDOWS\SMINST\Scheduler.exe
---------- C:\WINDOWS\system32\igfxpers.exe
---------- C:\WINDOWS\system32\igfxtray.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
---------- C:\Program Files\Internet Explorer\IEXPLORE.EXE
---------- c:\program files\aol radio toolbar\aolradiotbServer.exe
---------- C:\WINDOWS\system32\NOTEPAD.EXE
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

==> VUNDO <==

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.62,85.255.112.231
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.62,85.255.112.231
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.62,85.255.112.231
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\..\{F5351932-01DC-4AA4-BBDF-F55045F4262D}]
NameServer REG_SZ 85.255.112.62,85.255.112.231
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{F5351932-01DC-4AA4-BBDF-F55045F4262D}]
NameServer REG_SZ 85.255.112.62,85.255.112.231
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F5351932-01DC-4AA4-BBDF-F55045F4262D}]
NameServer REG_SZ 85.255.112.62,85.255.112.231
==> WAREOUT <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\ADMINI~1\My Documents\Downloaded Files\crack.rar


1 - "C:\Rooter$\Rooter_1.txt" - Wed 05/20/2009|10:33

----------------------\\ Scan completed at 10:33
*****

OTListIt Log
*****
OTListIt logfile created on: 5/20/2009 10:37:00 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop\MalWare Removal
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 671.64 Mb Available Physical Memory | 66.16% Memory free
2.39 Gb Paging File | 2.10 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 40.77 Gb Free Space | 63.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.23 Gb Free Space | 42.23% Space Free | Partition Type: NTFS
Drive E: | 647.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIRVANA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - c:\program files\aol radio toolbar\aolradiotbServer.exe (AOL LLC.)
PRC - \?\globalroot\C:\WINDOWS\system32\rundll32.exe File not found
PRC - C:\Documents and Settings\Administrator\Desktop\MalWare Removal\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AshEvtSvc [Auto | Stopped]) -- File not found
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (odserv [On_Demand | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- File not found
SRV - (PCA [Auto | Stopped]) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks)
SRV - (pdfcDispatcher [Auto | Running]) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\baspxp32.sys (Broadcom Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV08nt.sys (Intel® Corporation)
DRV - (iAimFP7 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV09nt.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV06nt.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OVCD.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (Symmpi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (VirtDisk [On_Demand | Stopped]) -- c:\windows\sminst\VirtDisk.sys (XSS)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/login.php"
FF - prefs.js..extensions.enabledItems: {FC8CE4AF-8557-4155-89C4-500F5EEF1E68}:1.0
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/15 19:30:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/15 19:30:24 | 00,000,000 | ---D | M]

[2009/05/08 01:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/05/08 01:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/20 04:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9803q1w.default\extensions
[2008/12/06 18:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9803q1w.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/05/11 20:12:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9803q1w.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2009/05/11 20:12:36 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z9803q1w.default\searchplugins\aol-search.xml
[2009/05/20 04:40:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/15 19:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/16 13:21:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{FC8CE4AF-8557-4155-89C4-500F5EEF1E68}
[2009/05/15 19:30:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/15 19:30:18 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 11:25:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (C:\WINDOWS\system32\afnoinkdsfe.dll) - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll ()
O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [Framework Windows] frmwrk32.exe File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash" ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\ADMINI~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKCU..\Run: [ptidle] "C:\Documents and Settings\Administrator\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll File not found
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll File not found
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/...h2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.98.cab (CPlayFirstDinerDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F5351932-01DC-4AA4-BBDF-F55045F4262D}\\NameServer = 85.255.112.62,85.255.112.231
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Filter: - text/xml - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - AppInit_DLLs: (apyovd.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\lowagaje.dll) - c:\windows\system32\lowagaje.dll File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nulutuni.dll) - C:\WINDOWS\system32\nulutuni.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c0015C08: DllName - C:\WINDOWS\system32\__c0015C08.dat - C:\WINDOWS\system32\__c0015C08.dat ()
O20 - Winlogon\Notify\efcDVonl: DllName - efcDVonl.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lowagaje.dll File not found
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - sdfsefsfdvdubgiungfuyd - C:\WINDOWS\system32\afnoinkdsfe.dll ()
O22 - SharedTaskScheduler: {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - STS - c:\windows\system32\lowagaje.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\efcDVonl.dll File not found
O29 - HKLM SecurityProviders - (digeste.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnoLEvW) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/07 22:42:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f715d7c0-1194-11dd-b782-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f715d7c0-1194-11dd-b782-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f715d7c0-1194-11dd-b782-806d6172696f}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/20 09:12:41 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/05/20 10:33:56 | 00,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/20 10:33:56 | 00,023,552 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/20 10:33:56 | 00,023,552 | -HS- | C] ( ) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/20 10:33:56 | 00,000,655 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/20 10:31:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/20 10:19:07 | 00,118,784 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2009/05/20 09:22:52 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/20 09:22:52 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 09:22:50 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/20 09:22:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/20 09:22:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/20 09:13:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/20 09:12:41 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\NTREGOPT.lnk
[2009/05/20 09:12:41 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\ERUNT.lnk
[2009/05/20 09:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/20 09:00:55 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\Desktop\MalWare Removal
[2009/05/20 08:37:24 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/20 08:24:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/05/20 04:39:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/05/20 04:28:04 | 00,000,708 | ---- | C] () -- C:\WINDOWS\System32\sft.res
[2009/05/18 09:34:27 | 00,000,366 | ---- | C] () -- C:\xcrashdump.dat
[2009/05/18 07:25:55 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\__c0015C08.dat
[2009/05/17 16:00:54 | 00,109,567 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2009/05/17 16:00:53 | 00,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2009/05/17 15:48:37 | 00,000,000 | ---D | C] -- C:\Intel
[2009/05/17 15:46:22 | 00,000,046 | ---- | C] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/05/17 15:46:15 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\afnoinkdsfe.dll
[2009/05/17 15:46:13 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\ak1.exe
[2009/05/17 14:29:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/17 14:29:18 | 10,646,24128 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/17 14:27:15 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/05/17 14:27:15 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/05/17 14:27:15 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/05/17 14:27:15 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/05/17 14:27:14 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/05/17 14:27:14 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/05/17 14:26:59 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/17 14:26:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/05/17 14:26:53 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/05/17 14:26:53 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/05/17 14:26:51 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/17 14:26:51 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/17 14:26:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/05/17 14:26:49 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/05/17 14:26:49 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/05/17 14:26:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/17 14:26:48 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/17 14:26:48 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/17 14:26:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/17 14:26:48 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/17 14:26:46 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/05/17 14:26:44 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/05/17 14:26:44 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/05/17 14:26:44 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/17 14:26:42 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/05/17 14:26:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/05/17 14:26:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/05/17 14:26:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/05/17 14:26:41 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/05/17 14:26:41 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/17 14:26:41 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/17 14:26:40 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/17 14:26:40 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/17 14:26:38 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/05/17 14:26:37 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/05/17 14:26:37 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/05/17 14:26:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/05/17 14:26:36 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/17 14:26:35 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2009/05/17 14:26:34 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/05/17 14:26:34 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/05/17 14:26:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/05/17 14:26:34 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/17 14:26:33 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/05/17 14:26:33 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/05/17 14:26:33 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/05/17 14:26:33 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/05/17 14:26:33 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2009/05/17 14:26:33 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/05/17 14:26:33 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/17 14:26:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/05/17 14:26:32 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/05/17 14:26:32 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/17 14:26:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2009/05/17 14:26:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/17 14:26:31 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/05/17 14:26:31 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/17 14:26:31 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/17 14:26:31 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/17 14:26:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/17 14:26:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/17 14:26:31 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/17 14:26:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/17 14:26:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/17 14:26:30 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/17 14:26:30 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/17 14:26:30 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/17 14:26:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/17 14:26:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/17 14:26:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/17 14:26:30 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/17 14:26:29 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/05/17 14:26:29 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/05/17 14:26:29 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/05/17 14:26:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/17 14:26:26 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2009/05/17 14:26:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/17 14:26:25 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/17 14:26:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2009/05/17 14:26:23 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/05/17 14:26:23 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/17 14:26:23 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/17 14:26:23 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/05/17 14:26:23 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/05/17 14:26:23 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/05/17 14:26:23 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/05/17 14:26:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/05/17 14:26:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/17 14:26:21 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/05/17 14:26:19 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/05/17 14:26:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/17 14:26:18 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/05/17 14:26:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/05/17 14:26:15 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/17 14:26:15 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/05/17 14:26:15 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/05/17 14:26:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/17 14:26:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/17 14:26:14 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/05/17 14:26:14 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/05/17 14:26:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/17 14:26:13 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/17 14:26:09 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/17 14:26:08 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/05/17 14:26:07 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/17 14:26:04 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/05/17 14:26:02 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/05/17 14:25:59 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/05/17 14:25:56 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/05/17 14:25:54 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/05/17 14:25:53 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/17 14:25:53 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/17 14:25:53 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/05/17 14:25:53 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/17 14:25:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/17 14:25:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/05/17 14:25:51 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/05/17 14:25:51 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/17 14:25:51 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/05/17 14:25:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/05/17 14:25:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/05/17 14:25:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/05/17 14:25:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/05/17 14:25:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/05/17 14:25:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/05/17 14:25:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/05/17 14:25:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/05/17 14:25:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/05/17 14:25:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/05/17 14:25:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/05/17 14:25:44 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/05/17 14:25:44 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/17 14:25:44 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/17 14:25:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/17 14:25:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/05/17 14:25:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/05/17 14:25:43 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/05/17 14:25:42 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/05/17 14:25:42 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/17 14:25:41 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/05/17 14:25:41 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/05/17 14:25:39 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/05/17 14:25:39 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/05/17 14:25:39 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/05/17 14:25:39 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/17 14:25:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/05/17 14:25:39 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/17 14:25:39 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/05/17 14:25:38 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/05/17 14:25:33 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/05/17 14:25:33 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/05/17 14:25:32 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/05/17 14:25:32 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/05/17 14:25:32 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/05/17 14:25:32 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/05/17 14:25:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/05/17 14:25:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/05/17 14:25:30 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/05/17 14:25:30 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/05/17 14:25:29 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/05/17 14:25:29 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/05/17 14:25:29 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/05/17 14:25:29 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2009/05/17 14:25:29 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/05/17 14:25:29 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/05/17 14:25:29 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/05/17 14:25:28 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/05/17 14:25:28 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2009/05/17 14:25:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/05/17 14:25:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/05/17 14:25:28 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/05/17 14:25:28 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/05/17 14:25:28 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/05/17 14:25:28 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/05/17 14:25:28 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/05/17 14:25:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/05/17 14:25:27 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/05/17 14:25:27 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2009/05/17 14:25:27 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/05/17 14:25:27 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/05/17 14:25:27 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/05/17 14:25:27 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/05/17 14:25:27 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/05/17 14:25:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/05/17 14:25:26 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/05/17 14:25:26 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/05/17 14:25:26 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/05/17 14:25:26 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/17 14:25:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/05/17 14:25:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/17 14:25:25 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/17 14:25:24 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/05/17 14:25:24 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/05/17 14:25:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/17 14:25:24 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/05/17 14:25:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/05/17 14:25:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/17 14:25:23 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/17 14:25:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/17 14:25:17 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2009/05/17 14:25:16 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/05/17 14:25:15 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/17 14:25:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/17 14:25:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/17 14:25:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/17 14:25:14 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/05/17 14:25:13 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/05/17 14:25:13 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/05/17 14:25:13 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2009/05/17 14:25:12 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/05/17 14:25:12 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/05/17 14:25:12 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/05/17 14:25:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/05/17 14:25:11 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/05/17 14:25:11 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/05/17 14:25:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/05/17 14:25:11 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/05/17 14:25:10 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/05/17 14:25:10 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/05/17 14:25:10 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/17 14:25:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/17 14:25:10 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/17 14:25:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/05/17 14:25:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/05/17 14:25:09 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/05/17 14:25:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/05/17 14:25:09 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/17 14:25:09 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/05/17 14:25:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/05/17 14:25:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/05/17 14:25:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/05/17 14:25:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/05/17 14:25:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/05/17 14:25:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/05/17 14:25:05 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/05/17 14:25:05 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/05/17 14:25:05 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/05/17 14:25:05 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/05/17 14:25:05 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/05/17 14:25:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/05/17 14:25:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/05/17 14:25:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/05/17 14:25:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/05/17 14:25:03 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/17 14:25:02 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/05/17 14:25:02 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/05/17 14:25:02 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/05/17 14:25:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/05/17 14:25:01 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/05/17 14:25:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/05/17 14:25:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/17 14:24:59 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/05/17 14:24:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/17 14:24:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/17 14:24:58 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/05/17 14:24:58 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/05/17 14:24:58 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/17 14:24:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/05/17 14:24:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/05/17 14:24:56 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/17 14:24:56 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/05/17 14:24:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/17 14:24:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/17 14:24:55 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2009/05/17 14:24:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2009/05/17 14:24:52 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/05/17 14:24:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/05/17 14:24:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/05/17 14:24:50 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2009/05/17 14:24:50 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/05/17 14:24:50 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/05/17 14:24:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/05/17 14:24:46 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/05/17 14:24:45 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/05/17 14:24:45 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/05/17 14:24:45 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/05/17 14:24:45 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/05/17 14:24:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/17 14:24:44 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/05/17 14:24:44 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/05/17 14:24:44 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/05/17 14:24:44 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/05/17 14:24:44 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/05/17 14:24:44 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/05/17 14:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/05/17 14:24:43 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/05/17 14:24:43 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/05/17 14:24:43 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/05/17 14:24:43 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/05/17 14:24:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/05/17 14:24:42 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/05/17 14:24:42 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/05/17 14:24:42 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/05/17 14:24:42 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/05/17 14:24:42 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/05/17 14:24:42 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/05/17 14:24:42 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/05/17 14:24:42 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/05/17 14:24:41 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/05/17 14:24:41 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/05/17 14:24:41 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/05/17 14:24:41 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/05/17 14:24:40 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/05/17 14:24:40 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/05/17 14:24:40 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/05/17 14:24:40 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/05/17 14:24:40 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/05/17 14:24:39 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/05/17 14:24:39 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/05/17 14:24:39 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/05/17 14:24:39 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/05/17 14:24:38 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/05/17 14:24:38 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/05/17 14:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/05/17 14:23:21 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/17 14:14:03 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/05/17 14:14:03 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/05/17 14:14:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/05/17 14:14:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/05/17 12:40:12 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/05/17 12:40:12 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/05/17 12:40:12 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/05/17 12:40:12 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/05/17 12:40:12 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/05/17 12:40:12 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/05/17 12:40:12 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/05/17 12:40:12 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/05/17 12:40:12 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/05/17 12:40:12 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/05/17 12:40:12 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/05/17 12:40:12 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/05/17 12:40:12 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/05/17 12:40:12 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/05/17 12:40:12 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/05/17 12:40:12 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/05/17 12:40:12 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/05/17 12:40:11 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/05/17 12:40:11 | 00,504,678 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/05/16 20:11:54 | 00,001,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/05/16 20:11:42 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/16 20:11:42 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/16 20:11:42 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/16 20:11:42 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/16 20:11:42 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/16 20:11:41 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/16 20:11:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/16 17:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/05/16 15:52:53 | 01,433,106 | -HS- | C] () -- C:\WINDOWS\System32\azutoveh.ini
[2009/05/16 13:48:59 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/05/16 13:48:59 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2009/05/16 11:07:00 | 00,000,439 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/05/15 21:46:43 | 01,406,518 | -HS- | C] () -- C:\WINDOWS\System32\osipunej.ini
[2009/05/15 21:42:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ptidle
[2009/05/15 18:05:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/15 09:36:53 | 00,108,336 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\My Documents\Photoshop CS4 — Lisez-moi.pdf
[2009/05/15 09:36:53 | 00,103,148 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\My Documents\Léame de Photoshop CS4.pdf
[2009/05/15 09:36:53 | 00,065,686 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\My Documents\Photoshop CS4 Read Me.pdf
[2009/05/15 09:26:13 | 00,620,111 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\scan0001.jpg
[2009/05/15 09:21:00 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\My Documents\My Albums
[2009/05/15 09:07:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Download Manager
[2009/05/15 09:06:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/11 21:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/11 21:06:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/05/11 21:05:54 | 00,000,000 | -H-D | C] -- C:\Program Files\PC Tools AntiVirus
[2009/05/11 20:54:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/11 20:16:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
[2009/05/11 20:16:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/11 19:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Apps
[2009/05/09 10:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/05/08 01:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\AOL Radio Toolbar
[2009/05/08 01:14:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/05/08 00:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dtuser
[2009/05/08 00:45:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\aAvgApi
[2009/05/07 22:42:15 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/05/07 22:42:15 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/05/07 22:28:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/05/07 19:50:54 | 00,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/05/07 07:04:28 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/05/07 07:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\I386
[2009/05/06 13:25:10 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/05/05 16:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/05 16:47:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/05/05 16:04:24 | 00,457,976 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\My Documents\PowerPointRibbon.pdf
[2009/05/05 11:08:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ADMINI~1\My Documents\ICCTT
[2009/05/02 22:00:35 | 00,000,000 | ---D | C] -- C:\Program Files\Ice Cream Craze Tycoon Takeover
[2009/04/29 20:04:12 | 00,001,629 | ---- | C] () -- C:\DOCUME~1\ADMINI~1\Desktop\Diaper Dash.lnk
[2009/04/29 20:04:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Diaper Dash
[2009/04/29 20:04:02 | 00,000,000 | ---D | C] -- C:\Program Files\Diaper Dash
[2009/04/28 19:24:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/04/23 09:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar
[2009/04/23 04:35:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/23 04:35:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/02/09 12:48:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/12/13 23:14:00 | 01,647,120 | ---- | C] () -- C:\WINDOWS\System32\bscbiawe.ini
[2008/12/13 23:07:56 | 00,890,516 | ---- | C] () -- C:\WINDOWS\System32\WvELonnn.ini2
[2008/12/13 23:07:54 | 00,890,516 | ---- | C] () -- C:\WINDOWS\System32\WvELonnn.ini
[2008/09/24 21:46:42 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/23 12:23:02 | 00,000,394 | ---- | C] () -- C:\WINDOWS\XCrashReport.ini
[2008/05/23 11:58:27 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008/05/19 18:11:01 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll
[2008/05/04 10:09:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/04/23 21:44:24 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/06 13:30:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/06 13:19:24 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/12/06 13:19:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/12/06 13:19:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/12/06 13:19:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/12/06 13:19:23 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/12/06 13:19:23 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/12/06 13:03:30 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/12/06 13:03:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/04/25 13:32:30 | 00,000,645 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/04/25 06:19:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/28 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/08 06:12:22 | 00,000,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/05/20 10:36:16 | 00,023,552 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/20 10:36:01 | 00,000,366 | ---- | M] () -- C:\xcrashdump.dat
[2009/05/20 10:33:56 | 00,028,672 | ---- | M] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/20 10:33:56 | 00,023,552 | -HS- | M] ( ) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/20 10:33:56 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/20 10:19:25 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/20 10:19:24 | 00,000,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/20 10:19:07 | 00,118,784 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2009/05/20 10:18:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/20 10:18:54 | 10,646,24128 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/20 10:18:54 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/20 10:17:47 | 00,000,645 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/20 10:17:47 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/20 10:17:47 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/05/20 10:13:50 | 00,000,310 | ---- | M] () -- C:\WINDOWS\tasks\npysvzdz.job
[2009/05/20 09:22:52 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/20 09:12:41 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\NTREGOPT.lnk
[2009/05/20 09:12:41 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\ERUNT.lnk
[2009/05/20 08:37:24 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/20 08:34:34 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/20 04:28:04 | 00,000,708 | ---- | M] () -- C:\WINDOWS\System32\sft.res
[2009/05/19 18:36:55 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\__c0015C08.dat
[2009/05/17 19:56:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/17 16:12:15 | 00,109,064 | ---- | M] () -- C:\WINDOWS\hpoins08.dat
[2009/05/17 16:01:12 | 00,109,567 | ---- | M] () -- C:\WINDOWS\hpoins08.dat.temp
[2009/05/17 15:46:22 | 00,000,046 | ---- | M] () -- C:\WINDOWS\System32\p2hhr.bat
[2009/05/17 15:46:15 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\afnoinkdsfe.dll
[2009/05/17 15:46:14 | 00,023,040 | ---- | M] () -- C:\WINDOWS\System32\ak1.exe
[2009/05/17 14:35:42 | 00,481,162 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 14:35:42 | 00,408,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 14:35:42 | 00,064,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 14:27:51 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/17 14:24:22 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/05/17 14:24:18 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/17 14:24:17 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/17 14:24:17 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/17 14:24:06 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/17 14:23:21 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/05/17 14:23:21 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/05/17 14:22:13 | 00,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/17 14:13:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/05/17 14:13:54 | 00,000,062 | -HS- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\desktop.ini
[2009/05/17 12:47:41 | 00,226,659 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/05/16 21:13:15 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jejepabo
[2009/05/16 20:11:54 | 00,001,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Avira AntiVir Control Center.lnk
[2009/05/16 16:57:58 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/05/16 16:14:14 | 01,433,106 | -HS- | M] () -- C:\WINDOWS\System32\azutoveh.ini
[2009/05/16 13:37:15 | 01,406,518 | -HS- | M] () -- C:\WINDOWS\System32\osipunej.ini
[2009/05/15 18:37:28 | 02,214,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/15 18:24:51 | 00,620,111 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\scan0001.jpg
[2009/05/07 22:42:15 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/07 22:42:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/07 19:50:53 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/05/07 07:04:28 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/05/05 16:04:24 | 00,457,976 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\My Documents\PowerPointRibbon.pdf
[2009/05/02 22:05:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/29 20:04:12 | 00,001,629 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\Desktop\Diaper Dash.lnk
[2009/04/24 17:09:10 | 00,047,616 | ---- | M] () -- C:\DOCUME~1\ADMINI~1\My Documents\Bills.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
*****

Extras.txt
*****
OTListIt Extras logfile created on: 5/20/2009 10:37:02 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop\MalWare Removal
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 671.64 Mb Available Physical Memory | 66.16% Memory free
2.39 Gb Paging File | 2.10 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 40.77 Gb Free Space | 63.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.23 Gb Free Space | 42.23% Space Free | Partition Type: NTFS
Drive E: | 647.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 2.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIRVANA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager File not found
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager File not found
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\GlobalSCAPE\CuteFTP\cutftp32.exe:*:Enabled:Winsock FTP Client File not found
C:\Program Files\CuteFTP\CUTFTP32.EXE:*:Enabled:Winsock FTP Client (GlobalSCAPE, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 (Adobe Systems Incorporated)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\WINDOWS\system32\frmwrk32.exe:*:Enabled:frmwrk32 File not found
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe ()
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe ( )
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Development Company, L.P.)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application File not found
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager File not found
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour File not found
C:\WINDOWS\SMINST\Scheduler.exe:*:Disabled:Scheduler ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4B92A11C-F48F-430A-AB8D-3F7CA80669CD}" = SDMSSplash
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.57
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"AOL Radio Toolbar" = AOL Radio Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belle's Beauty Boutique" = Belle's Beauty Boutique
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CuteFTP" = CuteFTP
"Delicious 2 Deluxe" = Delicious 2 Deluxe
"Diaper Dash1.0.0.112" = Diaper Dash
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"ERUNT_is1" = ERUNT 1.1j
"Free Audio Editor_is1" = Free Audio Editor 2008 v4.9
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"Jane's Hotel" = Jane's Hotel
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mystic Inn_is1" = Mystic Inn
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PDF Complete" = PDF Complete
"SCRABBLE" = SCRABBLE
"Shop for HP Supplies" = Shop for HP Supplies
"Studio365 1.3" = Studio365 1.3
"Studio365-Live" = Studio365-Live
"Turbo Pizza_is1" = Turbo Pizza
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Westward II" = Westward II
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinZip" = WinZip
"WinZip E-Mail Companion" = WinZip E-Mail Companion
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2009 4:36:05 PM | Computer Name = NIRVANA | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/16/2009 5:03:39 PM | Computer Name = NIRVANA | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/16/2009 5:03:50 PM | Computer Name = NIRVANA | Source = Application Hang | ID = 1001
Description = Fault bucket 126637809.

Error - 5/17/2009 2:31:32 PM | Computer Name = NIRVANA | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/17/2009 2:31:45 PM | Computer Name = NIRVANA | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 201 of d:\qxp_slp\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/17/2009 3:51:18 PM | Computer Name = NIRVANA | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706.No valid source could be found
for product DocumentViewer. The Windows Installer cannot continue.

Error - 5/17/2009 3:51:54 PM | Computer Name = NIRVANA | Source = MsiInstaller | ID = 11706
Description = Product: DocumentViewer -- Error 1706.No valid source could be found
for product DocumentViewer. The Windows Installer cannot continue.

Error - 5/19/2009 8:43:53 PM | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.2833, fault address 0x0001b9cb.

Error - 5/20/2009 5:14:01 AM | Computer Name = NIRVANA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00017a8c.

Error - 5/20/2009 9:03:31 AM | Computer Name = NIRVANA | Source = Application Hang | ID = 1002
Description = Hanging application ATF_Cleaner.exe, version 3.0.0.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/20/2009 8:26:29 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCTCore WudfPf

Error - 5/20/2009 8:42:42 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%126

Error - 5/20/2009 8:42:42 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 5/20/2009 8:42:42 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCTCore WudfPf

Error - 5/20/2009 10:14:32 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%126

Error - 5/20/2009 10:14:32 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 5/20/2009 10:14:32 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCTCore WudfPf

Error - 5/20/2009 10:19:11 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7023
Description = The Windows Driver Foundation - User-mode Driver Framework service
terminated with the following error: %%126

Error - 5/20/2009 10:19:11 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%3

Error - 5/20/2009 10:19:11 AM | Computer Name = NIRVANA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCTCore WudfPf


< End of report >
*****
  • 0

Advertisements

#2
Rorschach112
Posted 20 May 2009 - 09:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).



Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\DOCUME~1\ADMINI~1\My Documents\Downloaded Files\crack.rar

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
Selena Nichols
Posted 21 May 2009 - 11:41 PM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for taking this on Rorschach112 and I apologize for taking so long to get back to this.

I had to run ComboFix four times, on the first three attempts I received an error regarding rootkit activity and a request to reboot. After the reboot an error message appeared which directed me to not continue and to download ComboFix again as it had been corrupted by patching software. On the fourth attempt ComboFix noted the rootkit activity again, rebooted and when the machine booted up Avira AV started giving warnings about virus files (even though I had disabled Avira per ComboFix's direction), with a default of "Deny Access". I selected this option on each file Avira found, ComboFix was then able to go through its scanning process successfully (I hope):

*****
ComboFix 09-05-21.01 - Administrator 05/22/2009 1:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.708 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Favorites\Search Online.url
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Administrator\protect.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\NetworkService\protect.dll
c:\program files\iCheck
c:\program files\ThunMail
c:\program files\ThunMail\testabd.dll
c:\program files\ThunMail\testabd.exe
c:\windows\IE4 Error Log.txt
c:\windows\k.txt
c:\windows\system32\__c0015C08.dat
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\azutoveh.ini
c:\windows\system32\bscbiawe.ini
c:\windows\system32\c.ico
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\gxvxcbcrwsaiiqixooitfvmniohusbhqkfmab.sys
c:\windows\system32\drivers\ovfsthtltupqltepwjilruewfkklyxgqwuhypr.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxccptxahmhssmxmxbgecaycxtxbjtmjdbt.dll
c:\windows\system32\lmn_setup.exe
c:\windows\system32\m.ico
c:\windows\system32\osipunej.ini
c:\windows\system32\ovfsthayuuvqpjwymfnjgixwvmchfwbfuvyusg.dll
c:\windows\system32\ovfsthoqsabuarelaqbmskdaxmdvldolkqcayf.dat
c:\windows\system32\ovfsthotnajrjcddriasdowyiskbogixiimqgr.dll
c:\windows\system32\ovfsthrscswnsloxfknaysldtpjboyabfntvtf.dll
c:\windows\system32\ovfsthticoygbcxduvmofltwnsxaalujxkghwy.dat
c:\windows\system32\p2hhr.bat
c:\windows\system32\s.ico
c:\windows\system32\sft.res
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WvELonnn.ini
c:\windows\system32\WvELonnn.ini2
c:\windows\system32\x64
c:\windows\Tasks\npysvzdz.job
c:\windows\wiaserviv.log
C:\xcrashdump.dat
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_ASHEVTSVC
-------\Service_AshEvtSvc


((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 01:19 . 2009-05-22 01:19 136 ----a-w c:\windows\system32\vp_setup.exe.bat
2009-05-22 01:19 . 2009-05-22 01:19 61440 ----a-w c:\windows\system32\vp_setup.exe
2009-05-21 17:06 . 2009-05-21 17:06 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-20 15:26 . 2009-05-20 15:26 -------- d-----w C:\_OTMoveIt
2009-05-20 14:31 . 2009-05-20 14:33 -------- d-----w C:\Rooter$
2009-05-20 13:12 . 2009-05-20 13:12 -------- d-----w c:\program files\ERUNT
2009-05-20 08:39 . 2009-05-20 08:39 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-17 20:01 . 2006-07-21 11:46 155648 ----a-w c:\windows\system32\igfxres.dll
2009-05-17 19:48 . 2009-05-17 19:48 -------- d-----w C:\Intel
2009-05-17 19:46 . 2009-05-17 19:46 15000 ----a-w c:\windows\system32\afnoinkdsfe.dll
2009-05-17 18:27 . 2006-02-28 12:00 4677 -c--a-w c:\windows\system32\dllcache\zeeverm.dll
2009-05-17 18:27 . 2006-02-28 12:00 29760 -c--a-w c:\windows\system32\dllcache\znetm.dll
2009-05-17 18:27 . 2006-02-28 12:00 13894 -c--a-w c:\windows\system32\dllcache\zonelibm.dll
2009-05-17 18:27 . 2006-02-28 12:00 113222 -c--a-w c:\windows\system32\dllcache\zoneclim.dll
2009-05-17 18:27 . 2006-02-28 12:00 41029 -c--a-w c:\windows\system32\dllcache\zcorem.dll
2009-05-17 18:27 . 2006-02-28 12:00 36937 -c--a-w c:\windows\system32\dllcache\zclientm.exe
2009-05-17 18:25 . 2006-02-28 12:00 126976 -c--a-w c:\windows\system32\dllcache\mshearts.exe
2009-05-17 18:24 . 2006-02-28 12:00 369664 -c--a-w c:\windows\system32\dllcache\asp51.dll
2009-05-17 18:14 . 2006-02-28 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-17 18:14 . 2006-02-28 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-17 18:14 . 2006-02-28 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-17 18:14 . 2006-02-28 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-17 16:40 . 2009-05-17 16:40 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-17 00:11 . 2009-03-30 14:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-17 00:11 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-17 00:11 . 2009-02-13 16:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-17 00:11 . 2009-02-13 16:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-17 00:11 . 2009-05-17 00:11 -------- d-----w c:\program files\Avira
2009-05-17 00:11 . 2009-05-17 00:11 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-16 21:14 . 2009-05-16 21:14 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-16 01:42 . 2009-05-17 01:13 -------- d-----w c:\documents and settings\Administrator\Application Data\ptidle
2009-05-15 22:05 . 2009-05-15 22:05 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-15 13:07 . 2009-05-15 13:29 -------- d-----w c:\documents and settings\Administrator\Application Data\Download Manager
2009-05-15 13:06 . 2009-05-15 13:06 -------- d-----w c:\windows\Sun
2009-05-12 01:06 . 2009-05-16 15:07 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 01:05 . 2009-05-16 17:38 -------- d--h--w c:\program files\PC Tools AntiVirus
2009-05-12 00:16 . 2009-05-12 00:16 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-05-12 00:16 . 2009-05-20 10:18 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-09 14:31 . 2009-05-09 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-08 05:35 . 2009-05-08 05:35 -------- d-----w c:\program files\AOL Radio Toolbar
2009-05-08 04:46 . 2009-05-08 04:46 -------- d-----w c:\documents and settings\Administrator\Application Data\dtuser
2009-05-08 04:45 . 2009-05-08 04:45 -------- d-----w c:\documents and settings\Administrator\Application Data\aAvgApi
2009-05-07 11:04 . 2009-05-07 11:04 60 ----a-w c:\windows\system32\SYSDRV.DAT
2009-05-07 11:04 . 2009-05-07 11:04 -------- d-----w c:\windows\I386
2009-05-05 20:48 . 2009-05-15 13:32 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\WinZip
2009-05-05 20:47 . 2009-05-05 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-05-03 02:00 . 2009-05-07 10:48 -------- d-----w c:\program files\Ice Cream Craze Tycoon Takeover
2009-05-02 13:14 . 2009-05-02 13:14 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\AOL Radio Toolbar
2009-04-30 00:04 . 2009-04-30 00:04 -------- d-----w c:\program files\Diaper Dash
2009-04-30 00:04 . 2009-04-30 00:04 -------- d-----w c:\windows\Diaper Dash
2009-04-23 13:57 . 2009-04-23 13:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\AOL Radio Toolbar
2009-04-23 13:57 . 2009-04-23 13:57 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Radio Toolbar
2009-04-23 08:35 . 2009-05-07 10:48 -------- d-----w c:\program files\QuickTime
2009-04-23 08:35 . 2009-04-23 08:35 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 15:29 . 2008-04-24 00:29 26856 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 20:12 . 2008-04-24 01:44 109064 ----a-w c:\windows\hpoins08.dat
2009-05-17 18:22 . 2006-04-25 17:27 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-17 18:22 . 2009-05-17 18:21 1663 ----a-w c:\windows\inf\COMA5.tmp
2009-05-16 20:45 . 2008-12-22 14:13 26856 ----a-w c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:10 . 2008-04-25 06:07 -------- d-----w c:\program files\GameHouse
2009-05-15 22:33 . 2007-12-06 17:18 -------- d-----w c:\program files\Common Files\Adobe
2009-05-08 05:14 . 2007-12-06 17:21 -------- d-----w c:\program files\Symantec
2009-05-08 05:14 . 2007-12-06 17:21 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-08 05:14 . 2007-12-06 17:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-07 11:02 . 2008-04-24 00:25 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-05-07 11:02 . 2008-04-24 00:25 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-05-07 10:55 . 2008-04-24 00:24 -------- d-----w c:\program files\Program Shortcuts
2009-05-07 10:55 . 2007-12-06 17:18 -------- d-----w c:\program files\Realtek
2009-05-07 10:55 . 2007-12-06 17:20 -------- d-----w c:\program files\PDF Complete
2009-05-07 10:55 . 2007-12-06 17:02 -------- d-----w c:\program files\microsoft frontpage
2009-05-07 10:54 . 2007-12-06 17:19 -------- d-----w c:\program files\InterVideo
2009-05-07 10:54 . 2007-12-06 17:18 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 10:54 . 2007-12-06 17:19 -------- d-----w c:\program files\HPQ
2009-05-07 10:54 . 2008-04-24 01:49 -------- d-----w c:\program files\HP
2009-05-07 10:53 . 2007-12-06 17:15 -------- d-----w c:\program files\Hewlett-Packard
2009-05-07 10:53 . 2007-12-06 17:20 -------- d-----w c:\program files\Compaq
2009-05-07 10:53 . 2008-04-24 01:55 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-07 10:53 . 2007-12-06 17:19 -------- d-----w c:\program files\Common Files\InterVideo
2009-05-07 10:53 . 2007-12-06 17:16 -------- d-----w c:\program files\Common Files\Java
2009-05-07 10:53 . 2007-12-06 17:18 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 10:53 . 2008-04-24 01:54 -------- d-----w c:\program files\Common Files\HP
2009-05-07 10:53 . 2008-04-24 01:51 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-07 10:53 . 2007-12-06 17:17 -------- d-----w c:\program files\Broadcom
2009-05-07 10:50 . 2008-04-24 01:55 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-05-07 10:50 . 2007-12-06 17:21 -------- d-----w c:\documents and settings\Administrator\Application Data\Symantec
2009-05-07 10:50 . 2007-12-06 17:19 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-07 10:48 . 2008-04-27 21:50 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-07 10:48 . 2008-04-25 05:18 -------- d-----w c:\program files\Viewpoint
2009-05-07 10:48 . 2008-10-12 14:35 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-07 10:48 . 2008-11-22 20:59 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-07 10:48 . 2008-11-16 19:08 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-07 10:48 . 2008-10-12 14:40 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-07 10:48 . 2008-05-17 15:14 -------- d-----w c:\program files\AMT
2009-05-07 10:48 . 2008-04-25 05:19 -------- d-----w c:\program files\AIMTunes
2009-05-07 10:48 . 2008-04-25 05:17 -------- d-----w c:\program files\AIM6
2009-05-07 10:48 . 2008-09-08 00:11 -------- d-----w c:\program files\7-Zip
2009-05-07 10:47 . 2008-08-28 23:03 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-05-07 10:47 . 2008-06-25 23:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-05-07 10:47 . 2009-04-04 18:30 -------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst
2009-05-07 10:47 . 2008-06-25 23:54 -------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-05-05 01:36 . 2008-11-19 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-02 01:54 . 2008-05-23 22:07 -------- d-----w c:\documents and settings\Administrator\Application Data\Free Audio Editor
2009-04-28 23:24 . 2009-04-28 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-21 00:38 . 2008-11-02 14:47 0 ------w c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
2009-04-20 23:29 . 2008-05-23 22:07 -------- d-----w c:\program files\Free Audio Editor
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2BA40A1-74F3-42BD-F434-12345A2C8953}]
2009-05-17 19:46 15000 ----a-w c:\windows\system32\afnoinkdsfe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C2BA40A1-74F3-42BD-F434-12345A2C8953}"= "c:\windows\system32\afnoinkdsfe.dll" [2009-05-17 15000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCTAVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CuteFTP\\CUTFTP32.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 8:11 PM 108289]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12/6/2007 1:20 PM 540184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [12/6/2007 1:23 PM 57344]
.
Contents of the 'Scheduled Tasks' folder

2009-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ptidle - c:\documents and settings\Administrator\Application Data\ptidle\ptidle.exe
HKCU-Run-Aim6 - (no file)
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\agpoii6y.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3864905406.exe
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
HKU-Default-Run-A00FE3C49.exe - c:\windows\TEMP\_A00FE3C49.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lowagaje.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\efcDVonl.dll
Notify-__c0015C08 - c:\windows\system32\__c0015C08.dat
Notify-efcDVonl - efcDVonl.dll
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z9803q1w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z9803q1w.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 01:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\imapi.exe
c:\program files\Avira\AntiVir Desktop\guardgui.exe
.
**************************************************************************
.
Completion time: 2009-05-22 1:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 05:33

Pre-Run: 43,864,702,976 bytes free
Post-Run: 43,801,653,248 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
301 --- E O F --- 2009-04-29 03:36
*****
  • 0

#4
Rorschach112
Posted 22 May 2009 - 07:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

folder::
c:\documents and settings\Administrator\Application Data\ptidle
file::
c:\windows\system32\vp_setup.exe.bat
c:\windows\system32\vp_setup.exe
c:\windows\system32\afnoinkdsfe.dll
c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat


Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#5
Selena Nichols
Posted 22 May 2009 - 08:06 AM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I should have mentioned this in my previous post- When I attempt to run ComboFix it indicates that PC Tools Antivirus is still running. I cannot find PC Tools on my machine at all anymore and I do not know which application to terminate in Task Manager to shut it down. Should I run the CFScript/ComboFix at this time if I cannot disable PC Tools AV?

Thanks
  • 0

#6
Rorschach112
Posted 22 May 2009 - 08:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes just go ahead with it
  • 0

#7
Selena Nichols
Posted 22 May 2009 - 08:18 AM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
CFScript log

*****
ComboFix 09-05-21.03 - Administrator 05/22/2009 10:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.696 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: PC Tools AntiVirus 6.0.0.19 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}

FILE ::
c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\afnoinkdsfe.dll
c:\windows\system32\vp_setup.exe
c:\windows\system32\vp_setup.exe.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\ptidle
c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\vp_setup.exe
c:\windows\system32\vp_setup.exe.bat

.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-22 12:54 . 2009-05-22 12:54 -------- d-----w c:\windows\LastGood
2009-05-21 17:06 . 2009-05-21 17:06 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-20 15:26 . 2009-05-20 15:26 -------- d-----w C:\_OTMoveIt
2009-05-20 14:31 . 2009-05-20 14:33 -------- d-----w C:\Rooter$
2009-05-20 13:12 . 2009-05-20 13:12 -------- d-----w c:\program files\ERUNT
2009-05-20 08:39 . 2009-05-20 08:39 -------- d--h--w c:\windows\system32\GroupPolicy
2009-05-17 20:01 . 2006-07-21 11:46 155648 ----a-w c:\windows\system32\igfxres.dll
2009-05-17 19:48 . 2009-05-17 19:48 -------- d-----w C:\Intel
2009-05-17 18:27 . 2006-02-28 12:00 4677 -c--a-w c:\windows\system32\dllcache\zeeverm.dll
2009-05-17 18:27 . 2006-02-28 12:00 29760 -c--a-w c:\windows\system32\dllcache\znetm.dll
2009-05-17 18:27 . 2006-02-28 12:00 13894 -c--a-w c:\windows\system32\dllcache\zonelibm.dll
2009-05-17 18:27 . 2006-02-28 12:00 113222 -c--a-w c:\windows\system32\dllcache\zoneclim.dll
2009-05-17 18:27 . 2006-02-28 12:00 41029 -c--a-w c:\windows\system32\dllcache\zcorem.dll
2009-05-17 18:27 . 2006-02-28 12:00 36937 -c--a-w c:\windows\system32\dllcache\zclientm.exe
2009-05-17 18:25 . 2006-02-28 12:00 126976 -c--a-w c:\windows\system32\dllcache\mshearts.exe
2009-05-17 18:24 . 2006-02-28 12:00 369664 -c--a-w c:\windows\system32\dllcache\asp51.dll
2009-05-17 18:14 . 2006-02-28 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-05-17 18:14 . 2006-02-28 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-05-17 18:14 . 2006-02-28 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-05-17 18:14 . 2006-02-28 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-05-17 16:40 . 2009-05-17 16:40 -------- d-s---w c:\windows\system32\config\systemprofile\History
2009-05-17 00:11 . 2009-03-30 14:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-17 00:11 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-17 00:11 . 2009-02-13 16:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-17 00:11 . 2009-02-13 16:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-17 00:11 . 2009-05-17 00:11 -------- d-----w c:\program files\Avira
2009-05-17 00:11 . 2009-05-17 00:11 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-16 21:14 . 2009-05-16 21:14 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-15 22:05 . 2009-05-15 22:05 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-15 13:07 . 2009-05-15 13:29 -------- d-----w c:\documents and settings\Administrator\Application Data\Download Manager
2009-05-15 13:06 . 2009-05-15 13:06 -------- d-----w c:\windows\Sun
2009-05-12 01:06 . 2009-05-16 15:07 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-12 00:16 . 2009-05-12 00:16 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-05-12 00:16 . 2009-05-20 10:18 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-09 14:31 . 2009-05-09 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-05-08 05:35 . 2009-05-08 05:35 -------- d-----w c:\program files\AOL Radio Toolbar
2009-05-08 04:46 . 2009-05-08 04:46 -------- d-----w c:\documents and settings\Administrator\Application Data\dtuser
2009-05-08 04:45 . 2009-05-08 04:45 -------- d-----w c:\documents and settings\Administrator\Application Data\aAvgApi
2009-05-07 11:04 . 2009-05-07 11:04 60 ----a-w c:\windows\system32\SYSDRV.DAT
2009-05-07 11:04 . 2009-05-07 11:04 -------- d-----w c:\windows\I386
2009-05-05 20:48 . 2009-05-15 13:32 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\WinZip
2009-05-05 20:47 . 2009-05-05 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-05-03 02:00 . 2009-05-07 10:48 -------- d-----w c:\program files\Ice Cream Craze Tycoon Takeover
2009-05-02 13:14 . 2009-05-02 13:14 -------- d-----w c:\documents and settings\John\Local Settings\Application Data\AOL Radio Toolbar
2009-04-30 00:04 . 2009-04-30 00:04 -------- d-----w c:\program files\Diaper Dash
2009-04-30 00:04 . 2009-04-30 00:04 -------- d-----w c:\windows\Diaper Dash
2009-04-23 13:57 . 2009-04-23 13:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\AOL Radio Toolbar
2009-04-23 13:57 . 2009-04-23 13:57 -------- d-----w c:\documents and settings\All Users\Application Data\AOL Radio Toolbar
2009-04-23 08:35 . 2009-05-07 10:48 -------- d-----w c:\program files\QuickTime
2009-04-23 08:35 . 2009-04-23 08:35 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 15:29 . 2008-04-24 00:29 26856 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 20:12 . 2008-04-24 01:44 109064 ----a-w c:\windows\hpoins08.dat
2009-05-17 18:22 . 2006-04-25 17:27 23428 ----a-w c:\windows\system32\emptyregdb.dat
2009-05-17 18:22 . 2009-05-17 18:21 1663 ----a-w c:\windows\inf\COMA5.tmp
2009-05-16 20:45 . 2008-12-22 14:13 26856 ----a-w c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 15:10 . 2008-04-25 06:07 -------- d-----w c:\program files\GameHouse
2009-05-15 22:33 . 2007-12-06 17:18 -------- d-----w c:\program files\Common Files\Adobe
2009-05-08 05:14 . 2007-12-06 17:21 -------- d-----w c:\program files\Symantec
2009-05-08 05:14 . 2007-12-06 17:21 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-08 05:14 . 2007-12-06 17:21 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-07 11:02 . 2008-04-24 00:25 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-05-07 11:02 . 2008-04-24 00:25 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-05-07 10:55 . 2008-04-24 00:24 -------- d-----w c:\program files\Program Shortcuts
2009-05-07 10:55 . 2007-12-06 17:18 -------- d-----w c:\program files\Realtek
2009-05-07 10:55 . 2007-12-06 17:20 -------- d-----w c:\program files\PDF Complete
2009-05-07 10:55 . 2007-12-06 17:02 -------- d-----w c:\program files\microsoft frontpage
2009-05-07 10:54 . 2007-12-06 17:19 -------- d-----w c:\program files\InterVideo
2009-05-07 10:54 . 2007-12-06 17:18 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-07 10:54 . 2007-12-06 17:19 -------- d-----w c:\program files\HPQ
2009-05-07 10:54 . 2008-04-24 01:49 -------- d-----w c:\program files\HP
2009-05-07 10:53 . 2007-12-06 17:15 -------- d-----w c:\program files\Hewlett-Packard
2009-05-07 10:53 . 2007-12-06 17:20 -------- d-----w c:\program files\Compaq
2009-05-07 10:53 . 2008-04-24 01:55 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-07 10:53 . 2007-12-06 17:19 -------- d-----w c:\program files\Common Files\InterVideo
2009-05-07 10:53 . 2007-12-06 17:16 -------- d-----w c:\program files\Common Files\Java
2009-05-07 10:53 . 2007-12-06 17:18 -------- d-----w c:\program files\Common Files\InstallShield
2009-05-07 10:53 . 2008-04-24 01:54 -------- d-----w c:\program files\Common Files\HP
2009-05-07 10:53 . 2008-04-24 01:51 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-05-07 10:53 . 2007-12-06 17:17 -------- d-----w c:\program files\Broadcom
2009-05-07 10:50 . 2008-04-24 01:55 -------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-05-07 10:50 . 2007-12-06 17:21 -------- d-----w c:\documents and settings\Administrator\Application Data\Symantec
2009-05-07 10:50 . 2007-12-06 17:19 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield
2009-05-07 10:48 . 2008-04-27 21:50 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-07 10:48 . 2008-04-25 05:18 -------- d-----w c:\program files\Viewpoint
2009-05-07 10:48 . 2008-10-12 14:35 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-07 10:48 . 2008-11-22 20:59 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-05-07 10:48 . 2008-11-16 19:08 -------- d-----w c:\program files\Microsoft ActiveSync
2009-05-07 10:48 . 2008-10-12 14:40 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-07 10:48 . 2008-05-17 15:14 -------- d-----w c:\program files\AMT
2009-05-07 10:48 . 2008-04-25 05:19 -------- d-----w c:\program files\AIMTunes
2009-05-07 10:48 . 2008-04-25 05:17 -------- d-----w c:\program files\AIM6
2009-05-07 10:48 . 2008-09-08 00:11 -------- d-----w c:\program files\7-Zip
2009-05-07 10:47 . 2008-08-28 23:03 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-05-07 10:47 . 2008-06-25 23:54 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-05-07 10:47 . 2009-04-04 18:30 -------- d-----w c:\documents and settings\Administrator\Application Data\PlayFirst
2009-05-07 10:47 . 2008-06-25 23:54 -------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-05-05 01:36 . 2008-11-19 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-02 01:54 . 2008-05-23 22:07 -------- d-----w c:\documents and settings\Administrator\Application Data\Free Audio Editor
2009-04-28 23:24 . 2009-04-28 23:24 -------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo
2009-04-20 23:29 . 2008-05-23 22:07 -------- d-----w c:\program files\Free Audio Editor
.

((((((((((((((((((((((((((((( SnapShot@2009-05-22_05.27.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-28 02:00 . 2008-10-16 18:09 51224 c:\windows\system32\wuauclt.exe
+ 2006-02-28 02:00 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-02-28 12:00 . 2008-10-16 18:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2006-02-28 12:00 . 2008-10-16 18:09 92696 c:\windows\system32\cdm.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 22240 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\spcustom.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 13536 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\spmsg.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 15360 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\msisip.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 78848 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\msiexec.exe
+ 2009-05-22 12:54 . 2006-02-28 12:00 36864 c:\windows\LastGood\system32\wups.dll
+ 2009-05-22 12:54 . 2006-02-28 12:00 66560 c:\windows\LastGood\system32\cdm.dll
+ 2006-02-28 02:00 . 2008-10-16 18:13 202776 c:\windows\system32\wuweb.dll
+ 2006-02-28 02:00 . 2008-10-16 18:12 323608 c:\windows\system32\wucltui.dll
+ 2006-02-28 02:00 . 2008-10-16 18:12 561688 c:\windows\system32\wuapi.dll
+ 2006-02-28 02:00 . 2008-10-16 18:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2006-02-28 02:00 . 2008-10-16 18:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2006-02-28 02:00 . 2008-10-16 18:12 561688 c:\windows\system32\dllcache\wuapi.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 371936 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\updspapi.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 718048 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\update\update.exe
- 2005-05-04 18:45 . 2005-05-04 18:45 209632 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\spuninst.exe
- 2005-05-04 18:45 . 2005-05-04 18:45 884736 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\msimsg.dll
- 2005-05-04 18:45 . 2005-05-04 18:45 271360 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\msihnd.dll
+ 2009-05-22 12:54 . 2006-02-28 12:00 120320 c:\windows\LastGood\system32\wuweb.dll
+ 2009-05-22 12:54 . 2006-02-28 12:00 112640 c:\windows\LastGood\system32\wucltui.dll
+ 2009-05-22 12:54 . 2006-02-28 12:00 111104 c:\windows\LastGood\system32\wuauclt.exe
+ 2009-05-22 12:54 . 2006-02-28 12:00 430592 c:\windows\LastGood\system32\wuapi.dll
+ 2006-02-28 02:00 . 2008-10-16 18:13 1809944 c:\windows\system32\wuaueng.dll
+ 2006-02-28 02:00 . 2008-10-16 18:13 1809944 c:\windows\system32\dllcache\wuaueng.dll
- 2008-04-24 00:29 . 2005-05-17 22:30 2585864 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\WindowsInstaller-KB893803-v2-x86.exe
- 2005-05-04 18:45 . 2005-05-04 18:45 2890240 c:\windows\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\msi.dll
+ 2009-05-22 12:54 . 2006-02-28 12:00 1134592 c:\windows\LastGood\system32\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\program files\USB Disk Win98 Driver\Res.EXE" [2005-09-15 65536]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"SDMSSplash"="c:\program files\HP_SDMS\SDMSSplash\launcher.exe" [2006-03-10 86016]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^ChkDisk.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
backup=c:\windows\pss\ChkDisk.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PCTAVSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\CuteFTP\\CUTFTP32.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/16/2009 8:11 PM 108289]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12/6/2007 1:20 PM 540184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [12/6/2007 1:23 PM 57344]
.
Contents of the 'Scheduled Tasks' folder

2009-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z9803q1w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/login.php
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z9803q1w.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 10:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2009-05-22 10:07
ComboFix-quarantined-files.txt 2009-05-22 14:07
ComboFix2.txt 2009-05-22 05:33

Pre-Run: 44,030,873,600 bytes free
Post-Run: 44,064,903,168 bytes free

Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
265 --- E O F --- 2009-04-29 03:36
*****
  • 0

#8
Rorschach112
Posted 22 May 2009 - 08:49 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#9
Selena Nichols
Posted 22 May 2009 - 01:39 PM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ran ATF Cleaner as directed

Ran MBAM:
*****
Malwarebytes' Anti-Malware 1.36
Database version: 2166
Windows 5.1.2600 Service Pack 2

5/22/2009 12:10:24 PM
mbam-log-2009-05-22 (12-10-24).txt

Scan type: Quick Scan
Objects scanned: 83826
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Spyware.Agent) -> Quarantined and deleted successfully.
*****

And ran Kapersky Scan:
*****
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 22, 2009 17:07:32
Records in database: 2218315
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 97507
Threat name: 22
Infected objects: 58
Suspicious objects: 0
Duration of the scan: 01:46:38


File name / Threat name / Threats count
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Agent.abqe 6
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Delf.bfc 4
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan.Win32.Buzus.wfq 4
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Agent.aevg 2
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Downloader.Win32.Agent.afqa 3
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Backdoor.Win32.Hijack.q 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Backdoor.Win32.Hijack.e 4
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Dropper.MSOffice.Fordo.b 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.Win32.Zbot.etl 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{7F8DD003-0A8C-47F0-8462-8D24E83968F4}\Microsoft\Outlook Express\Inbox.dbx Infected: Trojan-Spy.Win32.Goldun.axt 1
C:\Documents and Settings\Administrator\My Documents\Downloaded Files\cuteftp35.exe Infected: not-a-virus:AdWare.Win32.Aureate 1
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\Program Files\ThunMail\testabd.dll.vir Infected: Trojan.Win32.Agent.ciel 1
C:\Qoobox\Quarantine\C\Program Files\ThunMail\testabd.exe.vir Infected: Trojan-GameThief.Win32.WOW.ohg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\autochk.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthtltupqltepwjilruewfkklyxgqwuhypr.sys.vir Infected: Trojan.Win32.Tdss.aalf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_gxvxcbcrwsaiiqixooitfvmniohusbhqkfmab_.sys.zip Infected: Trojan.Win32.Tdss.abxw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxccptxahmhssmxmxbgecaycxtxbjtmjdbt.dll.vir Infected: Trojan-Clicker.Win32.Small.aea 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lmn_setup.exe.vir Infected: Trojan-Dropper.Win32.Agent.apgo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthayuuvqpjwymfnjgixwvmchfwbfuvyusg.dll.vir Infected: Trojan.Win32.Tdss.aald 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthotnajrjcddriasdowyiskbogixiimqgr.dll.vir Infected: Trojan.Win32.Tdss.aalg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthrscswnsloxfknaysldtpjboyabfntvtf.dll.vir Infected: Trojan.Win32.Tdss.aalc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0015C08.dat.vir Infected: Trojan-Downloader.Win32.Clopack.dc 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-22_10.03.35.zip Infected: Trojan-GameThief.Win32.WOW.ohg 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000001.dll Infected: Trojan-Clicker.Win32.Small.aea 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000002.sys Infected: Trojan.Win32.Tdss.aalf 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000020.dll Infected: Trojan.Win32.Agent.ciel 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000021.exe Infected: Trojan-GameThief.Win32.WOW.ohg 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000023.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000025.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000026.exe Infected: Trojan-Dropper.Win32.Agent.apgo 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000031.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000032.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000034.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000035.dll Infected: Trojan.Win32.Tdss.aald 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000036.dll Infected: Trojan.Win32.Tdss.aalg 1
C:\System Volume Information\_restore{8D290BB5-E59C-462B-A0EE-E8949A1E4344}\RP1\A0000037.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\_OTMoveIt\MovedFiles\05202009_112604\WINDOWS\temp\msb.dll Infected: Trojan-Spy.Win32.Agent.argt 1

The selected area was scanned.
*****
*****
  • 0

#10
Rorschach112
Posted 22 May 2009 - 06:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
C:\Documents and Settings\Administrator\My Documents\Downloaded Files\cuteftp35.exe
:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )

  • 0

Advertisements

#11
Selena Nichols
Posted 22 May 2009 - 06:25 PM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ran OTList2.exe successfully:

*****
========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kosglue-7.0.26.0.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\hsperfdata_Administrator\3856 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\temp\~DF22AE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-34dba190 scheduled to be deleted on reboot.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05222009_201911

Files moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Arj.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\avlib.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Avp1.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\AvpMgr.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\btimages.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\CAB.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\dmap.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\dtreg.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\FSSync.dll
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\FSSync.dll NOT unregistered.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\FSSync.dll moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\HashCont.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\HashMD5.PPL moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\HCCMP.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ichk2.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\iChkSA.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Inflate.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kave.dll
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kave.dll NOT unregistered.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kosglue-7.0.26.0.dll
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kosglue-7.0.26.0.dll NOT unregistered.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\kosglue-7.0.26.0.dll moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\lha.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\L_llio.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\mdb.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MDMAP.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MemModSc.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MemScan.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\minizip.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\MKavIO.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\msoe.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\nfio.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\NTFSstrm.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prLoader.dll
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prLoader.dll NOT unregistered.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prLoader.dll moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\prseqio.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\PrUtil.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\Quantum.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\rar.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\ScanningProcess.exe moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\sfdb.PPL moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\TempFile.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\thpimpl.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\UniArc.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\UnLZX.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\UnStored.ppl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\jkos-Administrator\binaries\WDiskIO.ppl moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\temp\hsperfdata_Administrator\3856 not found!
C:\Documents and Settings\Administrator\Local Settings\temp\hpodvd09.log moved successfully.
File C:\Documents and Settings\Administrator\Local Settings\temp\~DF22AE.tmp not found!
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\6.0\14\757e808e-34dba190 moved successfully.

Registry entries deleted on Reboot...
*****
  • 0

#12
Rorschach112
Posted 22 May 2009 - 06:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post a new OTL Log
  • 0

#13
Selena Nichols
Posted 22 May 2009 - 06:39 PM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry to be dense- Do you wantme to Run Scan within OTList2 and then psot the log?
  • 0

#14
Rorschach112
Posted 23 May 2009 - 05:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes
  • 0

#15
Selena Nichols
Posted 23 May 2009 - 06:04 AM

Selena Nichols

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Just completed OTListIt2 log:

*****
OTListIt logfile created on: 5/23/2009 7:57:33 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Administrator\Desktop\MalWare Removal
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 526.42 Mb Available Physical Memory | 51.85% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 40.18 Gb Free Space | 62.28% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.23 Gb Free Space | 42.23% Space Free | Partition Type: NTFS
Drive E: | 647.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 317.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NIRVANA
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - c:\program files\aol radio toolbar\aolradiotbServer.exe (AOL LLC.)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Administrator\Desktop\MalWare Removal\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (odserv [On_Demand | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- File not found
SRV - (PCA [Auto | Stopped]) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks)
SRV - (pdfcDispatcher [Auto | Running]) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Viewpoint Manager Service [Auto | Stopped]) -- File not found
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- File not found

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adfs [Auto | Running]) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\baspxp32.sys (Broadcom Corporation)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV08nt.sys (Intel® Corporation)
DRV - (iAimFP7 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wADV09nt.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV6 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wATV06nt.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (pccsmcfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys (Nokia)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OVCD.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (Symmpi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (VirtDisk [On_Demand | Stopped]) -- c:\windows\sminst\VirtDisk.sys (XSS)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
IE - URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.....com/login.php"
FF - prefs.js..extensions.enabledItems: {FC8CE4AF-8557-4155-89C4-500F5EEF1E68}:1.0
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {6ad56361-628f-471b-8f9d-4c338973a87d}:5.27.1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/15 19:30:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/15 19:30:24 | 00,000,000 | ---D | M]

[2009/05/08 01:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/05/08 01:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/22 09:24:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9803q1w.default\extensions
[2008/12/06 18:11:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9803q1w.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/05/11 20:12:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\z9803q1w.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2009/05/11 20:12:36 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\z9803q1w.default\searchplugins\aol-search.xml
[2009/05/22 09:24:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/15 19:30:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/16 13:21:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{FC8CE4AF-8557-4155-89C4-500F5EEF1E68}
[2009/05/15 19:30:18 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/15 19:30:18 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/16 11:25:19 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (AOL Radio Toolbar) - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9167DA98-6F9B-46F1-991D-826CAE46CAB6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash" ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE (ali)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html File not found
O8 - Extra context menu item: &AOL Radio Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File not found
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll File not found
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll File not found
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://zone.msn.com/...h2.1.0.0.68.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://zone.msn.com/...sh.1.0.0.98.cab (CPlayFirstDinerDashControl Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found
O18 - Protocol\Filter: - text/xml - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/07 22:42:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/28 01:28:27 | 00,000,175 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/22 20:23:14 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/05/22 20:26:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/22 20:22:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/22 20:19:11 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/22 12:03:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/22 12:03:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/22 12:03:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/22 12:03:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/22 12:03:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/22 11:57:55 | 00,000,925 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to wmplayer.lnk
[2009/05/22 11:45:13 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/22 10:08:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/22 10:02:58 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/05/22 01:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\temp
[2009/05/22 01:12:44 | 00,130,048 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/22 01:12:44 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/22 01:11:55 | 02,968,438 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/05/21 13:06:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/05/20 12:17:57 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/20 12:17:55 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/20 12:17:55 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/20 12:10:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/20 12:10:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/20 12:10:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/20 12:10:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/20 12:10:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/20 12:10:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/20 11:32:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/20 11:26:04 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/05/20 10:31:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/20 09:13:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/20 09:12:41 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/05/20 09:12:41 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/05/20 09:12:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/20 09:00:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MalWare Removal
[2009/05/20 08:37:24 | 00,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/20 08:24:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/05/20 04:39:56 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/05/17 16:00:54 | 00,109,567 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2009/05/17 16:00:53 | 00,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2009/05/17 15:48:37 | 00,000,000 | ---D | C] -- C:\Intel
[2009/05/17 14:29:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/17 14:29:18 | 10,646,24128 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/17 14:27:15 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/05/17 14:27:15 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/05/17 14:27:15 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/05/17 14:27:15 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/05/17 14:27:14 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/05/17 14:27:14 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/05/17 14:26:59 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/17 14:26:59 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/05/17 14:26:53 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/05/17 14:26:53 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/05/17 14:26:51 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/05/17 14:26:51 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/05/17 14:26:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2009/05/17 14:26:49 | 00,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2009/05/17 14:26:49 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2009/05/17 14:26:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/05/17 14:26:48 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/05/17 14:26:48 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/05/17 14:26:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/05/17 14:26:48 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/05/17 14:26:46 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/05/17 14:26:44 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2009/05/17 14:26:44 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/05/17 14:26:44 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/05/17 14:26:42 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/05/17 14:26:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/05/17 14:26:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2009/05/17 14:26:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/05/17 14:26:41 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/05/17 14:26:41 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/05/17 14:26:41 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/05/17 14:26:40 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/05/17 14:26:40 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/05/17 14:26:38 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2009/05/17 14:26:37 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2009/05/17 14:26:37 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2009/05/17 14:26:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/05/17 14:26:36 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/05/17 14:26:35 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2009/05/17 14:26:34 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/05/17 14:26:34 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2009/05/17 14:26:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2009/05/17 14:26:34 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/05/17 14:26:33 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2009/05/17 14:26:33 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2009/05/17 14:26:33 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2009/05/17 14:26:33 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/05/17 14:26:33 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2009/05/17 14:26:33 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2009/05/17 14:26:33 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/05/17 14:26:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2009/05/17 14:26:32 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2009/05/17 14:26:32 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/05/17 14:26:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2009/05/17 14:26:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/05/17 14:26:31 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2009/05/17 14:26:31 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/05/17 14:26:31 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/05/17 14:26:31 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/05/17 14:26:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/05/17 14:26:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/05/17 14:26:31 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/05/17 14:26:31 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/05/17 14:26:31 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/05/17 14:26:30 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/05/17 14:26:30 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/05/17 14:26:30 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/05/17 14:26:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/05/17 14:26:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/05/17 14:26:30 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/05/17 14:26:30 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/05/17 14:26:29 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/05/17 14:26:29 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/05/17 14:26:29 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/05/17 14:26:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/05/17 14:26:26 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2009/05/17 14:26:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/05/17 14:26:25 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/05/17 14:26:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2009/05/17 14:26:23 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/05/17 14:26:23 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/05/17 14:26:23 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/05/17 14:26:23 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/05/17 14:26:23 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/05/17 14:26:23 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/05/17 14:26:23 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2009/05/17 14:26:22 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2009/05/17 14:26:21 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/05/17 14:26:21 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/05/17 14:26:19 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2009/05/17 14:26:19 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/05/17 14:26:18 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/05/17 14:26:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2009/05/17 14:26:15 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/05/17 14:26:15 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/05/17 14:26:15 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/05/17 14:26:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/05/17 14:26:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/05/17 14:26:14 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/05/17 14:26:14 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/05/17 14:26:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/05/17 14:26:13 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/05/17 14:26:09 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/05/17 14:26:08 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2009/05/17 14:26:07 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/05/17 14:26:04 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2009/05/17 14:26:02 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/05/17 14:25:59 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/05/17 14:25:56 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/05/17 14:25:54 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2009/05/17 14:25:53 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/05/17 14:25:53 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/05/17 14:25:53 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2009/05/17 14:25:53 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/05/17 14:25:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/05/17 14:25:52 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2009/05/17 14:25:51 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2009/05/17 14:25:51 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/05/17 14:25:51 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2009/05/17 14:25:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2009/05/17 14:25:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2009/05/17 14:25:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/05/17 14:25:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/05/17 14:25:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/05/17 14:25:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/05/17 14:25:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/05/17 14:25:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/05/17 14:25:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/05/17 14:25:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/05/17 14:25:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/05/17 14:25:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/05/17 14:25:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/05/17 14:25:45 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/05/17 14:25:44 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2009/05/17 14:25:44 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/05/17 14:25:44 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/05/17 14:25:44 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/05/17 14:25:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/05/17 14:25:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/05/17 14:25:43 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2009/05/17 14:25:42 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2009/05/17 14:25:42 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/05/17 14:25:41 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/05/17 14:25:41 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2009/05/17 14:25:39 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2009/05/17 14:25:39 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2009/05/17 14:25:39 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/05/17 14:25:39 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/05/17 14:25:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2009/05/17 14:25:39 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/05/17 14:25:39 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/05/17 14:25:38 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2009/05/17 14:25:33 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/05/17 14:25:33 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2009/05/17 14:25:32 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/05/17 14:25:32 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/05/17 14:25:32 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/05/17 14:25:32 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/05/17 14:25:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2009/05/17 14:25:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2009/05/17 14:25:30 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/05/17 14:25:30 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2009/05/17 14:25:29 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2009/05/17 14:25:29 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2009/05/17 14:25:29 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2009/05/17 14:25:29 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2009/05/17 14:25:29 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2009/05/17 14:25:29 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2009/05/17 14:25:29 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2009/05/17 14:25:28 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2009/05/17 14:25:28 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2009/05/17 14:25:28 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2009/05/17 14:25:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/05/17 14:25:28 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2009/05/17 14:25:28 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2009/05/17 14:25:28 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2009/05/17 14:25:28 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/05/17 14:25:28 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2009/05/17 14:25:28 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2009/05/17 14:25:27 | 00,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2009/05/17 14:25:27 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2009/05/17 14:25:27 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/05/17 14:25:27 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2009/05/17 14:25:27 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/05/17 14:25:27 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2009/05/17 14:25:27 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2009/05/17 14:25:26 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/05/17 14:25:26 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/05/17 14:25:26 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2009/05/17 14:25:26 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2009/05/17 14:25:26 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/05/17 14:25:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/05/17 14:25:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/05/17 14:25:25 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/05/17 14:25:24 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2009/05/17 14:25:24 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2009/05/17 14:25:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/05/17 14:25:24 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2009/05/17 14:25:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2009/05/17 14:25:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/05/17 14:25:23 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/05/17 14:25:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/05/17 14:25:17 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2009/05/17 14:25:16 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2009/05/17 14:25:15 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/05/17 14:25:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/05/17 14:25:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/05/17 14:25:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/05/17 14:25:14 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2009/05/17 14:25:13 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/05/17 14:25:13 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/05/17 14:25:13 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2009/05/17 14:25:12 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/05/17 14:25:12 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/05/17 14:25:12 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/05/17 14:25:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/05/17 14:25:11 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/05/17 14:25:11 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/05/17 14:25:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/05/17 14:25:11 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/05/17 14:25:10 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/05/17 14:25:10 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/05/17 14:25:10 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/05/17 14:25:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/05/17 14:25:10 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/05/17 14:25:10 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/05/17 14:25:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/05/17 14:25:09 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/05/17 14:25:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/05/17 14:25:09 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/05/17 14:25:09 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/05/17 14:25:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/05/17 14:25:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/05/17 14:25:08 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/05/17 14:25:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/05/17 14:25:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/05/17 14:25:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/05/17 14:25:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/05/17 14:25:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/05/17 14:25:05 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/05/17 14:25:05 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/05/17 14:25:05 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/05/17 14:25:05 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/05/17 14:25:05 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/05/17 14:25:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/05/17 14:25:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/05/17 14:25:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/05/17 14:25:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/05/17 14:25:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/05/17 14:25:03 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/05/17 14:25:02 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/05/17 14:25:02 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/05/17 14:25:02 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/05/17 14:25:01 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/05/17 14:25:01 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/05/17 14:25:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/05/17 14:25:00 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/05/17 14:24:59 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2009/05/17 14:24:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/05/17 14:24:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/05/17 14:24:58 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2009/05/17 14:24:58 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2009/05/17 14:24:58 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/05/17 14:24:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2009/05/17 14:24:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2009/05/17 14:24:56 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/05/17 14:24:56 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2009/05/17 14:24:56 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/05/17 14:24:56 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/05/17 14:24:55 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2009/05/17 14:24:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2009/05/17 14:24:52 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2009/05/17 14:24:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2009/05/17 14:24:52 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/05/17 14:24:50 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2009/05/17 14:24:50 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2009/05/17 14:24:50 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2009/05/17 14:24:50 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2009/05/17 14:24:46 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2009/05/17 14:24:45 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2009/05/17 14:24:45 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2009/05/17 14:24:45 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/05/17 14:24:45 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2009/05/17 14:24:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/05/17 14:24:44 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/05/17 14:24:44 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2009/05/17 14:24:44 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2009/05/17 14:24:44 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2009/05/17 14:24:44 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2009/05/17 14:24:44 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/05/17 14:24:44 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/05/17 14:24:43 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2009/05/17 14:24:43 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2009/05/17 14:24:43 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2009/05/17 14:24:43 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2009/05/17 14:24:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/05/17 14:24:42 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2009/05/17 14:24:42 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2009/05/17 14:24:42 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2009/05/17 14:24:42 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2009/05/17 14:24:42 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2009/05/17 14:24:42 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2009/05/17 14:24:42 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2009/05/17 14:24:42 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2009/05/17 14:24:41 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2009/05/17 14:24:41 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2009/05/17 14:24:41 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2009/05/17 14:24:41 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2009/05/17 14:24:40 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2009/05/17 14:24:40 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2009/05/17 14:24:40 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/05/17 14:24:40 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2009/05/17 14:24:40 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2009/05/17 14:24:39 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2009/05/17 14:24:39 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2009/05/17 14:24:39 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2009/05/17 14:24:39 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2009/05/17 14:24:38 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2009/05/17 14:24:38 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2009/05/17 14:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/05/17 14:23:21 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/17 14:14:03 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/05/17 14:14:03 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/05/17 14:14:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/05/17 14:14:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/05/17 12:40:12 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/05/17 12:40:12 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/05/17 12:40:12 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/05/17 12:40:12 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/05/17 12:40:12 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/05/17 12:40:12 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/05/17 12:40:12 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/05/17 12:40:12 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/05/17 12:40:12 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/05/17 12:40:12 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/05/17 12:40:12 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/05/17 12:40:12 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/05/17 12:40:12 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/05/17 12:40:12 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/05/17 12:40:12 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/05/17 12:40:12 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/05/17 12:40:12 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/05/17 12:40:11 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/05/17 12:40:11 | 00,504,678 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/05/16 20:11:54 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/05/16 20:11:42 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/05/16 20:11:42 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/05/16 20:11:42 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/16 20:11:42 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/05/16 20:11:42 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/16 20:11:41 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/05/16 20:11:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/05/16 17:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/05/16 13:48:59 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/05/16 13:48:59 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
[2009/05/15 18:05:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/15 09:36:53 | 00,108,336 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Photoshop CS4 — Lisez-moi.pdf
[2009/05/15 09:36:53 | 00,103,148 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Léame de Photoshop CS4.pdf
[2009/05/15 09:36:53 | 00,065,686 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Photoshop CS4 Read Me.pdf
[2009/05/15 09:26:13 | 00,620,111 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.jpg
[2009/05/15 09:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Albums
[2009/05/15 09:07:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Download Manager
[2009/05/15 09:06:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/05/11 21:06:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/11 20:54:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/11 20:16:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
[2009/05/11 20:16:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/11 19:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Apps
[2009/05/09 10:31:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/05/08 01:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\AOL Radio Toolbar
[2009/05/08 01:14:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/05/08 00:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dtuser
[2009/05/08 00:45:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\aAvgApi
[2009/05/07 22:42:15 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/05/07 22:42:15 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/05/07 22:28:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/05/07 19:50:54 | 00,012,598 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/05/07 07:04:28 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/05/07 07:04:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\I386
[2009/05/06 13:25:10 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/05/05 16:47:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/05/05 16:47:04 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/05/05 16:04:24 | 00,457,976 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\PowerPointRibbon.pdf
[2009/05/05 11:08:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ICCTT
[2009/05/02 22:00:35 | 00,000,000 | ---D | C] -- C:\Program Files\Ice Cream Craze Tycoon Takeover
[2009/04/29 20:04:12 | 00,001,629 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Diaper Dash.lnk
[2009/04/29 20:04:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Diaper Dash
[2009/04/29 20:04:02 | 00,000,000 | ---D | C] -- C:\Program Files\Diaper Dash
[2009/04/28 19:24:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/04/23 09:57:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Radio Toolbar
[2009/02/09 12:48:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/09/24 21:46:42 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/23 12:23:02 | 00,000,394 | ---- | C] () -- C:\WINDOWS\XCrashReport.ini
[2008/05/23 11:58:27 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008/05/19 18:11:01 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll
[2008/05/04 10:09:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/04/23 21:44:24 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/06 13:30:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/06 13:19:24 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/12/06 13:19:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/12/06 13:19:24 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/12/06 13:19:24 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/12/06 13:19:23 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/12/06 13:19:23 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/12/06 13:03:30 | 00,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/12/06 13:03:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/03/29 23:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/04/25 13:32:30 | 00,000,645 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/04/25 06:19:26 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/02/28 08:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 08:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/08 06:12:22 | 00,000,774 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/06 16:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/05/22 20:21:20 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/22 20:21:13 | 00,000,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\desktop.ini
[2009/05/22 20:21:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/22 20:21:04 | 00,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/22 20:21:03 | 10,646,24128 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/22 12:03:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/22 11:57:56 | 00,000,925 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to wmplayer.lnk
[2009/05/22 10:06:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/22 10:02:04 | 02,968,438 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/05/22 01:27:18 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/20 20:37:02 | 00,130,048 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/20 12:22:42 | 02,214,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/20 12:17:57 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/20 10:17:47 | 00,000,645 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/20 10:17:47 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/20 09:12:41 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/05/20 09:12:41 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/05/20 08:37:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/20 08:37:24 | 00,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2009/05/17 16:12:15 | 00,109,064 | ---- | M] () -- C:\WINDOWS\hpoins08.dat
[2009/05/17 16:01:12 | 00,109,567 | ---- | M] () -- C:\WINDOWS\hpoins08.dat.temp
[2009/05/17 14:35:42 | 00,481,162 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 14:35:42 | 00,408,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 14:35:42 | 00,064,892 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 14:27:51 | 00,000,287 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/05/17 14:24:22 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2009/05/17 14:24:18 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/17 14:24:17 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/05/17 14:24:17 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/05/17 14:24:06 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/17 14:23:21 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/05/17 14:23:21 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/05/17 14:23:15 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/05/17 14:22:13 | 00,023,428 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/17 14:13:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2009/05/17 14:13:54 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/05/17 12:47:41 | 00,226,659 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/05/16 21:13:15 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\jejepabo
[2009/05/16 20:11:54 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/05/15 18:24:51 | 00,620,111 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.jpg
[2009/05/07 22:42:15 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/07 22:42:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/07 19:50:53 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/05/07 07:04:28 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/05/05 16:04:24 | 00,457,976 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\PowerPointRibbon.pdf
[2009/05/02 22:05:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/29 20:04:12 | 00,001,629 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Diaper Dash.lnk
[2009/04/24 17:09:10 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Bills.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
*****
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP