Avast boot log, either moved to chest or deleted.
11/13/2009 11:54:42 PM 1258178082 Owner 1272 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll" file.
11/13/2009 11:56:45 PM 1258178205 Owner 1272 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINNT\System32\hufejenu.exe" file.
11/13/2009 11:57:38 PM 1258178258 Owner 1272 Sign of "Win32:FraudLoad-UR [Trj]" has been found in "C:\WINNT\System32\nomedili.dll" file.
11/13/2009 11:57:45 PM 1258178265 Owner 1272 Sign of "Win32:MalOb-AC [Trj]" has been found in "C:\WINNT\System32\nozefovo.dll.tmp" file.
11/13/2009 11:58:18 PM 1258178298 Owner 1272 Sign of "Win32:MalOb-AC [Trj]" has been found in "C:\WINNT\System32\juyiliko.dll.tmp" file.
11/13/2009 11:58:27 PM 1258178307 Owner 1272 Sign of "Win32:FakeAlert-EF [Trj]" has been found in "C:\WINNT\System32\buvarawe.exe" file.
11/13/2009 11:58:53 PM 1258178333 Owner 1272 Sign of "Win32:MalOb-AC [Trj]" has been found in "C:\WINNT\System32\yerefuhi.dll.tmp" file.
MB agian
Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600 Service Pack 1
11/14/2009 12:00:49 AM
mbam-log-2009-11-14 (00-00-49).txt
Scan type: Quick Scan
Objects scanned: 103659
Time elapsed: 5 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINNT\System32\hufejenu.exe (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
C:\WINNT\system32\puzedosa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\gakikedo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\lozipapu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\mamakale.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\nomedili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\System32\nozefovo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\vidiyuto.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\potideti.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\nuzevuzi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\jutovofa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\juyiliko.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\tosihewi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\badaguko.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\buvarawe.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINNT\system32\kufejiko.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\wudumupa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\pekimevo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\yerefuhi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\wavikegi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
After updating windows
MB, SAS and Avast ran again and nothing.
RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 10:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xEDA40000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D4D000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xECD37000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda606b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda60574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda60a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6014c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6064e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6008c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda600f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6076e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6072e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda608ae
==EOF==
OTL
OTL Extras logfile created on: 11/14/2009 10:21:13 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop\geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
494.73 Mb Total Physical Memory | 251.22 Mb Available Physical Memory | 50.78% Memory free
1.85 Gb Paging File | 1.63 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 94.41 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAULSCOMPUTER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{04A33452-E805-4D71-B531-5718C2620AF7}" = TEENAGE MUTANT NINJA TURTLES 2 - BATTLE NEXUS
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{5AC85A62-CA20-4F94-AB4F-737CC4B9F15A}" = Madagascar Island Mania
"{645525C7-7E45-4B4D-B750-43FAF4E258C7}" = HyperLoad - Bowling
"{6E7F1130-F68A-46A1-96ED-5BFE51A3A605}" = Backyard Baseball 2005
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{ABEB838C-A1A7-4C5D-B7E1-8B4314B00527}" = MSN Messenger 5.0
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D2353A80-C650-4B5E-BA05-E5828730E623}" = Shrek 2 Activity Center
"{D524BF60-805E-4802-8B6E-09DB443C0377}" = Spider-Man 2 Activity Center
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E5B26C1E-4751-4F03-BC18-634F41F31EC6}" = DoMore
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"3DGroove" = 3D Groove Playback Engine
"4AF3F682-FE2A-488D-A11C-A0470A325E93" = Blasterball 2 from Gateway (remove only)
"5A137FCB-35EA-4849-8239-AFEBD2F45B3B" = Otto from Gateway (remove only)
"618CD711-AFB3-4EB4-9B48-ABD2AB370B21" = Slyder from Gateway (remove only)
"70216ACD-1547-44E5-8966-615BE9569EAD" = Blackhawk Striker from Gateway (remove only)
"97D31CB6-F2B5-4875-B6B0-8AF75AC414DB" = Five Card Frenzy from Gateway (remove only)
"A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24" = Overball from Gateway (remove only)
"AA4162B8-1BB1-4110-8F93-0092D4DEF122" = Bounce Symphony from Gateway (remove only)
"Activision_SP3UninstallKey" = Skateboard Park Tycoon 2004
"ADFCE1E4-A420-437C-998D-EAF04E3601BE" = Excavation from Gateway (remove only)
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"avast!" = avast! Antivirus
"BECB8A74-E07D-44A1-813D-1E390EB3047B" = Orbital from Gateway (remove only)
"Bowl-Ed Over" = Bowl-Ed Over
"Buggin' Out" = Buggin' Out (remove only)
"C4D2212B-5331-470D-9BF7-96DB25A398C7" = Polar Bowler from Gateway (remove only)
"Calling all Titans!" = Calling all Titans! (remove only)
"Cartoon Cove" = Cartoon Cove
"CCleaner" = CCleaner
"Desktop Weather by The Weather Channel" = Desktop Weather by The Weather Channel
"Dinosaur" = Disney's Dinosaur
"Downhill Derby" = Downhill Derby
"Ellsworth Publishing Co. (EPC) - Keyboard Mastery" = Ellsworth Publishing Co. (EPC) - Keyboard Mastery
"Emperors New Groove" = Emperors New Groove
"ERUNT_is1" = ERUNT 1.1j
"Fast And Flurrious" = Fast And Flurrious
"Freaky Freezeday" = Freaky Freezeday (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{04A33452-E805-4D71-B531-5718C2620AF7}" = TEENAGE MUTANT NINJA TURTLES 2 - BATTLE NEXUS
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Intel® 537EP Data Fax Modem" = Intel® 537EP Data Fax Modem
"Kids Next Door" = Kids Next Door
"Lexmark 3100 Series" = Lexmark 3100 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNMS" = MSN Internet Software
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phonics 4 Kids" = Phonics 4 Kids
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROSet" = Intel® PRO Network Adapters and Drivers
"PX: {20BBF229-A337-40AD-9FEB-2C98CDA53D1C}" = Gateway Rhapsody
"QIC UnInstall" = Insight Broadband QIC Service Activator
"QuickTime" = QuickTime
"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"rr2gw32.exe" = Reader Rabbit's 2nd Grade
"Shark Tale 1" = Shark Tale 1 Screen Saver
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"SLAMRMO" = Smart Link 56K Modem
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sweets Ahoy" = Sweets Ahoy (remove only)
"Tarzan Action Game" = Tarzan Action Game
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/13/2009 9:58:22 PM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/13/2009 9:58:22 PM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 11/13/2009 11:04:01 PM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/13/2009 11:04:01 PM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 11/14/2009 12:06:42 AM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/14/2009 12:06:42 AM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 11/14/2009 12:15:37 AM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/14/2009 12:15:37 AM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 11/14/2009 12:35:17 AM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 11/14/2009 12:35:17 AM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
[ System Events ]
Error - 11/14/2009 12:35:48 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 11/14/2009 12:36:19 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/14/2009 1:52:29 AM | Computer Name = PAULSCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 98.220.91.48 for the Network Card with network
address 000CF1AE2A9F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 11/14/2009 3:39:15 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 11/14/2009 3:39:17 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 11/14/2009 3:39:18 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error - 11/14/2009 4:03:21 AM | Computer Name = PAULSCOMPUTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Cumulative Security Update for Internet Explorer 6 for Windows
XP (KB974455).
Error - 11/14/2009 5:01:11 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 11/14/2009 5:01:19 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 11/14/2009 10:20:04 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
OTL logfile created on: 11/14/2009 10:21:13 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop\geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
494.73 Mb Total Physical Memory | 251.22 Mb Available Physical Memory | 50.78% Memory free
1.85 Gb Paging File | 1.63 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 94.41 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAULSCOMPUTER
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/11/14 08:53:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\geeks\OTL.exe
PRC - [2009/11/14 01:37:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/14 01:37:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/09/08 09:21:05 | 00,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 09:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXBCES.EXE
PRC - [2003/08/29 07:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXPPS.EXE
PRC - [2003/08/06 15:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/07/10 03:13:16 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\hkcmd.exe
PRC - [2003/01/10 16:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe
========== Modules (SafeList) ========== MOD - [2009/11/14 08:53:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\geeks\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 05:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ========== SRV - [2009/11/14 01:37:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/09/08 09:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/08/06 15:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 16:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe -- (WANMiniportService)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "
http://www.comcast.net/"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - HKLM\software\mozilla\Firefox\extensions\\
[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/14 01:37:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/14 02:34:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/14 00:53:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/14 01:37:59 | 00,000,000 | ---D | M]
[2009/03/12 17:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/12 17:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/14 08:46:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lg9pbrm.default\extensions
[2009/11/14 02:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lg9pbrm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/14 08:46:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 16:47:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/14 01:38:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/14 00:52:57 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/14 00:52:57 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/08/05 12:02:00 | 00,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
[2009/11/14 01:37:40 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2005/12/09 16:48:32 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/14 00:53:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/11/09 15:20:40 | 02,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/01/05 09:31:49 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/11/14 00:53:04 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/14 00:53:04 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/14 00:53:04 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/14 00:53:04 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/14 00:53:04 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/14 00:53:04 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/14 00:53:04 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (734 bytes) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 10 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814}
http://www.raarmls.c...ptX/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1161295977734 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6}
http://www.nick.com/.../GrooveAX28.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
http://a19.g.akamai....23/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}
http://a.download.to...5.44/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (reziveyo.dll) - File not found
O20 - AppInit_DLLs: (c:\winnt\system32\norupeze.dll) - C:\WINNT\System32\norupeze.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2003/10/06 13:13:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINNT\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ========== [2009/11/14 08:56:55 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/11/14 08:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/14 08:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\geeks
[2009/11/14 08:26:33 | 00,160,272 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/11/14 02:57:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/11/14 02:47:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/14 02:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/11/14 02:35:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/14 02:21:00 | 00,000,000 | ---D | C] -- C:\WINNT\System32\XPSViewer
[2009/11/14 02:20:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/14 02:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/14 02:20:01 | 00,000,000 | ---D | C] -- C:\b4c5493a4f8b6f08047020c338
[2009/11/14 02:02:40 | 00,000,000 | ---D | C] -- C:\WINNT\ie7updates
[2009/11/14 02:01:59 | 00,000,000 | ---D | C] -- C:\WINNT\WBEM
[2009/11/14 02:00:50 | 00,000,000 | -H-D | C] -- C:\WINNT\ie7
[2009/11/14 02:00:39 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$
[2009/11/14 02:00:20 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$
[2009/11/14 01:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2009/11/14 01:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/14 01:45:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/14 01:33:57 | 00,000,000 | ---D | C] -- C:\WINNT\Prefetch
[2009/11/14 01:28:19 | 00,000,000 | ---D | C] -- C:\WINNT\provisioning
[2009/11/14 01:28:19 | 00,000,000 | ---D | C] -- C:\WINNT\System32\en-us
[2009/11/14 01:28:18 | 00,000,000 | ---D | C] -- C:\WINNT\System32\scripting
[2009/11/14 01:28:16 | 00,000,000 | ---D | C] -- C:\WINNT\l2schemas
[2009/11/14 01:28:15 | 00,000,000 | ---D | C] -- C:\WINNT\peernet
[2009/11/14 01:28:15 | 00,000,000 | ---D | C] -- C:\WINNT\System32\en
[2009/11/14 01:25:23 | 00,000,000 | ---D | C] -- C:\WINNT\ServicePackFiles
[2009/11/14 01:23:18 | 00,000,000 | ---D | C] -- C:\WINNT\network diagnostic
[2009/11/14 01:17:37 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstall$
[2009/11/14 01:17:34 | 00,000,000 | ---D | C] -- C:\WINNT\EHome
[2009/11/14 01:00:57 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/14 00:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/11/13 23:48:51 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINNT\System32\dllcache\xrxwbtmp.dll
[2009/11/13 23:48:50 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\xlog.exe
[2009/11/13 23:48:50 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINNT\System32\dllcache\xem336n5.sys
[2009/11/13 23:48:40 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\wlluc48.sys
[2009/11/13 23:48:40 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINNT\System32\dllcache\wlandrv2.sys
[2009/11/13 23:48:36 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
[2009/11/13 23:48:32 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINNT\System32\dllcache\wbfirdma.sys
[2009/11/13 23:48:28 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
[2009/11/13 23:48:28 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w926nd.sys
[2009/11/13 23:48:28 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w940nd.sys
[2009/11/13 23:48:27 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vvoice.sys
[2009/11/13 23:48:26 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\vmodem.sys
[2009/11/13 23:48:26 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vpctcom.sys
[2009/11/13 23:48:25 | 00,249,402 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\vinwm.sys
[2009/11/13 23:48:23 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usrti.sys
[2009/11/13 23:48:21 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1801.sys
[2009/11/13 23:48:21 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806v.sys
[2009/11/13 23:48:21 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806.sys
[2009/11/13 23:48:18 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINNT\System32\dllcache\usb101et.sys
[2009/11/13 23:48:16 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINNT\System32\dllcache\umaxscan.dll
[2009/11/13 23:48:15 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um34scan.dll
[2009/11/13 23:48:15 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um54scan.dll
[2009/11/13 23:48:13 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxp.dll
[2009/11/13 23:48:13 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxpm.sys
[2009/11/13 23:48:13 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkbm.sys
[2009/11/13 23:48:12 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkb.dll
[2009/11/13 23:48:12 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3d.dll
[2009/11/13 23:48:12 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3dm.sys
[2009/11/13 23:48:09 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINNT\System32\dllcache\tjisdn.sys
[2009/11/13 23:48:08 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiulnt5.sys
[2009/11/13 23:48:08 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiul50.dll
[2009/11/13 23:48:07 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdkcd31.sys
[2009/11/13 23:48:06 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdk100b.sys
[2009/11/13 23:48:04 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINNT\System32\dllcache\t2r4disp.dll
[2009/11/13 23:48:04 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\t2r4mini.sys
[2009/11/13 23:48:00 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
[2009/11/13 23:48:00 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlncoin.dll
[2009/11/13 23:47:59 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
[2009/11/13 23:47:59 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\stcusb.sys
[2009/11/13 23:47:57 | 00,048,736 | ---- | C] (3Com) -- C:\WINNT\System32\dllcache\srwlnd5.sys
[2009/11/13 23:47:53 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINNT\System32\dllcache\sparrow.sys
[2009/11/13 23:47:45 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smiminib.sys
[2009/11/13 23:47:44 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smidispb.dll
[2009/11/13 23:47:44 | 00,035,913 | ---- | C] (SMC) -- C:\WINNT\System32\dllcache\smcirda.sys
[2009/11/13 23:47:44 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smcpwr2n.sys
[2009/11/13 23:47:44 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smc8000n.sys
[2009/11/13 23:47:40 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINNT\System32\dllcache\sk98xwin.sys
[2009/11/13 23:47:40 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
[2009/11/13 23:47:40 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINNT\System32\dllcache\sla30nd5.sys
[2009/11/13 23:47:33 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmusb.sys
[2009/11/13 23:47:33 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiulnt5.sys
[2009/11/13 23:47:33 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmld.sys
[2009/11/13 23:47:32 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiul50.dll
[2009/11/13 23:47:28 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINNT\System32\dllcache\scr111.sys
[2009/11/13 23:47:27 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmusbm.sys
[2009/11/13 23:47:26 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmn50m.sys
[2009/11/13 23:47:24 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4.dll
[2009/11/13 23:47:24 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3d.dll
[2009/11/13 23:47:24 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4m.sys
[2009/11/13 23:47:24 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3dm.sys
[2009/11/13 23:47:23 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mvirge.dll
[2009/11/13 23:47:23 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.dll
[2009/11/13 23:47:23 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mtrio.dll
[2009/11/13 23:47:23 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.sys
[2009/11/13 23:47:22 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3m.sys
[2009/11/13 23:47:22 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia450.dll
[2009/11/13 23:47:22 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia430.dll
[2009/11/13 23:47:20 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINNT\System32\dllcache\rtl8029.sys
[2009/11/13 23:47:18 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\rsmgrstr.dll
[2009/11/13 23:47:17 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINNT\System32\dllcache\rlnet5.sys
[2009/11/13 23:47:16 | 00,086,097 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\reslog32.dll
[2009/11/13 23:47:11 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdkxga.sys
[2009/11/13 23:47:11 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdmkxx.sys
[2009/11/13 23:47:05 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlv.sys
[2009/11/13 23:47:04 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserli.sys
[2009/11/13 23:47:04 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlp.sys
[2009/11/13 23:47:03 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\pscr.sys
[2009/11/13 23:46:55 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINNT\System32\dllcache\pcx500.sys
[2009/11/13 23:46:55 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\pctspk.exe
[2009/11/13 23:46:55 | 00,026,153 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pcmlm56.sys
[2009/11/13 23:46:54 | 00,030,495 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pc100nds.sys
[2009/11/13 23:46:51 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\opl3sax.sys
[2009/11/13 23:46:51 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otcsercb.sys
[2009/11/13 23:46:51 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otceth5.sys
[2009/11/13 23:46:51 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otc06x5.sys
[2009/11/13 23:46:43 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINNT\System32\dllcache\ntgrip.sys
[2009/11/13 23:46:41 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm5a2wdm.sys
[2009/11/13 23:46:41 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm6wdm.sys
[2009/11/13 23:46:40 | 00,132,695 | ---- | C] (802.11b) -- C:\WINNT\System32\dllcache\netwlan5.sys
[2009/11/13 23:46:40 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINNT\System32\dllcache\ngrpci.sys
[2009/11/13 23:46:37 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.dll
[2009/11/13 23:46:37 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.sys
[2009/11/13 23:46:35 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3disp.dll
[2009/11/13 23:46:35 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.dll
[2009/11/13 23:46:35 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.sys
[2009/11/13 23:46:35 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3d.sys
[2009/11/13 23:46:34 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.dll
[2009/11/13 23:46:34 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.sys
[2009/11/13 23:46:33 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxport.sys
[2009/11/13 23:46:33 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxcard.sys
[2009/11/13 23:46:33 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxicfg.dll
[2009/11/13 23:46:33 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINNT\System32\dllcache\mxnic.sys
[2009/11/13 23:46:33 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxport.dll
[2009/11/13 23:46:32 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINNT\System32\dllcache\mtxvideo.sys
[2009/11/13 23:46:09 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINNT\System32\dllcache\mraid35x.sys
[2009/11/13 23:46:01 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINNT\System32\dllcache\mdgndis5.sys
[2009/11/13 23:45:57 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\ltsm.sys
[2009/11/13 23:45:57 | 00,797,500 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltsmt.sys
[2009/11/13 23:45:57 | 00,420,992 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntt.sys
[2009/11/13 23:45:56 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ltck000c.sys
[2009/11/13 23:45:56 | 00,576,746 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntl.sys
[2009/11/13 23:45:53 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINNT\System32\dllcache\lne100tx.sys
[2009/11/13 23:45:53 | 00,025,065 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\lmndis3.sys
[2009/11/13 23:45:53 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINNT\System32\dllcache\lne100.sys
[2009/11/13 23:45:52 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
[2009/11/13 23:45:51 | 00,026,442 | ---- | C] (SMSC) -- C:\WINNT\System32\dllcache\lanepic5.sys
[2009/11/13 23:45:51 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINNT\System32\dllcache\ktc111.sys
[2009/11/13 23:45:39 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINNT\System32\dllcache\irmk7.sys
[2009/11/13 23:45:35 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINNT\System32\dllcache\ip5515.sys
[2009/11/13 23:45:24 | 00,372,824 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\iconf32.dll
[2009/11/13 23:44:54 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINNT\System32\dllcache\hpgt53tk.dll
[2009/11/13 23:44:53 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINNT\System32\dllcache\hpgt34tk.dll
[2009/11/13 23:44:44 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grclass.sys
[2009/11/13 23:44:44 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\gpr400.sys
[2009/11/13 23:44:42 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fxusbase.sys
[2009/11/13 23:44:35 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fus2base.sys
[2009/11/13 23:44:35 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fusbbase.sys
[2009/11/13 23:44:34 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpnpbase.sys
[2009/11/13 23:44:34 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcmbase.sys
[2009/11/13 23:44:33 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcibase.sys
[2009/11/13 23:44:29 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINNT\System32\dllcache\fa410nd5.sys
[2009/11/13 23:44:28 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xi.sys
[2009/11/13 23:44:28 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xj.sys
[2009/11/13 23:44:26 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esunib.dll
[2009/11/13 23:44:25 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuni.dll
[2009/11/13 23:44:25 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esucm.dll
[2009/11/13 23:44:25 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuimg.dll
[2009/11/13 23:44:22 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINNT\System32\dllcache\es1969.sys
[2009/11/13 23:44:08 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\ds1wdm.sys
[2009/11/13 23:44:05 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINNT\System32\dllcache\dp83820.sys
[2009/11/13 23:44:02 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINNT\System32\dllcache\dm9pci5.sys
[2009/11/13 23:44:02 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
[2009/11/13 23:44:01 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diwan.sys
[2009/11/13 23:44:01 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\ditrace.exe
[2009/11/13 23:44:01 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvsu.dll
[2009/11/13 23:44:00 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvpp.dll
[2009/11/13 23:44:00 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvci.dll
[2009/11/13 23:43:59 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\dimaint.sys
[2009/11/13 23:43:55 | 00,024,649 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650d.sys
[2009/11/13 23:43:55 | 00,024,648 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650.sys
[2009/11/13 23:43:53 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINNT\System32\dllcache\defpa.sys
[2009/11/13 23:43:47 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
[2009/11/13 23:43:46 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
[2009/11/13 23:43:46 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
[2009/11/13 23:43:46 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
[2009/11/13 23:43:46 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
[2009/11/13 23:43:46 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
[2009/11/13 23:43:44 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
[2009/11/13 23:43:43 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINNT\System32\dllcache\cpqtrnd5.sys
[2009/11/13 23:43:38 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
[2009/11/13 23:43:32 | 00,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
[2009/11/13 23:43:24 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
[2009/11/13 23:43:24 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
[2009/11/13 23:43:24 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
[2009/11/13 23:43:23 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
[2009/11/13 23:43:23 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
[2009/11/13 23:43:22 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
[2009/11/13 23:43:21 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
[2009/11/13 23:43:21 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2009/11/13 23:43:21 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
[2009/11/13 23:43:20 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
[2009/11/13 23:43:20 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
[2009/11/13 23:43:14 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
[2009/11/13 23:43:14 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2009/11/13 23:43:14 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
[2009/11/13 23:43:14 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
[2009/11/13 23:43:14 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
[2009/11/13 23:43:14 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
[2009/11/13 23:43:13 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
[2009/11/13 23:43:13 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
[2009/11/13 23:43:13 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
[2009/11/13 23:43:12 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
[2009/11/13 23:43:12 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
[2009/11/13 23:43:12 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
[2009/11/13 23:43:12 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
[2009/11/13 23:43:12 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
[2009/11/13 23:43:11 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
[2009/11/13 23:43:11 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
[2009/11/13 23:43:11 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
[2009/11/13 23:43:11 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
[2009/11/13 23:43:10 | 00,871,388 | ---- | C] (BCM) -- C:\WINNT\System32\dllcache\bcmdm.sys
[2009/11/13 23:43:09 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
[2009/11/13 23:43:08 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
[2009/11/13 23:43:08 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
[2009/11/13 23:43:08 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
[2009/11/13 23:43:08 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
[2009/11/13 23:43:07 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
[2009/11/13 23:43:07 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
[2009/11/13 23:42:56 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINNT\System32\dllcache\ati.sys
[2009/11/13 23:42:55 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
[2009/11/13 23:42:53 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2009/11/13 23:42:48 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
[2009/11/13 23:42:48 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
[2009/11/13 23:42:48 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
[2009/11/13 23:42:48 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
[2009/11/13 23:42:48 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
[2009/11/13 23:42:47 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINNT\System32\dllcache\adm8511.sys
[2009/11/13 23:42:46 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINNT\System32\dllcache\ac97sis.sys
[2009/11/13 23:42:46 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
[2009/11/13 23:42:45 | 00,184,320 | ---- | C] (Sierra Wireless Inc.) -- C:\WINNT\System32\dllcache\ac300nd5.sys
[2009/11/13 23:42:44 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2009/11/13 23:42:44 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
[2009/11/13 23:42:44 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
[2009/11/13 22:40:00 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2009/11/13 22:39:59 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2009/11/13 22:39:59 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2009/11/13 22:39:58 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\AvastSS.scr
[2009/11/13 22:39:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2009/11/13 22:39:57 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2009/11/13 22:39:57 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2009/11/13 22:39:41 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\aswBoot.exe
[2009/11/13 22:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/13 22:13:48 | 00,000,000 | ---D | C] -- C:\WINNT\pss
[2009/11/13 19:55:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/13 19:55:15 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/13 19:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/11/13 19:54:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/13 19:52:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/13 19:47:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/11/13 19:47:09 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/11/13 19:47:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 19:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/13 19:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/12 00:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AntiVirus Plus
[2009/10/31 12:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/31 12:12:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NOS
[2005/12/09 16:48:37 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/02/15 13:09:35 | 00,155,648 | ---- | C] ( ) -- C:\WINNT\System32\flashshl.dll
[2003/10/16 09:58:42 | 00,014,976 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys
========== Files - Modified Within 14 Days ========== [2009/11/14 10:13:41 | 02,883,584 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/14 10:13:22 | 00,000,452 | ---- | M] () -- C:\WINNT\tasks\QIC Messenger Bkup.job
[2009/11/14 10:13:19 | 00,000,286 | ---- | M] () -- C:\WINNT\tasks\apxhnjwz.job
[2009/11/14 10:13:19 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/11/14 10:13:10 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/11/14 10:12:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/14 08:55:48 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 08:55:48 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/14 08:54:32 | 00,057,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/14 08:48:25 | 00,001,463 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2009/11/14 08:26:32 | 00,160,272 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/11/14 02:50:01 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/14 02:47:26 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2009/11/14 02:41:59 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/11/14 02:37:05 | 00,501,054 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/11/14 02:37:05 | 00,441,124 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/11/14 02:37:05 | 00,071,060 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/11/14 02:29:10 | 00,224,024 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/11/14 01:35:39 | 00,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
[2009/11/14 01:30:08 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/11/14 01:22:56 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/14 01:22:56 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/14 00:46:54 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to CCleaner.lnk
[2009/11/13 22:40:00 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/13 22:39:57 | 00,002,626 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2009/11/13 22:36:55 | 00,000,452 | ---- | M] () -- C:\WINNT\tasks\QIC Messenger Periodic.job
[2009/11/13 21:25:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 21:02:56 | 00,011,168 | -H-- | M] () -- C:\WINNT\System32\wonotudi
[2009/11/13 19:57:09 | 00,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2009/11/13 19:57:09 | 00,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2009/11/13 19:55:23 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/13 19:49:40 | 00,004,286 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\avp.ico
[2009/11/13 19:49:33 | 00,000,023 | ---- | M] () -- C:\WINNT\FLASHKSK.INI
[2009/11/13 07:05:26 | 00,003,205 | ---- | M] () -- C:\WINNT\LXBRCAH.ini
[2009/11/12 18:40:22 | 00,000,416 | ---- | M] () -- C:\WINNT\tasks\QIC Autoupdate.job
[2009/11/10 18:18:45 | 00,000,470 | ---- | M] () -- C:\WINNT\lexstat.ini
[2009/11/06 18:16:48 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/11/04 23:28:37 | 00,268,546 | ---- | M] () -- C:\VETlog.dmp
[2009/10/31 12:14:02 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
========== Files Created - No Company Name ========== [2009/11/14 08:55:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 08:55:48 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/14 08:48:18 | 00,001,463 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2009/11/14 02:50:01 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/14 02:47:26 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2009/11/14 02:32:28 | 01,089,593 | ---- | C] () -- C:\WINNT\System32\dllcache\ntprint.cat
[2009/11/14 01:44:18 | 01,203,922 | ---- | C] () -- C:\WINNT\System32\dllcache\sysmain.sdb
[2009/11/14 01:28:43 | 00,010,457 | ---- | C] () -- C:\WINNT\System32\dllcache\wmptour.hta
[2009/11/14 01:28:43 | 00,001,771 | ---- | C] () -- C:\WINNT\System32\dllcache\wmptour.css
[2009/11/14 01:28:43 | 00,000,855 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpocm.inf
[2009/11/14 01:28:43 | 00,000,420 | ---- | C] () -- C:\WINNT\System32\dllcache\wmploc.js
[2009/11/14 01:28:42 | 00,613,334 | ---- | C] () -- C:\WINNT\System32\dllcache\wmplayer.chm
[2009/11/14 01:28:42 | 00,354,468 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud1.wav
[2009/11/14 01:28:42 | 00,343,204 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud7.wav
[2009/11/14 01:28:42 | 00,343,204 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud6.wav
[2009/11/14 01:28:42 | 00,172,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud9.wav
[2009/11/14 01:28:42 | 00,172,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud8.wav
[2009/11/14 01:28:42 | 00,172,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud3.wav
[2009/11/14 01:28:42 | 00,086,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud5.wav
[2009/11/14 01:28:42 | 00,086,180 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud4.wav
[2009/11/14 01:28:42 | 00,086,180 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud2.wav
[2009/11/14 01:28:42 | 00,067,374 | ---- | C] () -- C:\WINNT\System32\dllcache\wmplayer.adm
[2009/11/14 01:28:42 | 00,029,070 | ---- | C] () -- C:\WINNT\System32\dllcache\wmp.inf
[2009/11/14 01:28:42 | 00,023,195 | ---- | C] () -- C:\WINNT\System32\dllcache\wmplay.chm
[2009/11/14 01:28:41 | 00,017,272 | ---- | C] () -- C:\WINNT\System32\dllcache\wmdm.inf
[2009/11/14 01:28:41 | 00,008,677 | ---- | C] () -- C:\WINNT\System32\dllcache\wm7.gif
[2009/11/14 01:28:41 | 00,007,892 | ---- | C] () -- C:\WINNT\System32\dllcache\wm9.gif
[2009/11/14 01:28:41 | 00,007,636 | ---- | C] () -- C:\WINNT\System32\dllcache\wm2.gif
[2009/11/14 01:28:41 | 00,007,369 | ---- | C] () -- C:\WINNT\System32\dllcache\wm4.gif
[2009/11/14 01:28:41 | 00,006,769 | ---- | C] () -- C:\WINNT\System32\dllcache\wmfsdk.inf
[2009/11/14 01:28:41 | 00,006,241 | ---- | C] () -- C:\WINNT\System32\dllcache\wm3.gif
[2009/11/14 01:28:41 | 00,006,060 | ---- | C] () -- C:\WINNT\System32\dllcache\wm6.gif
[2009/11/14 01:28:41 | 00,004,193 | ---- | C] () -- C:\WINNT\System32\dllcache\wm8.gif
[2009/11/14 01:28:41 | 00,002,477 | ---- | C] () -- C:\WINNT\System32\dllcache\wm5.gif
[2009/11/14 01:28:40 | 00,300,969 | ---- | C] () -- C:\WINNT\System32\dllcache\viz.wmv
[2009/11/14 01:28:40 | 00,023,829 | ---- | C] () -- C:\WINNT\System32\dllcache\tourbg.gif
[2009/11/14 01:28:40 | 00,017,489 | ---- | C] () -- C:\WINNT\System32\dllcache\videobg.gif
[2009/11/14 01:28:40 | 00,005,789 | ---- | C] () -- C:\WINNT\System32\dllcache\wm1.gif
[2009/11/14 01:28:40 | 00,005,290 | ---- | C] () -- C:\WINNT\System32\dllcache\vidsamp.gif
[2009/11/14 01:28:40 | 00,003,187 | ---- | C] () -- C:\WINNT\System32\dllcache\tour.js
[2009/11/14 01:28:40 | 00,002,469 | ---- | C] () -- C:\WINNT\System32\dllcache\tplay.gif
[2009/11/14 01:28:40 | 00,002,450 | ---- | C] () -- C:\WINNT\System32\dllcache\tpause.gif
[2009/11/14 01:28:40 | 00,002,375 | ---- | C] () -- C:\WINNT\System32\dllcache\tplayh.gif
[2009/11/14 01:28:40 | 00,002,371 | ---- | C] () -- C:\WINNT\System32\dllcache\tpauseh.gif
[2009/11/14 01:28:40 | 00,001,398 | ---- | C] () -- C:\WINNT\System32\dllcache\taon.gif
[2009/11/14 01:28:40 | 00,001,380 | ---- | C] () -- C:\WINNT\System32\dllcache\taonh.gif
[2009/11/14 01:28:40 | 00,001,380 | ---- | C] () -- C:\WINNT\System32\dllcache\taoff.gif
[2009/11/14 01:28:40 | 00,001,367 | ---- | C] () -- C:\WINNT\System32\dllcache\taoffh.gif
[2009/11/14 01:28:40 | 00,001,148 | ---- | C] () -- C:\WINNT\System32\dllcache\snd.htm
[2009/11/14 01:28:40 | 00,000,908 | ---- | C] () -- C:\WINNT\System32\dllcache\skins.inf
[2009/11/14 01:28:39 | 00,572,557 | ---- | C] () -- C:\WINNT\System32\dllcache\rtuner.wmv
[2009/11/14 01:28:39 | 00,375,519 | ---- | C] () -- C:\WINNT\System32\dllcache\nuskin.wmv
[2009/11/14 01:28:39 | 00,077,307 | ---- | C] () -- C:\WINNT\System32\dllcache\plyr_err.chm
[2009/11/14 01:28:39 | 00,066,725 | ---- | C] () -- C:\WINNT\System32\dllcache\revert.wmz
[2009/11/14 01:28:39 | 00,022,060 | ---- | C] () -- C:\WINNT\System32\dllcache\npds.zip
[2009/11/14 01:28:39 | 00,001,477 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst6.wpl
[2009/11/14 01:28:39 | 00,001,477 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst5.wpl
[2009/11/14 01:28:39 | 00,001,474 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst3.wpl
[2009/11/14 01:28:39 | 00,001,451 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst12.wpl
[2009/11/14 01:28:39 | 00,001,448 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst4.wpl
[2009/11/14 01:28:39 | 00,001,250 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst1.wpl
[2009/11/14 01:28:39 | 00,001,049 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst2.wpl
[2009/11/14 01:28:39 | 00,001,046 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst7.wpl
[2009/11/14 01:28:39 | 00,001,036 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst8.wpl
[2009/11/14 01:28:39 | 00,000,789 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst11.wpl
[2009/11/14 01:28:39 | 00,000,787 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst10.wpl
[2009/11/14 01:28:39 | 00,000,784 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst9.wpl
[2009/11/14 01:28:39 | 00,000,783 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst13.wpl
[2009/11/14 01:28:39 | 00,000,775 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst14.wpl
[2009/11/14 01:28:39 | 00,000,733 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst15.wpl
[2009/11/14 01:28:39 | 00,000,403 | ---- | C] () -- C:\WINNT\System32\dllcache\npdrmv2.zip
[2009/11/14 01:28:38 | 00,457,607 | ---- | C] () -- C:\WINNT\System32\dllcache\mdlib.wmv
[2009/11/14 01:28:38 | 00,097,117 | ---- | C] () -- C:\WINNT\System32\dllcache\mplayer2.hlp
[2009/11/14 01:28:38 | 00,018,286 | ---- | C] () -- C:\WINNT\System32\dllcache\mplayer2.inf
[2009/11/14 01:28:38 | 00,002,778 | ---- | C] () -- C:\WINNT\System32\dllcache\mplogoh.gif
[2009/11/14 01:28:38 | 00,002,545 | ---- | C] () -- C:\WINNT\System32\dllcache\mplogo.gif
[2009/11/14 01:28:38 | 00,001,885 | ---- | C] () -- C:\WINNT\System32\dllcache\mplayer2.cnt
[2009/11/14 01:28:37 | 00,381,425 | ---- | C] () -- C:\WINNT\System32\dllcache\copycd.wmv
[2009/11/14 01:28:37 | 00,184,959 | ---- | C] () -- C:\WINNT\System32\dllcache\compact.wmz
[2009/11/14 01:28:37 | 00,009,585 | ---- | C] () -- C:\WINNT\System32\dllcache\controls.css
[2009/11/14 01:28:37 | 00,008,298 | ---- | C] () -- C:\WINNT\System32\dllcache\contents.htm
[2009/11/14 01:28:37 | 00,006,878 | ---- | C] () -- C:\WINNT\System32\dllcache\controls.js
[2009/11/14 01:28:37 | 00,005,971 | ---- | C] () -- C:\WINNT\System32\dllcache\events.js
[2009/11/14 01:28:37 | 00,000,999 | ---- | C] () -- C:\WINNT\System32\dllcache\bktrh.gif
[2009/11/14 01:28:37 | 00,000,773 | ---- | C] () -- C:\WINNT\System32\dllcache\cnth.gif
[2009/11/14 01:28:37 | 00,000,773 | ---- | C] () -- C:\WINNT\System32\dllcache\cnt.gif
[2009/11/14 01:28:37 | 00,000,772 | ---- | C] () -- C:\WINNT\System32\dllcache\cntd.gif
[2009/11/14 01:28:37 | 00,000,760 | ---- | C] () -- C:\WINNT\System32\dllcache\cloapph.gif
[2009/11/14 01:28:37 | 00,000,717 | ---- | C] () -- C:\WINNT\System32\dllcache\cloapp.gif
[2009/11/14 01:23:15 | 00,129,045 | ---- | C] () -- C:\WINNT\System32\drivers\cxthsfs2.cty
[2009/11/14 01:23:15 | 00,064,352 | ---- | C] () -- C:\WINNT\System32\drivers\ativmc20.cod
[2009/11/14 01:23:13 | 00,067,866 | ---- | C] () -- C:\WINNT\System32\drivers\netwlan5.img
[2009/11/14 00:46:54 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to CCleaner.lnk
[2009/11/13 23:48:51 | 00,027,648 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxftplt.exe
[2009/11/13 23:46:59 | 00,175,104 | ---- | C] () -- C:\WINNT\System32\dllcache\pintlcsa.dll
[2009/11/13 23:45:50 | 01,158,818 | ---- | C] () -- C:\WINNT\System32\dllcache\korwbrkr.lex
[2009/11/13 23:45:32 | 00,059,392 | ---- | C] () -- C:\WINNT\System32\dllcache\imscinst.exe
[2009/11/13 23:45:27 | 00,134,339 | ---- | C] () -- C:\WINNT\System32\dllcache\imekr.lex
[2009/11/13 23:45:04 | 13,463,552 | ---- | C] () -- C:\WINNT\System32\dllcache\hwxjpn.dll
[2009/11/13 23:44:54 | 00,165,888 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt53.dll
[2009/11/13 23:44:53 | 00,101,376 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt34.dll
[2009/11/13 23:44:53 | 00,093,696 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt42.dll
[2009/11/13 23:44:53 | 00,089,088 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt33.dll
[2009/11/13 23:44:52 | 00,083,968 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt21.dll
[2009/11/13 23:44:48 | 00,108,827 | ---- | C] () -- C:\WINNT\System32\dllcache\hanja.lex
[2009/11/13 23:44:01 | 00,037,962 | ---- | C] () -- C:\WINNT\System32\dllcache\divaprop.dll
[2009/11/13 23:44:01 | 00,029,768 | ---- | C] () -- C:\WINNT\System32\dllcache\divasu.dll
[2009/11/13 23:44:01 | 00,006,216 | ---- | C] () -- C:\WINNT\System32\dllcache\divaci.dll
[2009/11/13 23:43:32 | 00,173,568 | ---- | C] () -- C:\WINNT\System32\dllcache\chtskf.dll
[2009/11/13 23:43:05 | 00,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
[2009/11/13 23:43:05 | 00,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
[2009/11/13 23:43:05 | 00,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
[2009/11/13 23:43:04 | 00,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
[2009/11/13 23:43:04 | 00,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2009/11/13 23:43:04 | 00,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
[2009/11/13 23:43:04 | 00,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
[2009/11/13 23:43:03 | 00,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
[2009/11/13 23:43:03 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
[2009/11/13 23:42:59 | 00,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2009/11/13 22:40:00 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/13 22:39:41 | 00,380,928 | ---- | C] () -- C:\WINNT\System32\actskin4.ocx
[2009/11/13 19:55:23 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/13 19:47:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 07:02:56 | 00,000,286 | ---- | C] () -- C:\WINNT\tasks\apxhnjwz.job
[2009/11/12 00:12:12 | 00,004,286 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\avp.ico
[2009/11/05 00:43:44 | 00,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2009/11/05 00:43:44 | 00,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2009/11/04 23:28:34 | 00,268,546 | ---- | C] () -- C:\VETlog.dmp
[2009/10/31 12:14:02 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2007/05/11 19:40:47 | 00,000,053 | ---- | C] () -- C:\WINNT\WININIT.INI
[2006/07/07 18:52:36 | 00,000,109 | ---- | C] () -- C:\WINNT\TLCAPPS.INI
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont
[2006/02/26 14:16:42 | 00,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2006/01/21 16:51:47 | 00,000,544 | ---- | C] () -- C:\WINNT\Madagascar.INI
[2005/08/20 12:17:27 | 00,043,520 | ---- | C] () -- C:\WINNT\System32\CmdLineExt03.dll
[2005/04/04 17:40:51 | 00,000,023 | ---- | C] () -- C:\WINNT\EPC Keyboarding.INI
[2005/02/22 19:14:04 | 00,000,588 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2005/01/09 11:50:03 | 00,000,181 | ---- | C] () -- C:\WINNT\System32\lxbrcoin.ini
[2004/12/27 20:22:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2004/12/27 20:22:20 | 00,001,467 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2004/07/22 19:37:41 | 00,000,004 | ---- | C] () -- C:\WINNT\uccspecb.sys
[2004/03/22 18:03:18 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll
[2004/03/19 19:25:23 | 00,002,672 | ---- | C] () -- C:\WINNT\disney.ini
[2004/02/16 10:35:13 | 00,057,256 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/02/16 10:27:13 | 00,000,078 | ---- | C] () -- C:\WINNT\qwimp.ini
[2004/02/16 10:27:12 | 00,000,403 | ---- | C] () -- C:\WINNT\intuprof.ini
[2004/02/15 13:09:35 | 00,000,023 | ---- | C] () -- C:\WINNT\FLASHKSK.INI
[2004/02/15 13:09:34 | 00,003,205 | ---- | C] () -- C:\WINNT\LXBRCAH.ini
[2004/02/15 13:09:34 | 00,000,468 | ---- | C] () -- C:\WINNT\LXBRFMT.INI
[2004/02/15 13:09:32 | 00,002,174 | ---- | C] () -- C:\WINNT\System32\LXBRSET.INI
[2004/02/15 13:04:12 | 00,000,470 | ---- | C] () -- C:\WINNT\lexstat.ini
[2004/02/12 18:43:39 | 00,000,038 | ---- | C] () -- C:\WINNT\iltwain.ini
[2004/02/12 18:27:01 | 00,229,376 | ---- | C] () -- C:\WINNT\System32\ISP2000.dll
[2004/02/12 17:53:25 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/12 17:52:51 | 00,007,324 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2004/01/22 14:31:55 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/10/16 09:58:42 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\SLLights.dll
[2003/10/16 09:58:42 | 00,151,552 | ---- | C] () -- C:\WINNT\System32\amr_cpl.dll
[2003/10/15 09:15:29 | 00,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll
[2003/10/14 15:56:53 | 00,001,081 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/10/14 15:56:05 | 00,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/10/14 15:53:24 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/10/14 15:50:22 | 00,094,208 | ---- | C] () -- C:\WINNT\System32\PCDrKernelModeServices.dll
[2003/10/14 15:50:22 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/10/14 15:49:24 | 00,000,571 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 13:57:12 | 00,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 13:40:33 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/10/06 13:34:01 | 02,113,304 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2003/10/06 13:33:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/10/06 13:17:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/11/13 08:40:22 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\lxbrvs.dll
[2001/07/15 16:48:32 | 00,170,585 | ---- | C] () -- C:\WINNT\System32\MCPrintX.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[1979/12/31 23:00:00 | 00,000,621 | ---- | C] () -- C:\WINNT\win.ini
[1979/12/31 23:00:00 | 00,000,263 | ---- | C] () -- C:\WINNT\system.ini
========== LOP Check ========== [2004/02/15 13:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/14 02:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/11 19:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/03/28 15:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/13 23:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AntiVirus Plus
[2004/02/11 19:45:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/11/14 18:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/12/09 16:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2008/03/29 15:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/11/14 10:13:19 | 00,000,286 | ---- | M] () -- C:\WINNT\Tasks\apxhnjwz.job
[2003/03/31 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2004/02/13 07:30:00 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 1.job
[2004/02/11 19:07:44 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 2.job
[2004/02/11 19:07:44 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 3.job
[2009/11/12 18:40:22 | 00,000,416 | ---- | M] () -- C:\WINNT\Tasks\QIC Autoupdate.job
[2009/11/14 10:13:22 | 00,000,452 | ---- | M] () -- C:\WINNT\Tasks\QIC Messenger Bkup.job
[2009/11/13 22:36:55 | 00,000,452 | ---- | M] () -- C:\WINNT\Tasks\QIC Messenger Periodic.job
[2009/11/14 10:13:19 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 >[2003/03/31 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >[2003/03/31 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2003/03/31 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 >[2003/07/02 18:00:00 | 00,274,816 | ---- | M] (Intel Corporation) MD5=50B56E7DE809BE4B8F4D24B3F0381520 -- C:\OEMDRVRS\iaStor.sys
[2003/07/02 18:00:00 | 00,274,816 | ---- | M] (Intel Corporation) MD5=50B56E7DE809BE4B8F4D24B3F0381520 -- C:\WINNT\system32\drivers\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 >[2002/10/24 15:59:48 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2003/03/31 05:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\$NtUninstallQ331958$\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys
[2002/10/24 14:59:48 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINNT\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINNT\$NtServicePackUninstall$\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >< End of report >