Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo and various


  • Please log in to reply

#1
kbz1960

kbz1960

    Member

  • Member
  • PipPip
  • 74 posts
Hi, I brought home a co-workers computer and it was infected with antivirus plus among a lot of vundo and other things. The first thing I did was download superantispyware, malwarebytes and avast onto a flash drive from my computer.

Her system is a windows xp sp1. I booted her system into safe mode and wasn't connected to the internet. I installed and attempted to run malwarebytes and it wouldn't run. Then I installed superantispyware and it ran and found a lot of things, rebooted back into safe mode. Then I was able to run malwarebytes and it found more stuff, rebooted back into safe mode and ran MB again and again it found some items.

After MB found no more items I booted normal, still with no internet and installed avast and had it run a boot scan that found some nasties also. Then I connected to the internet and updated avast, sas and mb. Ran sas and mb again until nothing came up. Downloaded all windows updates, reran programs and seems to be working good now.

Then I came here and followed all of the instructions and have the logs. I was wondering if someone could check them and see if maybe something is still hiding and waiting to start all the crap all over again.

SAS log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2009 at 09:00 PM

Application Version : 4.30.1004

Core Rules Database Version : 4260
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:00:14

Memory items scanned : 195
Memory threats detected : 5
Registry items scanned : 4567
Registry threats detected : 20
File items scanned : 26779
File threats detected : 348

Adware.Vundo/Variant-EC
C:\WINNT\SYSTEM32\NORUPEZE.DLL
C:\WINNT\SYSTEM32\NORUPEZE.DLL
C:\WINNT\SYSTEM32\YEMOPEGO.DLL
C:\WINNT\SYSTEM32\YEMOPEGO.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{7aa2ac29-87ef-4463-83f1-6fe6737dc90c}
HKCR\CLSID\{7AA2AC29-87EF-4463-83F1-6FE6737DC90C}
HKCR\CLSID\{7aa2ac29-87ef-4463-83f1-6fe6737dc90c}\InprocServer32
HKCR\CLSID\{7aa2ac29-87ef-4463-83f1-6fe6737dc90c}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{0f7790ec-cee2-406d-a1b2-0f10e8341d99}
HKCR\CLSID\{0F7790EC-CEE2-406D-A1B2-0F10E8341D99}
HKCR\CLSID\{0f7790ec-cee2-406d-a1b2-0f10e8341d99}\InprocServer32
HKCR\CLSID\{0f7790ec-cee2-406d-a1b2-0f10e8341d99}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{625f95b7-7847-430b-8771-568b52abdaaa}
HKCR\CLSID\{625F95B7-7847-430B-8771-568B52ABDAAA}
HKCR\CLSID\{625f95b7-7847-430b-8771-568b52abdaaa}\InprocServer32
HKCR\CLSID\{625f95b7-7847-430b-8771-568b52abdaaa}\InprocServer32#ThreadingModel
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#nelesojob
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#takizagah
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#jujitubej
C:\WINNT\SYSTEM32\JUNEFARE.DLL
C:\WINNT\SYSTEM32\KALAHAVI.DLL
C:\WINNT\SYSTEM32\NUZEROTO.DLL
C:\WINNT\SYSTEM32\RAZIWANU.DLL

Adware.Vundo/Variant-[Fixed]
C:\WINNT\SYSTEM32\REZIVEYO.DLL
C:\WINNT\SYSTEM32\REZIVEYO.DLL
C:\WINNT\SYSTEM32\JUGINIRE.DLL
C:\WINNT\SYSTEM32\JUGINIRE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0272a308-9ed5-4aab-bc5f-d8f8b80b10ac}
HKCR\CLSID\{0272A308-9ED5-4AAB-BC5F-D8F8B80B10AC}
HKCR\CLSID\{0272A308-9ED5-4AAB-BC5F-D8F8B80B10AC}\InprocServer32
HKCR\CLSID\{0272A308-9ED5-4AAB-BC5F-D8F8B80B10AC}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\MUHUBITU.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1674\A0043815.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1674\A0043816.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1693\A0045849.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1693\A0045850.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1693\A0045851.DLL
C:\WINNT\SYSTEM32\BEWUMOPU.DLL
C:\WINNT\SYSTEM32\DOPUJADO.DLL
C:\WINNT\SYSTEM32\DOVIKISI.DLL
C:\WINNT\SYSTEM32\FADAJOFI.DLL
C:\WINNT\SYSTEM32\FERAJOJA.DLL
C:\WINNT\SYSTEM32\FIHAYESA.DLL
C:\WINNT\SYSTEM32\FIKOBUSE.DLL
C:\WINNT\SYSTEM32\FUHOLEVU.DLL
C:\WINNT\SYSTEM32\GAYAGUYI.DLL
C:\WINNT\SYSTEM32\GUGIZESA.DLL
C:\WINNT\SYSTEM32\GUHOWORA.DLL
C:\WINNT\SYSTEM32\HAPEYIVO.DLL
C:\WINNT\SYSTEM32\HEFOHOBO.DLL
C:\WINNT\SYSTEM32\HIHATOBE.DLL
C:\WINNT\SYSTEM32\JALOPEYA.DLL
C:\WINNT\SYSTEM32\JEFIZOTI.DLL
C:\WINNT\SYSTEM32\JETOYIJI.DLL
C:\WINNT\SYSTEM32\JITIMOHE.DLL
C:\WINNT\SYSTEM32\JOLOZOZA.DLL
C:\WINNT\SYSTEM32\KETOFIHE.DLL
C:\WINNT\SYSTEM32\KOTIBAVU.DLL
C:\WINNT\SYSTEM32\KOZAVITO.DLL
C:\WINNT\SYSTEM32\LANIFOSO.DLL
C:\WINNT\SYSTEM32\MITUROGU.DLL
C:\WINNT\SYSTEM32\NESUFERU.DLL
C:\WINNT\SYSTEM32\NOZAZISO.DLL
C:\WINNT\SYSTEM32\PABISUMU.DLL
C:\WINNT\SYSTEM32\PEDULIRO.DLL
C:\WINNT\SYSTEM32\PUVAZEPO.DLL
C:\WINNT\SYSTEM32\PUVIZUGU.DLL
C:\WINNT\SYSTEM32\RARATISA.DLL
C:\WINNT\SYSTEM32\RIDUPABI.DLL
C:\WINNT\SYSTEM32\ROZUMEDE.DLL
C:\WINNT\SYSTEM32\SIDEWATU.DLL
C:\WINNT\SYSTEM32\TIMIJAPU.DLL
C:\WINNT\SYSTEM32\TOSEDAWI.DLL
C:\WINNT\SYSTEM32\TUGIKOZI.DLL
C:\WINNT\SYSTEM32\VATANAHI.DLL
C:\WINNT\SYSTEM32\VODANIRO.DLL
C:\WINNT\SYSTEM32\VOJELEGI.DLL
C:\WINNT\SYSTEM32\VUGISOZI.DLL
C:\WINNT\SYSTEM32\YAMOSUTI.DLL
C:\WINNT\SYSTEM32\YENAFUTE.DLL
C:\WINNT\SYSTEM32\YOLIPAZE.DLL
C:\WINNT\SYSTEM32\YONIJUWE.DLL
C:\WINNT\SYSTEM32\YUSAPONI.DLL
C:\WINNT\SYSTEM32\ZAYEZERU.DLL
C:\WINNT\SYSTEM32\ZOMUMUZO.DLL

Adware.Vundo/Variant-Horo
C:\WINNT\SYSTEM32\WIDUNEBU.DLL
C:\WINNT\SYSTEM32\WIDUNEBU.DLL
C:\WINNT\SYSTEM32\BUZAGUYI.DLL
C:\WINNT\SYSTEM32\FIDOGILE.DLL
C:\WINNT\SYSTEM32\GOSUFIDO.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@countrywomanmagazine[1].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpress[1].txt
C:\Documents and Settings\Owner\Cookies\owner@windowsmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@pro-market[1].txt
C:\Documents and Settings\Owner\Cookies\owner@aspencountry[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@S135985[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner\Cookies\owner@roiservice[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@tripod[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@S150700[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediatraffic[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tracking[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@coolsavings[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@S148884[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner\Cookies\owner@S119579[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@maxserving[2].txt
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@52262428[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@banner[2].txt
C:\Documents and Settings\Owner\Cookies\owner@nextag[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adinterax[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@74613876[2].txt
C:\Documents and Settings\Owner\Cookies\owner@belnk[2].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@partner2profit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@rightmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@countrystorecatalog[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@myroitracking[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@S151261[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@1069176872[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@1070254509[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt
C:\Documents and Settings\Owner\Cookies\owner@S147419[2].txt
C:\Documents and Settings\Owner\Cookies\owner@37457093[1].txt
C:\Documents and Settings\Owner\Cookies\owner@icityfind[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lucidmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@qnsr[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@teen[2].txt
C:\Documents and Settings\Owner\Cookies\owner@S137349[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@blizzardtracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ileadztracker[2].txt
C:\Documents and Settings\Owner\Cookies\owner@indexstats[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@a[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightexpressai[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightbb[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@starware[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@hotels-and-discounts[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@S130376[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificmedia[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@insightfirst[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@rd[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@92074166[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@clicksor[2].txt
C:\Documents and Settings\Owner\Cookies\owner@S149247[2].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@ak[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@find-premium-domains[1].txt

Rogue.AntiVirusPlus
C:\Documents and Settings\All Users\Start Menu\Programs\ANTIVIRUS PLUS\AntiVirus Plus.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ANTIVIRUS PLUS\EULA.url
C:\Documents and Settings\All Users\Start Menu\Programs\ANTIVIRUS PLUS
C:\Documents and Settings\Owner\Start Menu\Programs\ANTIVIRUS PLUS\AntiVirus Plus.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\ANTIVIRUS PLUS\EULA.url
C:\Documents and Settings\Owner\Start Menu\Programs\ANTIVIRUS PLUS
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Plus.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ANTIVIRUS PLUS.LNK
C:\Documents and Settings\Owner\Desktop\ANTIVIRUS PLUS.LNK
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ANTIVIRUS PLUS.LNK

Rogue.Agent/Gen
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#60829631
C:\Documents and Settings\All Users\Application Data\60829631
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\60829631\60829631.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SECURITY TOOL.LNK
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\SECURITY TOOL.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1671\A0043778.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1671\A0043779.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1684\A0044782.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1684\A0044783.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1686\A0045779.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1686\A0045780.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0045881.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0045882.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0045900.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0045904.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0045921.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0045924.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0047029.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1696\A0047027.LNK

Rogue.SystemTuner
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SYSTEMTUNER_SETUP(2).EXE
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SYSTEMTUNER_SETUP.EXE

Application.PowerReg Scheduler
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

Adware.Vundo/Variant-QHeader
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1684\A0044773.DLL
C:\WINNT\SYSTEM32\BONINIPU.DLL
C:\WINNT\SYSTEM32\DUHIFIHO.DLL
C:\WINNT\SYSTEM32\KINAWETI.DLL
C:\WINNT\SYSTEM32\SOFEZIPA.DLL
C:\WINNT\SYSTEM32\YIRUNONU.DLL

Trojan.Dropper/Gen-NV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1684\A0044774.DLL

Adware.Vundo/Variant-Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1684\A0044775.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1684\A0044776.DLL
C:\WINNT\SYSTEM32\BOJITOPI.DLL
C:\WINNT\SYSTEM32\YOBOKUSA.DLL

Adware.Vundo/Variant
C:\WINNT\SYSTEM32\BEWIHAFE.DLL
C:\WINNT\SYSTEM32\BUTILEVE.DLL
C:\WINNT\SYSTEM32\DULUYUTI.DLL
C:\WINNT\SYSTEM32\DUYAGAWE.DLL
C:\WINNT\SYSTEM32\FOYEJIPE.DLL
C:\WINNT\SYSTEM32\NEBIGEKU.DLL
C:\WINNT\SYSTEM32\RADAROTI.DLL
C:\WINNT\SYSTEM32\SUWUBEPI.DLL
C:\WINNT\SYSTEM32\YISILOBI.DLL
C:\WINNT\SYSTEM32\YOFIYUYA.DLL
C:\WINNT\SYSTEM32\YUKUFEPO.DLL

Adware.Vundo/Variant-QRod
C:\WINNT\SYSTEM32\BUSOSELI.DLL
C:\WINNT\SYSTEM32\NAYAKITE.DLL

Adware.Vundo/Variant-Vx
C:\WINNT\SYSTEM32\FOTIYUDE.DLL
C:\WINNT\SYSTEM32\VAJUTUHI.DLL
C:\WINNT\SYSTEM32\WOZUPONO.DLL

Adware.Vundo/Variant-HRH
C:\WINNT\SYSTEM32\GOVOVIYA.DLL
C:\WINNT\SYSTEM32\HUHIBIMI.DLL
C:\WINNT\SYSTEM32\RIKEKOHU.DLL
C:\WINNT\SYSTEM32\WUZUSESI.DLL

Adware.Vundo/Variant-BJ
C:\WINNT\SYSTEM32\HIMEJOFO.DLL
C:\WINNT\SYSTEM32\MOPOLORI.DLL
C:\WINNT\SYSTEM32\YIMEPEWO.DLL

Adware.Vundo/Variant-BigJunk
C:\WINNT\SYSTEM32\KUBITITA.DLL
C:\WINNT\SYSTEM32\KUMUTAJE.DLL
C:\WINNT\SYSTEM32\PAWUFUPI.DLL
C:\WINNT\SYSTEM32\TAJUZUFO.DLL
C:\WINNT\SYSTEM32\VEKOBIPU.DLL
C:\WINNT\SYSTEM32\WATAJUPU.DLL

Adware.Vundo Variant
C:\WINNT\SYSTEM32\POVUFUYU.DLL

Adware.Vundo/Variant-Diddle
C:\WINNT\SYSTEM32\SISONUJU.DLL
  • 0

Advertisements


#2
kbz1960

kbz1960

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
MB log
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 1 (Safe Mode)

11/13/2009 10:05:38 PM
mbam-log-2009-11-13 (22-05-38).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 156196
Time elapsed: 38 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINNT\system32\vayigowo.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{625f95b7-7847-430b-8771-568b52abdaaa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mibizuheh (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{625f95b7-7847-430b-8771-568b52abdaaa} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\jujitubej (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\movuvupehu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\winnt\system32\vayigowo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vayigowo.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINNT\system32\vayigowo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Owner\Desktop\setup(2).exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\setup(3).exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\setup(4).exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\setup.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047228.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047229.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047230.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047231.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047232.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047233.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047234.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047235.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047236.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047237.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047238.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP1697\A0047239.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
C:\WINNT\system32\fuwoduke.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


MB again
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 1 (Safe Mode)

11/13/2009 10:10:36 PM
mbam-log-2009-11-13 (22-10-36).txt

Scan type: Full Scan (E:\|)
Objects scanned: 88849
Time elapsed: 1 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mibizuheh (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
kbz1960

kbz1960

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Avast boot log, either moved to chest or deleted.
11/13/2009 11:54:42 PM 1258178082 Owner 1272 Sign of "Win32:Malware-gen" has been found in "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367200.dll" file.
11/13/2009 11:56:45 PM 1258178205 Owner 1272 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINNT\System32\hufejenu.exe" file.
11/13/2009 11:57:38 PM 1258178258 Owner 1272 Sign of "Win32:FraudLoad-UR [Trj]" has been found in "C:\WINNT\System32\nomedili.dll" file.
11/13/2009 11:57:45 PM 1258178265 Owner 1272 Sign of "Win32:MalOb-AC [Trj]" has been found in "C:\WINNT\System32\nozefovo.dll.tmp" file.
11/13/2009 11:58:18 PM 1258178298 Owner 1272 Sign of "Win32:MalOb-AC [Trj]" has been found in "C:\WINNT\System32\juyiliko.dll.tmp" file.
11/13/2009 11:58:27 PM 1258178307 Owner 1272 Sign of "Win32:FakeAlert-EF [Trj]" has been found in "C:\WINNT\System32\buvarawe.exe" file.
11/13/2009 11:58:53 PM 1258178333 Owner 1272 Sign of "Win32:MalOb-AC [Trj]" has been found in "C:\WINNT\System32\yerefuhi.dll.tmp" file.

MB agian
Malwarebytes' Anti-Malware 1.41
Database version: 3168
Windows 5.1.2600 Service Pack 1

11/14/2009 12:00:49 AM
mbam-log-2009-11-14 (00-00-49).txt

Scan type: Quick Scan
Objects scanned: 103659
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINNT\System32\hufejenu.exe (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
C:\WINNT\system32\puzedosa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\gakikedo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\lozipapu.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\mamakale.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\nomedili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\System32\nozefovo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\vidiyuto.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\potideti.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\nuzevuzi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\jutovofa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\juyiliko.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\tosihewi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\badaguko.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\buvarawe.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\WINNT\system32\kufejiko.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\wudumupa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\system32\pekimevo.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINNT\System32\yerefuhi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\wavikegi.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

After updating windows
MB, SAS and Avast ran again and nothing.

RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/14 10:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINNT\System32\Drivers\dump_atapi.sys
Address: 0xEDA40000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINNT\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7D4D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINNT\system32\drivers\rootrepeal.sys
Address: 0xECD37000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda606b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda60574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda60a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6014c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda600f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda6072e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINNT\System32\Drivers\aswSP.SYS" at address 0xeda608ae

==EOF==

OTL
OTL Extras logfile created on: 11/14/2009 10:21:13 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop\geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 251.22 Mb Available Physical Memory | 50.78% Memory free
1.85 Gb Paging File | 1.63 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 94.41 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULSCOMPUTER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{04A33452-E805-4D71-B531-5718C2620AF7}" = TEENAGE MUTANT NINJA TURTLES™ 2 - BATTLE NEXUS™
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{5AC85A62-CA20-4F94-AB4F-737CC4B9F15A}" = Madagascar Island Mania
"{645525C7-7E45-4B4D-B750-43FAF4E258C7}" = HyperLoad - Bowling
"{6E7F1130-F68A-46A1-96ED-5BFE51A3A605}" = Backyard Baseball 2005
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{ABEB838C-A1A7-4C5D-B7E1-8B4314B00527}" = MSN Messenger 5.0
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D2353A80-C650-4B5E-BA05-E5828730E623}" = Shrek 2 Activity Center
"{D524BF60-805E-4802-8B6E-09DB443C0377}" = Spider-Man 2 Activity Center
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E5B26C1E-4751-4F03-BC18-634F41F31EC6}" = DoMore
"{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}" = Gateway Ink Monitor
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"3DGroove" = 3D Groove Playback Engine
"4AF3F682-FE2A-488D-A11C-A0470A325E93" = Blasterball 2 from Gateway (remove only)
"5A137FCB-35EA-4849-8239-AFEBD2F45B3B" = Otto from Gateway (remove only)
"618CD711-AFB3-4EB4-9B48-ABD2AB370B21" = Slyder from Gateway (remove only)
"70216ACD-1547-44E5-8966-615BE9569EAD" = Blackhawk Striker from Gateway (remove only)
"97D31CB6-F2B5-4875-B6B0-8AF75AC414DB" = Five Card Frenzy from Gateway (remove only)
"A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24" = Overball from Gateway (remove only)
"AA4162B8-1BB1-4110-8F93-0092D4DEF122" = Bounce Symphony from Gateway (remove only)
"Activision_SP3UninstallKey" = Skateboard Park Tycoon 2004
"ADFCE1E4-A420-437C-998D-EAF04E3601BE" = Excavation from Gateway (remove only)
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"America Online us" = America Online (Choose which version to remove)
"AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
"avast!" = avast! Antivirus
"BECB8A74-E07D-44A1-813D-1E390EB3047B" = Orbital from Gateway (remove only)
"Bowl-Ed Over" = Bowl-Ed Over
"Buggin' Out" = Buggin' Out (remove only)
"C4D2212B-5331-470D-9BF7-96DB25A398C7" = Polar Bowler from Gateway (remove only)
"Calling all Titans!" = Calling all Titans! (remove only)
"Cartoon Cove" = Cartoon Cove
"CCleaner" = CCleaner
"Desktop Weather by The Weather Channel" = Desktop Weather by The Weather Channel
"Dinosaur" = Disney's Dinosaur
"Downhill Derby" = Downhill Derby
"Ellsworth Publishing Co. (EPC) - Keyboard Mastery" = Ellsworth Publishing Co. (EPC) - Keyboard Mastery
"Emperors New Groove" = Emperors New Groove
"ERUNT_is1" = ERUNT 1.1j
"Fast And Flurrious" = Fast And Flurrious
"Freaky Freezeday" = Freaky Freezeday (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{04A33452-E805-4D71-B531-5718C2620AF7}" = TEENAGE MUTANT NINJA TURTLES™ 2 - BATTLE NEXUS™
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Intel® 537EP Data Fax Modem" = Intel® 537EP Data Fax Modem
"Kids Next Door" = Kids Next Door
"Lexmark 3100 Series" = Lexmark 3100 Series
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSNMS" = MSN Internet Software
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Ahead Nero BurnRights
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phonics 4 Kids" = Phonics 4 Kids
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"PROSet" = Intel® PRO Network Adapters and Drivers
"PX: {20BBF229-A337-40AD-9FEB-2C98CDA53D1C}" = Gateway Rhapsody
"QIC UnInstall" = Insight Broadband QIC Service Activator
"QuickTime" = QuickTime
"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"rr2gw32.exe" = Reader Rabbit's 2nd Grade
"Shark Tale 1" = Shark Tale 1 Screen Saver
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"SLAMRMO" = Smart Link 56K Modem
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sweets Ahoy" = Sweets Ahoy (remove only)
"Tarzan Action Game" = Tarzan Action Game
"Top 30 Games 4 Kids" = Top 30 Games 4 Kids
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"Works2004Setup" = Microsoft Works 2004 Setup Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2009 9:58:22 PM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/13/2009 9:58:22 PM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/13/2009 11:04:01 PM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/13/2009 11:04:01 PM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/14/2009 12:06:42 AM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/14/2009 12:06:42 AM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/14/2009 12:15:37 AM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/14/2009 12:15:37 AM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/14/2009 12:35:17 AM | Computer Name = PAULSCOMPUTER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/14/2009 12:35:17 AM | Computer Name = PAULSCOMPUTER | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 11/14/2009 12:35:48 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/14/2009 12:36:19 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/14/2009 1:52:29 AM | Computer Name = PAULSCOMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 98.220.91.48 for the Network Card with network
address 000CF1AE2A9F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 11/14/2009 3:39:15 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/14/2009 3:39:17 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/14/2009 3:39:18 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/14/2009 4:03:21 AM | Computer Name = PAULSCOMPUTER | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Cumulative Security Update for Internet Explorer 6 for Windows
XP (KB974455).

Error - 11/14/2009 5:01:11 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/14/2009 5:01:19 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/14/2009 10:20:04 AM | Computer Name = PAULSCOMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


OTL logfile created on: 11/14/2009 10:21:13 AM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Owner\Desktop\geeks
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

494.73 Mb Total Physical Memory | 251.22 Mb Available Physical Memory | 50.78% Memory free
1.85 Gb Paging File | 1.63 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 1488 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 94.41 Gb Free Space | 84.46% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAULSCOMPUTER
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/14 08:53:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\geeks\OTL.exe
PRC - [2009/11/14 01:37:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/14 01:37:40 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/09/08 09:21:05 | 00,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 09:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXBCES.EXE
PRC - [2003/08/29 07:50:24 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXPPS.EXE
PRC - [2003/08/06 15:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2003/07/10 03:13:16 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\hkcmd.exe
PRC - [2003/01/10 16:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/14 08:53:38 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\geeks\OTL.exe
MOD - [2008/04/14 05:42:52 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 05:41:54 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/14 01:37:40 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/09/08 09:19:23 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINNT\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/08/06 15:58:26 | 01,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2003/03/03 12:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/10 16:13:04 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe -- (WANMiniportService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/14 01:37:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/14 02:34:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/14 00:53:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/14 01:37:59 | 00,000,000 | ---D | M]

[2009/03/12 17:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/03/12 17:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/14 08:46:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lg9pbrm.default\extensions
[2009/11/14 02:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0lg9pbrm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/14 08:46:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/30 16:47:28 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/14 01:38:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/14 00:52:57 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/14 00:52:57 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/08/05 12:02:00 | 00,142,848 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npcpbrk7.dll
[2009/11/14 01:37:40 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2005/12/09 16:48:32 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2009/11/14 00:53:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/11/09 15:20:40 | 02,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2007/01/05 09:31:49 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/11/14 00:53:04 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/14 00:53:04 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/14 00:53:04 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/14 00:53:04 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/14 00:53:04 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/14 00:53:04 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/14 00:53:04 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 10 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.raarmls.c...ptX/ScriptX.cab (MeadCo ScriptX)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1161295977734 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX28.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....23/cpbrkpie.cab (cpbrkpie Control)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.to...5.44/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (reziveyo.dll) - File not found
O20 - AppInit_DLLs: (c:\winnt\system32\norupeze.dll) - C:\WINNT\System32\norupeze.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2003/10/06 13:13:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINNT\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/11/14 08:56:55 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/11/14 08:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/14 08:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\geeks
[2009/11/14 08:26:33 | 00,160,272 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/11/14 02:57:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/11/14 02:47:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/14 02:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/11/14 02:35:23 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/14 02:21:00 | 00,000,000 | ---D | C] -- C:\WINNT\System32\XPSViewer
[2009/11/14 02:20:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/14 02:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/14 02:20:01 | 00,000,000 | ---D | C] -- C:\b4c5493a4f8b6f08047020c338
[2009/11/14 02:02:40 | 00,000,000 | ---D | C] -- C:\WINNT\ie7updates
[2009/11/14 02:01:59 | 00,000,000 | ---D | C] -- C:\WINNT\WBEM
[2009/11/14 02:00:50 | 00,000,000 | -H-D | C] -- C:\WINNT\ie7
[2009/11/14 02:00:39 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$
[2009/11/14 02:00:20 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$
[2009/11/14 01:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[2009/11/14 01:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/14 01:45:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/14 01:33:57 | 00,000,000 | ---D | C] -- C:\WINNT\Prefetch
[2009/11/14 01:28:19 | 00,000,000 | ---D | C] -- C:\WINNT\provisioning
[2009/11/14 01:28:19 | 00,000,000 | ---D | C] -- C:\WINNT\System32\en-us
[2009/11/14 01:28:18 | 00,000,000 | ---D | C] -- C:\WINNT\System32\scripting
[2009/11/14 01:28:16 | 00,000,000 | ---D | C] -- C:\WINNT\l2schemas
[2009/11/14 01:28:15 | 00,000,000 | ---D | C] -- C:\WINNT\peernet
[2009/11/14 01:28:15 | 00,000,000 | ---D | C] -- C:\WINNT\System32\en
[2009/11/14 01:25:23 | 00,000,000 | ---D | C] -- C:\WINNT\ServicePackFiles
[2009/11/14 01:23:18 | 00,000,000 | ---D | C] -- C:\WINNT\network diagnostic
[2009/11/14 01:17:37 | 00,000,000 | -H-D | C] -- C:\WINNT\$NtServicePackUninstall$
[2009/11/14 01:17:34 | 00,000,000 | ---D | C] -- C:\WINNT\EHome
[2009/11/14 01:00:57 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/11/14 00:59:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/11/13 23:48:51 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINNT\System32\dllcache\xrxwbtmp.dll
[2009/11/13 23:48:50 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\xlog.exe
[2009/11/13 23:48:50 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINNT\System32\dllcache\xem336n5.sys
[2009/11/13 23:48:40 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\wlluc48.sys
[2009/11/13 23:48:40 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINNT\System32\dllcache\wlandrv2.sys
[2009/11/13 23:48:36 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINNT\System32\dllcache\winacisa.sys
[2009/11/13 23:48:32 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINNT\System32\dllcache\wbfirdma.sys
[2009/11/13 23:48:28 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w840nd.sys
[2009/11/13 23:48:28 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w926nd.sys
[2009/11/13 23:48:28 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINNT\System32\dllcache\w940nd.sys
[2009/11/13 23:48:27 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vvoice.sys
[2009/11/13 23:48:26 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\vmodem.sys
[2009/11/13 23:48:26 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\vpctcom.sys
[2009/11/13 23:48:25 | 00,249,402 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\vinwm.sys
[2009/11/13 23:48:23 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usrti.sys
[2009/11/13 23:48:21 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1801.sys
[2009/11/13 23:48:21 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806v.sys
[2009/11/13 23:48:21 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINNT\System32\dllcache\usr1806.sys
[2009/11/13 23:48:18 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINNT\System32\dllcache\usb101et.sys
[2009/11/13 23:48:16 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINNT\System32\dllcache\umaxscan.dll
[2009/11/13 23:48:15 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um34scan.dll
[2009/11/13 23:48:15 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINNT\System32\dllcache\um54scan.dll
[2009/11/13 23:48:13 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxp.dll
[2009/11/13 23:48:13 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridxpm.sys
[2009/11/13 23:48:13 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkbm.sys
[2009/11/13 23:48:12 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tridkb.dll
[2009/11/13 23:48:12 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3d.dll
[2009/11/13 23:48:12 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\trid3dm.sys
[2009/11/13 23:48:09 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINNT\System32\dllcache\tjisdn.sys
[2009/11/13 23:48:08 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiulnt5.sys
[2009/11/13 23:48:08 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\tgiul50.dll
[2009/11/13 23:48:07 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdkcd31.sys
[2009/11/13 23:48:06 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINNT\System32\dllcache\tdk100b.sys
[2009/11/13 23:48:04 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINNT\System32\dllcache\t2r4disp.dll
[2009/11/13 23:48:04 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\t2r4mini.sys
[2009/11/13 23:48:00 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnprop.dll
[2009/11/13 23:48:00 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlncoin.dll
[2009/11/13 23:47:59 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINNT\System32\dllcache\stlnata.sys
[2009/11/13 23:47:59 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\stcusb.sys
[2009/11/13 23:47:57 | 00,048,736 | ---- | C] (3Com) -- C:\WINNT\System32\dllcache\srwlnd5.sys
[2009/11/13 23:47:53 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINNT\System32\dllcache\sparrow.sys
[2009/11/13 23:47:45 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smiminib.sys
[2009/11/13 23:47:44 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINNT\System32\dllcache\smidispb.dll
[2009/11/13 23:47:44 | 00,035,913 | ---- | C] (SMC) -- C:\WINNT\System32\dllcache\smcirda.sys
[2009/11/13 23:47:44 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smcpwr2n.sys
[2009/11/13 23:47:44 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINNT\System32\dllcache\smc8000n.sys
[2009/11/13 23:47:40 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINNT\System32\dllcache\sk98xwin.sys
[2009/11/13 23:47:40 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINNT\System32\dllcache\skfpwin.sys
[2009/11/13 23:47:40 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINNT\System32\dllcache\sla30nd5.sys
[2009/11/13 23:47:33 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmusb.sys
[2009/11/13 23:47:33 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiulnt5.sys
[2009/11/13 23:47:33 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINNT\System32\dllcache\sgsmld.sys
[2009/11/13 23:47:32 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINNT\System32\dllcache\sgiul50.dll
[2009/11/13 23:47:28 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINNT\System32\dllcache\scr111.sys
[2009/11/13 23:47:27 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmusbm.sys
[2009/11/13 23:47:26 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\sccmn50m.sys
[2009/11/13 23:47:24 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4.dll
[2009/11/13 23:47:24 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3d.dll
[2009/11/13 23:47:24 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav4m.sys
[2009/11/13 23:47:24 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3sav3dm.sys
[2009/11/13 23:47:23 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mvirge.dll
[2009/11/13 23:47:23 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.dll
[2009/11/13 23:47:23 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mtrio.dll
[2009/11/13 23:47:23 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3mt3d.sys
[2009/11/13 23:47:22 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINNT\System32\dllcache\s3m.sys
[2009/11/13 23:47:22 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia450.dll
[2009/11/13 23:47:22 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINNT\System32\dllcache\rwia430.dll
[2009/11/13 23:47:20 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINNT\System32\dllcache\rtl8029.sys
[2009/11/13 23:47:18 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\rsmgrstr.dll
[2009/11/13 23:47:17 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINNT\System32\dllcache\rlnet5.sys
[2009/11/13 23:47:16 | 00,086,097 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\reslog32.dll
[2009/11/13 23:47:11 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdkxga.sys
[2009/11/13 23:47:11 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\r2mdmkxx.sys
[2009/11/13 23:47:05 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlv.sys
[2009/11/13 23:47:04 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserli.sys
[2009/11/13 23:47:04 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINNT\System32\dllcache\ptserlp.sys
[2009/11/13 23:47:03 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINNT\System32\dllcache\pscr.sys
[2009/11/13 23:46:55 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINNT\System32\dllcache\pcx500.sys
[2009/11/13 23:46:55 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINNT\System32\dllcache\pctspk.exe
[2009/11/13 23:46:55 | 00,026,153 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pcmlm56.sys
[2009/11/13 23:46:54 | 00,030,495 | ---- | C] (Linksys) -- C:\WINNT\System32\dllcache\pc100nds.sys
[2009/11/13 23:46:51 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\opl3sax.sys
[2009/11/13 23:46:51 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otcsercb.sys
[2009/11/13 23:46:51 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otceth5.sys
[2009/11/13 23:46:51 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINNT\System32\dllcache\otc06x5.sys
[2009/11/13 23:46:43 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINNT\System32\dllcache\ntgrip.sys
[2009/11/13 23:46:41 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm5a2wdm.sys
[2009/11/13 23:46:41 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\nm6wdm.sys
[2009/11/13 23:46:40 | 00,132,695 | ---- | C] (802.11b) -- C:\WINNT\System32\dllcache\netwlan5.sys
[2009/11/13 23:46:40 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINNT\System32\dllcache\ngrpci.sys
[2009/11/13 23:46:37 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.dll
[2009/11/13 23:46:37 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINNT\System32\dllcache\neo20xx.sys
[2009/11/13 23:46:35 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3disp.dll
[2009/11/13 23:46:35 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.dll
[2009/11/13 23:46:35 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128v2.sys
[2009/11/13 23:46:35 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i3d.sys
[2009/11/13 23:46:34 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.dll
[2009/11/13 23:46:34 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINNT\System32\dllcache\n9i128.sys
[2009/11/13 23:46:33 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxport.sys
[2009/11/13 23:46:33 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINNT\System32\dllcache\mxcard.sys
[2009/11/13 23:46:33 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxicfg.dll
[2009/11/13 23:46:33 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINNT\System32\dllcache\mxnic.sys
[2009/11/13 23:46:33 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINNT\System32\dllcache\mxport.dll
[2009/11/13 23:46:32 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINNT\System32\dllcache\mtxvideo.sys
[2009/11/13 23:46:09 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINNT\System32\dllcache\mraid35x.sys
[2009/11/13 23:46:01 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINNT\System32\dllcache\mdgndis5.sys
[2009/11/13 23:45:57 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINNT\System32\dllcache\ltsm.sys
[2009/11/13 23:45:57 | 00,797,500 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltsmt.sys
[2009/11/13 23:45:57 | 00,420,992 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntt.sys
[2009/11/13 23:45:56 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ltck000c.sys
[2009/11/13 23:45:56 | 00,576,746 | ---- | C] (LT) -- C:\WINNT\System32\dllcache\ltmdmntl.sys
[2009/11/13 23:45:53 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINNT\System32\dllcache\lne100tx.sys
[2009/11/13 23:45:53 | 00,025,065 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\lmndis3.sys
[2009/11/13 23:45:53 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINNT\System32\dllcache\lne100.sys
[2009/11/13 23:45:52 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINNT\System32\dllcache\lit220p.sys
[2009/11/13 23:45:51 | 00,026,442 | ---- | C] (SMSC) -- C:\WINNT\System32\dllcache\lanepic5.sys
[2009/11/13 23:45:51 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINNT\System32\dllcache\ktc111.sys
[2009/11/13 23:45:39 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINNT\System32\dllcache\irmk7.sys
[2009/11/13 23:45:35 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINNT\System32\dllcache\ip5515.sys
[2009/11/13 23:45:24 | 00,372,824 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\iconf32.dll
[2009/11/13 23:44:54 | 00,068,608 | ---- | C] (Avisioin) -- C:\WINNT\System32\dllcache\hpgt53tk.dll
[2009/11/13 23:44:53 | 00,126,976 | ---- | C] (Hewlett Packard) -- C:\WINNT\System32\dllcache\hpgt34tk.dll
[2009/11/13 23:44:44 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\grclass.sys
[2009/11/13 23:44:44 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINNT\System32\dllcache\gpr400.sys
[2009/11/13 23:44:42 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fxusbase.sys
[2009/11/13 23:44:35 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fus2base.sys
[2009/11/13 23:44:35 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fusbbase.sys
[2009/11/13 23:44:34 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpnpbase.sys
[2009/11/13 23:44:34 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcmbase.sys
[2009/11/13 23:44:33 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\fpcibase.sys
[2009/11/13 23:44:29 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINNT\System32\dllcache\fa410nd5.sys
[2009/11/13 23:44:28 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xi.sys
[2009/11/13 23:44:28 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINNT\System32\dllcache\f3ab18xj.sys
[2009/11/13 23:44:26 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esunib.dll
[2009/11/13 23:44:25 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuni.dll
[2009/11/13 23:44:25 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esucm.dll
[2009/11/13 23:44:25 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINNT\System32\dllcache\esuimg.dll
[2009/11/13 23:44:22 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINNT\System32\dllcache\es1969.sys
[2009/11/13 23:44:08 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINNT\System32\dllcache\ds1wdm.sys
[2009/11/13 23:44:05 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINNT\System32\dllcache\dp83820.sys
[2009/11/13 23:44:02 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINNT\System32\dllcache\dm9pci5.sys
[2009/11/13 23:44:02 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINNT\System32\dllcache\dlh5xnd5.sys
[2009/11/13 23:44:01 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diwan.sys
[2009/11/13 23:44:01 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\ditrace.exe
[2009/11/13 23:44:01 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvsu.dll
[2009/11/13 23:44:00 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvpp.dll
[2009/11/13 23:44:00 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\disrvci.dll
[2009/11/13 23:43:59 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\dimaint.sys
[2009/11/13 23:43:55 | 00,024,649 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650d.sys
[2009/11/13 23:43:55 | 00,024,648 | ---- | C] (D-Link) -- C:\WINNT\System32\dllcache\dfe650.sys
[2009/11/13 23:43:53 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINNT\System32\dllcache\defpa.sys
[2009/11/13 23:43:47 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcwdm.sys
[2009/11/13 23:43:46 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcspud.sys
[2009/11/13 23:43:46 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbwdm.sys
[2009/11/13 23:43:46 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwcosnt5.sys
[2009/11/13 23:43:46 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbmidi.sys
[2009/11/13 23:43:46 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINNT\System32\dllcache\cwbase.sys
[2009/11/13 23:43:44 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINNT\System32\dllcache\cpscan.dll
[2009/11/13 23:43:43 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINNT\System32\dllcache\cpqtrnd5.sys
[2009/11/13 23:43:38 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINNT\System32\dllcache\cmbp0wdm.sys
[2009/11/13 23:43:32 | 00,980,034 | ---- | C] (Xircom) -- C:\WINNT\System32\dllcache\cicap.sys
[2009/11/13 23:43:24 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem56n5.sys
[2009/11/13 23:43:24 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem33n5.sys
[2009/11/13 23:43:24 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cem28n5.sys
[2009/11/13 23:43:23 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce3n5.sys
[2009/11/13 23:43:23 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\ce2n5.sys
[2009/11/13 23:43:22 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cbmdmkxx.sys
[2009/11/13 23:43:21 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINNT\System32\dllcache\cben5.sys
[2009/11/13 23:43:21 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINNT\System32\dllcache\cb325.sys
[2009/11/13 23:43:21 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINNT\System32\dllcache\cb102.sys
[2009/11/13 23:43:20 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINNT\System32\dllcache\diapi2.sys
[2009/11/13 23:43:20 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINNT\System32\dllcache\diapi2NT.dll
[2009/11/13 23:43:14 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brserwdm.sys
[2009/11/13 23:43:14 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINNT\System32\dllcache\brzwlan.sys
[2009/11/13 23:43:14 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbmdm.sys
[2009/11/13 23:43:14 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brusbscn.sys
[2009/11/13 23:43:14 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brserif.dll
[2009/11/13 23:43:14 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINNT\System32\dllcache\brscnrsm.dll
[2009/11/13 23:43:13 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfusb.dll
[2009/11/13 23:43:13 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparwdm.sys
[2009/11/13 23:43:13 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brparimg.sys
[2009/11/13 23:43:12 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfrsmg.exe
[2009/11/13 23:43:12 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmflpt.dll
[2009/11/13 23:43:12 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brmfbidi.dll
[2009/11/13 23:43:12 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltlo.sys
[2009/11/13 23:43:12 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brfiltup.sys
[2009/11/13 23:43:11 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brbidiif.dll
[2009/11/13 23:43:11 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINNT\System32\dllcache\brevif.dll
[2009/11/13 23:43:11 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brcoinst.dll
[2009/11/13 23:43:11 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINNT\System32\dllcache\brfilt.sys
[2009/11/13 23:43:10 | 00,871,388 | ---- | C] (BCM) -- C:\WINNT\System32\dllcache\bcmdm.sys
[2009/11/13 23:43:09 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.sys
[2009/11/13 23:43:08 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\banshee.dll
[2009/11/13 23:43:08 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\b1cbase.sys
[2009/11/13 23:43:08 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmwan.sys
[2009/11/13 23:43:08 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINNT\System32\dllcache\aztw2320.sys
[2009/11/13 23:43:07 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmenum.dll
[2009/11/13 23:43:07 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINNT\System32\dllcache\avmcoxp.dll
[2009/11/13 23:42:56 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINNT\System32\dllcache\ati.sys
[2009/11/13 23:42:55 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINNT\System32\dllcache\aspndis3.sys
[2009/11/13 23:42:53 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINNT\System32\dllcache\amb8002.sys
[2009/11/13 23:42:48 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8830.sys
[2009/11/13 23:42:48 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8810.sys
[2009/11/13 23:42:48 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\adm8820.sys
[2009/11/13 23:42:48 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINNT\System32\dllcache\adptsf50.sys
[2009/11/13 23:42:48 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINNT\System32\dllcache\admjoy.sys
[2009/11/13 23:42:47 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINNT\System32\dllcache\adm8511.sys
[2009/11/13 23:42:46 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINNT\System32\dllcache\ac97sis.sys
[2009/11/13 23:42:46 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINNT\System32\dllcache\acerscad.dll
[2009/11/13 23:42:45 | 00,184,320 | ---- | C] (Sierra Wireless Inc.) -- C:\WINNT\System32\dllcache\ac300nd5.sys
[2009/11/13 23:42:44 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINNT\System32\dllcache\3cwmcru.sys
[2009/11/13 23:42:44 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvs.dll
[2009/11/13 23:42:44 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINNT\System32\dllcache\3dfxvsm.sys
[2009/11/13 22:40:00 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2009/11/13 22:39:59 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2009/11/13 22:39:59 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2009/11/13 22:39:58 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\AvastSS.scr
[2009/11/13 22:39:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2009/11/13 22:39:57 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2009/11/13 22:39:57 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2009/11/13 22:39:41 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINNT\System32\aswBoot.exe
[2009/11/13 22:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/13 22:13:48 | 00,000,000 | ---D | C] -- C:\WINNT\pss
[2009/11/13 19:55:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/13 19:55:15 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/13 19:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/11/13 19:54:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/13 19:52:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/13 19:47:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2009/11/13 19:47:09 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2009/11/13 19:47:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 19:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/13 19:46:02 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/12 00:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AntiVirus Plus
[2009/10/31 12:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/31 12:12:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NOS
[2005/12/09 16:48:37 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2004/02/15 13:09:35 | 00,155,648 | ---- | C] ( ) -- C:\WINNT\System32\flashshl.dll
[2003/10/16 09:58:42 | 00,014,976 | ---- | C] ( ) -- C:\WINNT\System32\drivers\winddx.sys

========== Files - Modified Within 14 Days ==========

[2009/11/14 10:13:41 | 02,883,584 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/14 10:13:22 | 00,000,452 | ---- | M] () -- C:\WINNT\tasks\QIC Messenger Bkup.job
[2009/11/14 10:13:19 | 00,000,286 | ---- | M] () -- C:\WINNT\tasks\apxhnjwz.job
[2009/11/14 10:13:19 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/11/14 10:13:10 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/11/14 10:12:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/14 08:55:48 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 08:55:48 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/14 08:54:32 | 00,057,256 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/14 08:48:25 | 00,001,463 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2009/11/14 08:26:32 | 00,160,272 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/11/14 02:50:01 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/14 02:47:26 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2009/11/14 02:41:59 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/11/14 02:37:05 | 00,501,054 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/11/14 02:37:05 | 00,441,124 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/11/14 02:37:05 | 00,071,060 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/11/14 02:29:10 | 00,224,024 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/11/14 01:35:39 | 00,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
[2009/11/14 01:30:08 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/11/14 01:22:56 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/14 01:22:56 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/11/14 00:46:54 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to CCleaner.lnk
[2009/11/13 22:40:00 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/13 22:39:57 | 00,002,626 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2009/11/13 22:36:55 | 00,000,452 | ---- | M] () -- C:\WINNT\tasks\QIC Messenger Periodic.job
[2009/11/13 21:25:59 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 21:02:56 | 00,011,168 | -H-- | M] () -- C:\WINNT\System32\wonotudi
[2009/11/13 19:57:09 | 00,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2009/11/13 19:57:09 | 00,001,409 | ---- | M] () -- C:\WINNT\QTFont.for
[2009/11/13 19:55:23 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/13 19:49:40 | 00,004,286 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\avp.ico
[2009/11/13 19:49:33 | 00,000,023 | ---- | M] () -- C:\WINNT\FLASHKSK.INI
[2009/11/13 07:05:26 | 00,003,205 | ---- | M] () -- C:\WINNT\LXBRCAH.ini
[2009/11/12 18:40:22 | 00,000,416 | ---- | M] () -- C:\WINNT\tasks\QIC Autoupdate.job
[2009/11/10 18:18:45 | 00,000,470 | ---- | M] () -- C:\WINNT\lexstat.ini
[2009/11/06 18:16:48 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/11/04 23:28:37 | 00,268,546 | ---- | M] () -- C:\VETlog.dmp
[2009/10/31 12:14:02 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk

========== Files Created - No Company Name ==========

[2009/11/14 08:55:48 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/11/14 08:55:48 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/14 08:48:18 | 00,001,463 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2009/11/14 02:50:01 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/11/14 02:47:26 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2009/11/14 02:32:28 | 01,089,593 | ---- | C] () -- C:\WINNT\System32\dllcache\ntprint.cat
[2009/11/14 01:44:18 | 01,203,922 | ---- | C] () -- C:\WINNT\System32\dllcache\sysmain.sdb
[2009/11/14 01:28:43 | 00,010,457 | ---- | C] () -- C:\WINNT\System32\dllcache\wmptour.hta
[2009/11/14 01:28:43 | 00,001,771 | ---- | C] () -- C:\WINNT\System32\dllcache\wmptour.css
[2009/11/14 01:28:43 | 00,000,855 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpocm.inf
[2009/11/14 01:28:43 | 00,000,420 | ---- | C] () -- C:\WINNT\System32\dllcache\wmploc.js
[2009/11/14 01:28:42 | 00,613,334 | ---- | C] () -- C:\WINNT\System32\dllcache\wmplayer.chm
[2009/11/14 01:28:42 | 00,354,468 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud1.wav
[2009/11/14 01:28:42 | 00,343,204 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud7.wav
[2009/11/14 01:28:42 | 00,343,204 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud6.wav
[2009/11/14 01:28:42 | 00,172,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud9.wav
[2009/11/14 01:28:42 | 00,172,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud8.wav
[2009/11/14 01:28:42 | 00,172,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud3.wav
[2009/11/14 01:28:42 | 00,086,196 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud5.wav
[2009/11/14 01:28:42 | 00,086,180 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud4.wav
[2009/11/14 01:28:42 | 00,086,180 | ---- | C] () -- C:\WINNT\System32\dllcache\wmpaud2.wav
[2009/11/14 01:28:42 | 00,067,374 | ---- | C] () -- C:\WINNT\System32\dllcache\wmplayer.adm
[2009/11/14 01:28:42 | 00,029,070 | ---- | C] () -- C:\WINNT\System32\dllcache\wmp.inf
[2009/11/14 01:28:42 | 00,023,195 | ---- | C] () -- C:\WINNT\System32\dllcache\wmplay.chm
[2009/11/14 01:28:41 | 00,017,272 | ---- | C] () -- C:\WINNT\System32\dllcache\wmdm.inf
[2009/11/14 01:28:41 | 00,008,677 | ---- | C] () -- C:\WINNT\System32\dllcache\wm7.gif
[2009/11/14 01:28:41 | 00,007,892 | ---- | C] () -- C:\WINNT\System32\dllcache\wm9.gif
[2009/11/14 01:28:41 | 00,007,636 | ---- | C] () -- C:\WINNT\System32\dllcache\wm2.gif
[2009/11/14 01:28:41 | 00,007,369 | ---- | C] () -- C:\WINNT\System32\dllcache\wm4.gif
[2009/11/14 01:28:41 | 00,006,769 | ---- | C] () -- C:\WINNT\System32\dllcache\wmfsdk.inf
[2009/11/14 01:28:41 | 00,006,241 | ---- | C] () -- C:\WINNT\System32\dllcache\wm3.gif
[2009/11/14 01:28:41 | 00,006,060 | ---- | C] () -- C:\WINNT\System32\dllcache\wm6.gif
[2009/11/14 01:28:41 | 00,004,193 | ---- | C] () -- C:\WINNT\System32\dllcache\wm8.gif
[2009/11/14 01:28:41 | 00,002,477 | ---- | C] () -- C:\WINNT\System32\dllcache\wm5.gif
[2009/11/14 01:28:40 | 00,300,969 | ---- | C] () -- C:\WINNT\System32\dllcache\viz.wmv
[2009/11/14 01:28:40 | 00,023,829 | ---- | C] () -- C:\WINNT\System32\dllcache\tourbg.gif
[2009/11/14 01:28:40 | 00,017,489 | ---- | C] () -- C:\WINNT\System32\dllcache\videobg.gif
[2009/11/14 01:28:40 | 00,005,789 | ---- | C] () -- C:\WINNT\System32\dllcache\wm1.gif
[2009/11/14 01:28:40 | 00,005,290 | ---- | C] () -- C:\WINNT\System32\dllcache\vidsamp.gif
[2009/11/14 01:28:40 | 00,003,187 | ---- | C] () -- C:\WINNT\System32\dllcache\tour.js
[2009/11/14 01:28:40 | 00,002,469 | ---- | C] () -- C:\WINNT\System32\dllcache\tplay.gif
[2009/11/14 01:28:40 | 00,002,450 | ---- | C] () -- C:\WINNT\System32\dllcache\tpause.gif
[2009/11/14 01:28:40 | 00,002,375 | ---- | C] () -- C:\WINNT\System32\dllcache\tplayh.gif
[2009/11/14 01:28:40 | 00,002,371 | ---- | C] () -- C:\WINNT\System32\dllcache\tpauseh.gif
[2009/11/14 01:28:40 | 00,001,398 | ---- | C] () -- C:\WINNT\System32\dllcache\taon.gif
[2009/11/14 01:28:40 | 00,001,380 | ---- | C] () -- C:\WINNT\System32\dllcache\taonh.gif
[2009/11/14 01:28:40 | 00,001,380 | ---- | C] () -- C:\WINNT\System32\dllcache\taoff.gif
[2009/11/14 01:28:40 | 00,001,367 | ---- | C] () -- C:\WINNT\System32\dllcache\taoffh.gif
[2009/11/14 01:28:40 | 00,001,148 | ---- | C] () -- C:\WINNT\System32\dllcache\snd.htm
[2009/11/14 01:28:40 | 00,000,908 | ---- | C] () -- C:\WINNT\System32\dllcache\skins.inf
[2009/11/14 01:28:39 | 00,572,557 | ---- | C] () -- C:\WINNT\System32\dllcache\rtuner.wmv
[2009/11/14 01:28:39 | 00,375,519 | ---- | C] () -- C:\WINNT\System32\dllcache\nuskin.wmv
[2009/11/14 01:28:39 | 00,077,307 | ---- | C] () -- C:\WINNT\System32\dllcache\plyr_err.chm
[2009/11/14 01:28:39 | 00,066,725 | ---- | C] () -- C:\WINNT\System32\dllcache\revert.wmz
[2009/11/14 01:28:39 | 00,022,060 | ---- | C] () -- C:\WINNT\System32\dllcache\npds.zip
[2009/11/14 01:28:39 | 00,001,477 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst6.wpl
[2009/11/14 01:28:39 | 00,001,477 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst5.wpl
[2009/11/14 01:28:39 | 00,001,474 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst3.wpl
[2009/11/14 01:28:39 | 00,001,451 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst12.wpl
[2009/11/14 01:28:39 | 00,001,448 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst4.wpl
[2009/11/14 01:28:39 | 00,001,250 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst1.wpl
[2009/11/14 01:28:39 | 00,001,049 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst2.wpl
[2009/11/14 01:28:39 | 00,001,046 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst7.wpl
[2009/11/14 01:28:39 | 00,001,036 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst8.wpl
[2009/11/14 01:28:39 | 00,000,789 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst11.wpl
[2009/11/14 01:28:39 | 00,000,787 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst10.wpl
[2009/11/14 01:28:39 | 00,000,784 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst9.wpl
[2009/11/14 01:28:39 | 00,000,783 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst13.wpl
[2009/11/14 01:28:39 | 00,000,775 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst14.wpl
[2009/11/14 01:28:39 | 00,000,733 | ---- | C] () -- C:\WINNT\System32\dllcache\plylst15.wpl
[2009/11/14 01:28:39 | 00,000,403 | ---- | C] () -- C:\WINNT\System32\dllcache\npdrmv2.zip
[2009/11/14 01:28:38 | 00,457,607 | ---- | C] () -- C:\WINNT\System32\dllcache\mdlib.wmv
[2009/11/14 01:28:38 | 00,097,117 | ---- | C] () -- C:\WINNT\System32\dllcache\mplayer2.hlp
[2009/11/14 01:28:38 | 00,018,286 | ---- | C] () -- C:\WINNT\System32\dllcache\mplayer2.inf
[2009/11/14 01:28:38 | 00,002,778 | ---- | C] () -- C:\WINNT\System32\dllcache\mplogoh.gif
[2009/11/14 01:28:38 | 00,002,545 | ---- | C] () -- C:\WINNT\System32\dllcache\mplogo.gif
[2009/11/14 01:28:38 | 00,001,885 | ---- | C] () -- C:\WINNT\System32\dllcache\mplayer2.cnt
[2009/11/14 01:28:37 | 00,381,425 | ---- | C] () -- C:\WINNT\System32\dllcache\copycd.wmv
[2009/11/14 01:28:37 | 00,184,959 | ---- | C] () -- C:\WINNT\System32\dllcache\compact.wmz
[2009/11/14 01:28:37 | 00,009,585 | ---- | C] () -- C:\WINNT\System32\dllcache\controls.css
[2009/11/14 01:28:37 | 00,008,298 | ---- | C] () -- C:\WINNT\System32\dllcache\contents.htm
[2009/11/14 01:28:37 | 00,006,878 | ---- | C] () -- C:\WINNT\System32\dllcache\controls.js
[2009/11/14 01:28:37 | 00,005,971 | ---- | C] () -- C:\WINNT\System32\dllcache\events.js
[2009/11/14 01:28:37 | 00,000,999 | ---- | C] () -- C:\WINNT\System32\dllcache\bktrh.gif
[2009/11/14 01:28:37 | 00,000,773 | ---- | C] () -- C:\WINNT\System32\dllcache\cnth.gif
[2009/11/14 01:28:37 | 00,000,773 | ---- | C] () -- C:\WINNT\System32\dllcache\cnt.gif
[2009/11/14 01:28:37 | 00,000,772 | ---- | C] () -- C:\WINNT\System32\dllcache\cntd.gif
[2009/11/14 01:28:37 | 00,000,760 | ---- | C] () -- C:\WINNT\System32\dllcache\cloapph.gif
[2009/11/14 01:28:37 | 00,000,717 | ---- | C] () -- C:\WINNT\System32\dllcache\cloapp.gif
[2009/11/14 01:23:15 | 00,129,045 | ---- | C] () -- C:\WINNT\System32\drivers\cxthsfs2.cty
[2009/11/14 01:23:15 | 00,064,352 | ---- | C] () -- C:\WINNT\System32\drivers\ativmc20.cod
[2009/11/14 01:23:13 | 00,067,866 | ---- | C] () -- C:\WINNT\System32\drivers\netwlan5.img
[2009/11/14 00:46:54 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to CCleaner.lnk
[2009/11/13 23:48:51 | 00,027,648 | ---- | C] () -- C:\WINNT\System32\dllcache\xrxftplt.exe
[2009/11/13 23:46:59 | 00,175,104 | ---- | C] () -- C:\WINNT\System32\dllcache\pintlcsa.dll
[2009/11/13 23:45:50 | 01,158,818 | ---- | C] () -- C:\WINNT\System32\dllcache\korwbrkr.lex
[2009/11/13 23:45:32 | 00,059,392 | ---- | C] () -- C:\WINNT\System32\dllcache\imscinst.exe
[2009/11/13 23:45:27 | 00,134,339 | ---- | C] () -- C:\WINNT\System32\dllcache\imekr.lex
[2009/11/13 23:45:04 | 13,463,552 | ---- | C] () -- C:\WINNT\System32\dllcache\hwxjpn.dll
[2009/11/13 23:44:54 | 00,165,888 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt53.dll
[2009/11/13 23:44:53 | 00,101,376 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt34.dll
[2009/11/13 23:44:53 | 00,093,696 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt42.dll
[2009/11/13 23:44:53 | 00,089,088 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt33.dll
[2009/11/13 23:44:52 | 00,083,968 | ---- | C] () -- C:\WINNT\System32\dllcache\hpgt21.dll
[2009/11/13 23:44:48 | 00,108,827 | ---- | C] () -- C:\WINNT\System32\dllcache\hanja.lex
[2009/11/13 23:44:01 | 00,037,962 | ---- | C] () -- C:\WINNT\System32\dllcache\divaprop.dll
[2009/11/13 23:44:01 | 00,029,768 | ---- | C] () -- C:\WINNT\System32\dllcache\divasu.dll
[2009/11/13 23:44:01 | 00,006,216 | ---- | C] () -- C:\WINNT\System32\dllcache\divaci.dll
[2009/11/13 23:43:32 | 00,173,568 | ---- | C] () -- C:\WINNT\System32\dllcache\chtskf.dll
[2009/11/13 23:43:05 | 00,026,624 | ---- | C] () -- C:\WINNT\System32\dllcache\ativxbar.sys
[2009/11/13 23:43:05 | 00,023,552 | ---- | C] () -- C:\WINNT\System32\dllcache\atixbar.sys
[2009/11/13 23:43:05 | 00,019,456 | ---- | C] () -- C:\WINNT\System32\dllcache\ativttxx.sys
[2009/11/13 23:43:04 | 00,026,880 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtsnd.sys
[2009/11/13 23:43:04 | 00,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitvsnd.sys
[2009/11/13 23:43:04 | 00,017,152 | ---- | C] () -- C:\WINNT\System32\dllcache\atitunep.sys
[2009/11/13 23:43:04 | 00,009,472 | ---- | C] () -- C:\WINNT\System32\dllcache\ativmdcd.sys
[2009/11/13 23:43:03 | 00,049,920 | ---- | C] () -- C:\WINNT\System32\dllcache\atirtcap.sys
[2009/11/13 23:43:03 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\dllcache\atipcxxx.sys
[2009/11/13 23:42:59 | 00,046,464 | ---- | C] () -- C:\WINNT\System32\dllcache\atibt829.sys
[2009/11/13 22:40:00 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/11/13 22:39:41 | 00,380,928 | ---- | C] () -- C:\WINNT\System32\actskin4.ocx
[2009/11/13 19:55:23 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/13 19:47:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 07:02:56 | 00,000,286 | ---- | C] () -- C:\WINNT\tasks\apxhnjwz.job
[2009/11/12 00:12:12 | 00,004,286 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\avp.ico
[2009/11/05 00:43:44 | 00,054,156 | -H-- | C] () -- C:\WINNT\QTFont.qfn
[2009/11/05 00:43:44 | 00,001,409 | ---- | C] () -- C:\WINNT\QTFont.for
[2009/11/04 23:28:34 | 00,268,546 | ---- | C] () -- C:\VETlog.dmp
[2009/10/31 12:14:02 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2007/05/11 19:40:47 | 00,000,053 | ---- | C] () -- C:\WINNT\WININIT.INI
[2006/07/07 18:52:36 | 00,000,109 | ---- | C] () -- C:\WINNT\TLCAPPS.INI
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont
[2006/02/26 14:16:42 | 00,000,000 | ---- | C] () -- C:\WINNT\SETUP32.INI
[2006/01/21 16:51:47 | 00,000,544 | ---- | C] () -- C:\WINNT\Madagascar.INI
[2005/08/20 12:17:27 | 00,043,520 | ---- | C] () -- C:\WINNT\System32\CmdLineExt03.dll
[2005/04/04 17:40:51 | 00,000,023 | ---- | C] () -- C:\WINNT\EPC Keyboarding.INI
[2005/02/22 19:14:04 | 00,000,588 | ---- | C] () -- C:\WINNT\cdPlayer.ini
[2005/01/09 11:50:03 | 00,000,181 | ---- | C] () -- C:\WINNT\System32\lxbrcoin.ini
[2004/12/27 20:22:21 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2004/12/27 20:22:20 | 00,001,467 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
[2004/07/22 19:37:41 | 00,000,004 | ---- | C] () -- C:\WINNT\uccspecb.sys
[2004/03/22 18:03:18 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\vidx16.dll
[2004/03/19 19:25:23 | 00,002,672 | ---- | C] () -- C:\WINNT\disney.ini
[2004/02/16 10:35:13 | 00,057,256 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/02/16 10:27:13 | 00,000,078 | ---- | C] () -- C:\WINNT\qwimp.ini
[2004/02/16 10:27:12 | 00,000,403 | ---- | C] () -- C:\WINNT\intuprof.ini
[2004/02/15 13:09:35 | 00,000,023 | ---- | C] () -- C:\WINNT\FLASHKSK.INI
[2004/02/15 13:09:34 | 00,003,205 | ---- | C] () -- C:\WINNT\LXBRCAH.ini
[2004/02/15 13:09:34 | 00,000,468 | ---- | C] () -- C:\WINNT\LXBRFMT.INI
[2004/02/15 13:09:32 | 00,002,174 | ---- | C] () -- C:\WINNT\System32\LXBRSET.INI
[2004/02/15 13:04:12 | 00,000,470 | ---- | C] () -- C:\WINNT\lexstat.ini
[2004/02/12 18:43:39 | 00,000,038 | ---- | C] () -- C:\WINNT\iltwain.ini
[2004/02/12 18:27:01 | 00,229,376 | ---- | C] () -- C:\WINNT\System32\ISP2000.dll
[2004/02/12 17:53:25 | 00,004,608 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/12 17:52:51 | 00,007,324 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2004/01/22 14:31:55 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/10/16 09:58:42 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\SLLights.dll
[2003/10/16 09:58:42 | 00,151,552 | ---- | C] () -- C:\WINNT\System32\amr_cpl.dll
[2003/10/15 09:15:29 | 00,049,152 | ---- | C] () -- C:\WINNT\System32\coinst.dll
[2003/10/14 15:56:53 | 00,001,081 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/10/14 15:56:05 | 00,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/10/14 15:53:24 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\JAWTAccessBridge.dll
[2003/10/14 15:50:22 | 00,094,208 | ---- | C] () -- C:\WINNT\System32\PCDrKernelModeServices.dll
[2003/10/14 15:50:22 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\ProgressTrace.dll
[2003/10/14 15:49:24 | 00,000,571 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/10/06 13:57:12 | 00,000,770 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/10/06 13:40:33 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2003/10/06 13:34:01 | 02,113,304 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2003/10/06 13:33:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2003/10/06 13:17:38 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/11/13 08:40:22 | 00,040,960 | ---- | C] () -- C:\WINNT\System32\lxbrvs.dll
[2001/07/15 16:48:32 | 00,170,585 | ---- | C] () -- C:\WINNT\System32\MCPrintX.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINNT\System32\e100bmsg.dll
[1979/12/31 23:00:00 | 00,000,621 | ---- | C] () -- C:\WINNT\win.ini
[1979/12/31 23:00:00 | 00,000,263 | ---- | C] () -- C:\WINNT\system.ini

========== LOP Check ==========

[2004/02/15 13:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/14 02:47:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/11 19:41:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/03/28 15:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/13 23:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AntiVirus Plus
[2004/02/11 19:45:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2004/11/14 18:47:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/12/09 16:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2008/03/29 15:25:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/11/14 10:13:19 | 00,000,286 | ---- | M] () -- C:\WINNT\Tasks\apxhnjwz.job
[2003/03/31 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2004/02/13 07:30:00 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 1.job
[2004/02/11 19:07:44 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 2.job
[2004/02/11 19:07:44 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 3.job
[2009/11/12 18:40:22 | 00,000,416 | ---- | M] () -- C:\WINNT\Tasks\QIC Autoupdate.job
[2009/11/14 10:13:22 | 00,000,452 | ---- | M] () -- C:\WINNT\Tasks\QIC Messenger Bkup.job
[2009/11/13 22:36:55 | 00,000,452 | ---- | M] () -- C:\WINNT\Tasks\QIC Messenger Periodic.job
[2009/11/14 10:13:19 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2003/03/31 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2003/03/31 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2003/03/31 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\system32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2003/07/02 18:00:00 | 00,274,816 | ---- | M] (Intel Corporation) MD5=50B56E7DE809BE4B8F4D24B3F0381520 -- C:\OEMDRVRS\iaStor.sys
[2003/07/02 18:00:00 | 00,274,816 | ---- | M] (Intel Corporation) MD5=50B56E7DE809BE4B8F4D24B3F0381520 -- C:\WINNT\system32\drivers\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2002/10/24 15:59:48 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2003/03/31 05:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\$NtUninstallQ331958$\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys
[2002/10/24 14:59:48 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINNT\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINNT\$NtServicePackUninstall$\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
  • 0

#4
kbz1960

kbz1960

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hummm guess I'm not having trouble right now but wouldn't think it would take too long for someone to have a look.

Thanks for any help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP