Application-Error-cmd-exe "cyyyqgt.exe" [Closed] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Application-Error-cmd-exe "cyyyqgt.exe" [Closed] Error on shut-down... seen on 2 different computers

#1 goldenbogey

  • Group: Member
  • Posts: 4
  • Joined: 26-May 10

Posted 26 May 2010 - 01:42 PM

Hi,

This was originally on windows xp forum but it was suggested that I put it here.

Description of problem:

When I shut down I come up with 2 errors in a row "Application-Error... cmd-exe" once I have cleared both of them it shuts down as normal BUT I have to perform the shut-down procedure all over again!! It is just highly irritating and indicates a program that is doing something odd to the system.

What I have done so far.

I have done some research and I know the process that is causing this error! I took a screen-shot of the task manager before shutting down. I then compared this screen shot to the task bar after I had cleared these two "Application-Error... cmd-exe" things:

It was cyyyqgt.exe

Sure enough - If I end this process before shutting down then it shuts down normally. The question is: What on earth is cyyyqgt.exe??


*something I have also noticed* When I right click that process on the task manager and select "set priority" it is set to "high". Most other things are set to "normal" or less.

I have googled this and it is not in any search engines I therefore have no idea what it is. I have mcafee and that has obviously not detected anything as abnormal. Windows defender picks up nothing either.

The questions I pose are:

1. Does anyone know what this process is (cyyyqgt.exe)?
2. Can someone inform me of how I go about finding out what program is running this process? I can then maybe uninstall that application.

This may also be related to the fact that my auto-updates function is always turned off when I restart the computer. Possibly it is also related to why Windows defender keeps needing to be reinstalled every time I restart my computer.

Additional...

I have searched a little bit deeper and discovered some other strange things about this process, cyyyqgt.exe

It is buried deep inside the system32 folder as a hidden file. I had a job finding it because it doesn't conform to the alphabet sequence of the other files. It was right down the bottom and it has the symbol of an image file like a jpg or bitmap file for some weird reason (but with the .exe file extension obviously).

I downloaded the Microsoft tool "process explorer" (that's how I found out where it was). Windows search only revealed the prefetch file (.pf) in windows/prefetch. On "process explorer" it shows up as having no description and no company name! Everything else, and I mean EVERYTHING else has a description and company name (Microsoft, Mcafee etc).

It says on the date that it is 04 08 2004 which is, I presume, around about the time that particular xp professional disc was most likely created. If it was a windows file then it would say in the company name that it was Microsoft corporation I would have presumed.

If I kill the process could I harm my OS or it might the process just start back up again when I reboot?

#2 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,570
  • Joined: 31-May 06

Posted 26 May 2010 - 02:22 PM

Hi there lets have a look see first before we make any determinations :)

Posted Image GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
Posted Image
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    Posted Image
    Click the image to enlarge it

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

#3 goldenbogey

  • Group: Member
  • Posts: 4
  • Joined: 26-May 10

Posted 26 May 2010 - 04:41 PM

This is the ark file

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-26 22:41:18
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Nate\LOCALS~1\Temp\kfpiraoc.sys


---- System - GMER 1.0.15 ----

SSDT spcv.sys ZwCreateKey [0xB9EB50E0]
SSDT spcv.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spcv.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spcv.sys ZwOpenKey [0xB9EB50C0]
SSDT spcv.sys ZwQueryKey [0xB9ECE20A]
SSDT spcv.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spcv.sys ZwSetValueKey [0xB9ECE29C]

INT 0x62 ? 89CEEBF8
INT 0x63 ? 89CEDBF8
INT 0x73 ? 89D60BF8
INT 0x83 ? 89D60BF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB528F8C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB528F8EB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB528F855]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB528F881]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB528F915]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB528F8D5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB528F86B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB528F8AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB528F92B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB528F8FF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AF4 7 Bytes JMP B528F903 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? spcv.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9C4E8AC 5 Bytes JMP 89CED1D8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB94FD360, 0x3541AF, 0xE8000020]
.text anxjfrnn.SYS B94B0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text anxjfrnn.SYS B94B03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text anxjfrnn.SYS B94B03C4 3 Bytes [00, 80, 02]
.text anxjfrnn.SYS B94B03C9 1 Byte [30]
.text anxjfrnn.SYS B94B03C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011D0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011D008C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011D0F97
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011D007B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011D005E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011D0FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011D00DF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011D00C2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011D0F6B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011D00FA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011D011F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011D0FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011D0014
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011D00A7
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011D0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011D0025
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011D0F7C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 011C002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 011C007D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 011C0FDB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 011C0011
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 011C0FC0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 011C0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 011C0058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 011C0047
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 011B0058
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] msvcrt.dll!system 77C293C7 5 Bytes JMP 011B003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 011B0FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 011B0FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 011B0FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 011B000C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 011A0FEF
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070F6F
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070062
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00070036
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000700A6
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00070F2F
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700C8
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 000700D9
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0007007F
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00070025
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00070FD4
.text C:\WINDOWS\system32\services.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 000700B7
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00060FCA
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00060F72
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0006001B
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00060FE5
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00060F83
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0006000A
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00060F9E
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [26, 88]
.text C:\WINDOWS\system32\services.exe[740] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00060FAF
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00050FD9
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!system 77C293C7 5 Bytes JMP 0005005A
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0005002E
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00050049
.text C:\WINDOWS\system32\services.exe[740] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0005001D
.text C:\WINDOWS\system32\services.exe[740] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F80067
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F8004C
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F8002F
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80F72
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F80F50
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F61
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F800B3
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F24
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F80EFF
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80F83
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F8008C
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80014
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80FC3
.text C:\WINDOWS\system32\lsass.exe[760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80F35
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F70047
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\lsass.exe[760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F60FB7
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F60FC8
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F60027
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F60042
.text C:\WINDOWS\system32\lsass.exe[760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\lsass.exe[760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FB0000
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FB0FA3
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FB008E
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FB007D
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FB0FC0
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FB0051
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FB00BF
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FB0F77
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FB0F4B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FB00E4
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FB0F30
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FB0062
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FB0011
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FB0F88
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FB0FE5
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FB0036
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FB0F5C
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FA0F8D
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FA0FE5
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FA001B
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FA0F9E
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FA0000
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FA0FAF
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1A, 89]
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FA0036
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F90FA6
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F90FB7
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F90027
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F90FD2
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F90FEF
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D6008A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60F8B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60FA8
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D60F69
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D60F7A
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600E0
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F3D
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D600F1
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D60FE5
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D6009B
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D60FD4
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\svchost.exe[980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D60F4E
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D5002C
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D50F79
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D5001B
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D50FE5
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D50F8A
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D50000
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D50FA5
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F5, 88]
.text C:\WINDOWS\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D50FC0
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D40049
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D40FB4
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D40FE3
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D40000
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D4002E
.text C:\WINDOWS\system32\svchost.exe[980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D4001D
.text C:\WINDOWS\system32\svchost.exe[980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D30000
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03260000
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 032600A9
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03260FB4
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0326008E
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0326007D
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03260047
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03260F88
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 032600CE
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03260110
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 032600F5
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03260F5C
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03260062
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0326001B
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03260FA3
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03260036
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03260FE5
.text C:\WINDOWS\System32\svchost.exe[1076] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03260F6D
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0325002C
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03250058
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03250FDB
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03250011
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03250F9B
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 03250000
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 03250FC0
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [45, 8B]
.text C:\WINDOWS\System32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03250047
.text C:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B20F8B
.text C:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B20FA6
.text C:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B20FD2
.text C:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B2000C
.text C:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B20FC1
.text C:\WINDOWS\System32\svchost.exe[1076] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B20FE3
.text C:\WINDOWS\System32\svchost.exe[1076] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B00000
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02AF000A
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02AF0FEF
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02AF0FDE
.text C:\WINDOWS\System32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02AF0FC3
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD00A7
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD008C
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD007B
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD005E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0043
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F8B
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD00D3
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F5F
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD00F8
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0109
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0FBC
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FDE
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD00C2
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FCD
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD001E
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0F7A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FDE
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0F8D
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC004A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FA8
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88]
.text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0031
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0F9C
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FB7
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB000C
.text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FD2
.text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A0000A
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F46
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00031
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F57
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00F68
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00F9E
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A00F10
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F2B
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00EE4
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A0007D
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A00ED3
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00F83
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A00056
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00FB9
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FCA
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00EFF
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FAF
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F83
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0F9E
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E004C
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E0031
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FC1
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0016
.text C:\WINDOWS\system32\svchost.exe[1272] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0FDE
.text C:\WINDOWS\system32\svchost.exe[1272] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 028F000A
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 028F0F66
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 028F0065
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 028F0F8D
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 028F004A
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 028F0FB9
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028F00A7
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 028F008C
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 028F00DD
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 028F00C2
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028F0F29
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 028F0FA8
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 028F0FE5
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 028F0F55
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 028F0025
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 028F0FD4
.text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028F0F44
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02860FE5
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02860FB2
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02860040
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0286001B
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02860FC3
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0286000A
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02860065
.text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02860FD4
.text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02850055
.text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 02850044
.text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02850033
.text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02850000
.text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02850FD4
.text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02850FEF
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02750FEF
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02750FD4
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02750FC3
.text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02750FB2
.text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02840000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DC0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DC0083
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DC0068
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DC0F84
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DC0FA1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DC0039
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DC0F3B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DC0F58
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DC0F05
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DC0F20
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DC0EEA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DC0FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DC000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DC0F73
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DC0FC3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DC0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DC0094
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DB0FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DB0068
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DB001E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DB0FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DB004D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DB0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DB0FA1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FB, 88]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DB0FBC
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DA0FC1
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DA0FD2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DA002E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DA0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DA0FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DA001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1888] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FE5
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F99
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20073
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20058
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20F7E
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C200C6
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C200EB
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C20F52
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20106
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20047
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C200A9
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20036
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20011
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C20F63
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C10098
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C1002C
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[2004] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10FDB
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FAB
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C00FE3
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[2004] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FC6
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00BE0011
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00BE0FDB
.text C:\WINDOWS\system32\svchost.exe[2004] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[2004] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BF0FEF

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89CEC1F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \FatCdrom 8835B500

AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\PCI_PNP8600 \Device\00000042 spcv.sys
Device \Driver\usbohci \Device\USBPDO-0 89C5E1F8
Device \Driver\usbehci \Device\USBPDO-1 89BCC1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89D5E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 89D5E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 89D5E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 89D5E1F8

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89CEF1F8
Device \Driver\usbstor \Device\00000071 88A07500
Device \Driver\Ftdisk \Device\HarddiskVolume2 89CEF1F8
Device \Driver\Cdrom \Device\CdRom0 89C5A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 89CEF1F8
Device \Driver\Cdrom \Device\CdRom1 89C5A1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B9E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 89C5A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 89CEF1F8
Device \Driver\Cdrom \Device\CdRom3 89C5A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume5 89CEF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 89CEF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume7 89CEF1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88A301F8
Device \Driver\NetBT \Device\NetbiosSmb 88A301F8
Device \Driver\sptd \Device\4010313600 spcv.sys

AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbohci \Device\USBFDO-0 89C5E1F8
Device \Driver\usbehci \Device\USBFDO-1 89BCC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88A231F8
Device \Driver\usbstor \Device\0000006e 88A07500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88A231F8
Device \Driver\Ftdisk \Device\FtControl 89CEF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4DD77B67-B739-414D-A7FF-79CA756F13BF} 88A301F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path0Target0Lun0 89D5D1F8
Device \Driver\nvgts \Device\Scsi\nvgts1Port2Path1Target1Lun0 89D5D1F8
Device \Driver\anxjfrnn \Device\Scsi\anxjfrnn1 89BE41F8
Device \Driver\nvgts \Device\Scsi\nvgts1 89D5D1F8
Device \Driver\nvgts \Device\Scsi\nvgts2 89D5D1F8
Device \Driver\anxjfrnn \Device\Scsi\anxjfrnn1Port4Path0Target0Lun0 89BE41F8
Device \FileSystem\Fastfat \Fat 8835B500

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs 88A021F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC0 0x87 0x99 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x34 0xA9 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0x74 0x4A 0x75 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC0 0x87 0x99 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x92 0x34 0xA9 0xED ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCF 0x74 0x4A 0x75 ...

---- EOF - GMER 1.0.15 ----


OTL

OTL logfile created on: 26/05/2010 22:51:20 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nate\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.37 Gb Total Space | 11.81 Gb Free Space | 44.78% Space Free | Partition Type: NTFS
Drive D: | 69.91 Gb Total Space | 52.09 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 19.53 Gb Total Space | 11.30 Gb Free Space | 57.85% Space Free | Partition Type: NTFS
Drive Z: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: BOGEY-3B4E1DD10
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/26 21:48:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nate\Desktop\OTL.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/01 22:55:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/01 22:55:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/24 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2008/01/24 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/01/24 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2007/10/25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2004/08/04 13:00:00 | 000,434,176 | RHS- | M] () -- C:\WINDOWS\system32\cyyyqgt.exe


========== Modules (SafeList) ==========

MOD - [2010/05/26 21:48:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nate\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2008/01/24 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
SRV - [2008/01/24 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)


========== Driver Services (SafeList) ==========

DRV - [2010/05/18 16:33:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/03 10:22:00 | 005,030,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/01/15 20:42:00 | 006,305,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/11/12 09:58:38 | 000,145,952 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/08/01 03:36:26 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 03:36:20 | 000,054,784 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/24 20:50:00 | 000,171,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/01/24 20:50:00 | 000,072,936 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/01/24 20:50:00 | 000,064,232 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/01/24 20:50:00 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/01/24 20:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/01/24 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/01/04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://viewpointnow.com/main"

FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2010/05/19 23:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/19 23:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files\Flock\components [2010/05/19 23:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/05/19 23:46:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/20 21:12:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/20 21:11:58 | 000,000,000 | ---D | M]

[2010/05/20 21:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nate\Application Data\Mozilla\Extensions
[2010/05/19 20:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nate\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010/05/20 21:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nate\Application Data\Mozilla\Firefox\Profiles\t1810zeb.default\extensions
[2010/05/20 21:11:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [WindowsDefender] C:\WINDOWS\system32\cyyyqgt.exe ()
O4 - HKCU..\Run: [Com32] C:\WINDOWS\system32\cyyyqgt.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\RunServicesOnce: [LogServ] C:\WINDOWS\system32\cyyyqgt.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe ()
O4 - Startup: C:\Documents and Settings\Nate\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\cyyyqgt.exe) - C:\WINDOWS\system32\cyyyqgt.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.227.100.12 131.227.102.91 131.227.102.6
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\cyyyqgt.exe) - C:\WINDOWS\system32\cyyyqgt.exe ()
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/17 20:27:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{204d63b5-6598-11df-ab00-002511c0f303}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{204d63b5-6598-11df-ab00-002511c0f303}\Shell\open\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{2dedaac2-61f0-11df-a152-d3c54ca210df}\Shell - "" = AutoRun
O33 - MountPoints2\{2dedaac2-61f0-11df-a152-d3c54ca210df}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2dedaac2-61f0-11df-a152-d3c54ca210df}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{cfea897c-64d6-11df-aaf8-002511c0f303}\Shell\AutoRun\command - "" = L:\installer.exe -- File not found
O33 - MountPoints2\{cfea897c-64d6-11df-aaf8-002511c0f303}\Shell\verb\command - "" = L:\installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/17 21:05:56 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....hors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 21:48:15 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nate\Desktop\OTL.exe
[2010/05/26 21:44:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nate\Recent
[2010/05/26 21:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop\gmer
[2010/05/26 21:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Malwarebytes
[2010/05/26 21:12:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/26 21:12:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/26 21:12:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/26 21:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/26 18:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/26 16:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Screen Capture
[2010/05/26 16:18:03 | 000,000,000 | ---D | C] -- C:\MyCaptures
[2010/05/26 01:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop\Main FL Projects
[2010/05/25 19:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2010/05/23 20:48:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/23 19:46:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/23 13:57:09 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/23 13:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/23 13:15:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nate\IECompatCache
[2010/05/23 13:13:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nate\PrivacIE
[2010/05/22 19:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Trusteer
[2010/05/22 19:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/05/22 16:54:41 | 000,068,880 | ---- | C] (Belus Technology Inc.) -- C:\WINDOWS\System32\XZip.dll
[2010/05/20 21:12:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Mozilla
[2010/05/20 21:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/20 19:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\My Documents\GTA3 User Files
[2010/05/20 19:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2010/05/20 17:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop\GTAIII radio extract
[2010/05/20 01:11:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/05/20 01:10:46 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2010/05/20 01:10:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/05/20 01:10:46 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010/05/20 01:10:46 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/05/20 01:10:46 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2010/05/20 01:10:46 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/05/20 01:10:46 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/05/20 01:10:46 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/05/20 01:10:46 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/05/20 01:10:45 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/05/20 01:10:45 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/05/20 01:10:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/05/20 01:10:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/05/20 01:10:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/05/20 01:10:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/05/20 01:10:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/05/20 01:10:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2010/05/20 01:10:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/05/20 01:10:45 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2010/05/20 01:10:45 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/05/20 01:10:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/05/20 01:10:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/05/20 01:10:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010/05/20 01:10:45 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2010/05/20 01:10:45 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/05/20 01:10:45 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/05/20 01:10:43 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2010/05/20 01:10:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2010/05/20 01:10:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2010/05/20 01:10:43 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2010/05/20 01:10:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2010/05/20 01:10:43 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2010/05/20 01:10:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2010/05/20 01:10:43 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2010/05/20 01:10:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2010/05/20 01:10:42 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2010/05/20 01:10:42 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/05/20 01:10:42 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2010/05/20 01:10:42 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010/05/20 01:10:42 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2010/05/20 01:10:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2010/05/20 01:10:42 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/05/20 01:10:42 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010/05/20 01:10:41 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2010/05/20 01:10:41 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2010/05/20 01:10:41 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2010/05/20 01:10:41 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010/05/20 01:10:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010/05/20 01:10:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2010/05/20 01:10:41 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/05/20 01:10:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010/05/20 01:10:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010/05/20 01:10:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010/05/20 01:10:40 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2010/05/20 01:10:40 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2010/05/20 01:10:40 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2010/05/20 01:10:40 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2010/05/20 01:10:40 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2010/05/20 01:10:40 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2010/05/20 01:10:40 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2010/05/20 01:10:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010/05/20 01:10:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010/05/20 01:10:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2010/05/20 01:10:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/05/20 01:10:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2010/05/20 01:10:39 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2010/05/20 01:00:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/05/20 00:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Apple Computer
[2010/05/19 23:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/19 23:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/19 23:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/19 23:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Apple
[2010/05/19 23:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/19 23:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/19 23:44:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Apple Computer
[2010/05/19 20:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Mozilla
[2010/05/19 20:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Flock
[2010/05/19 20:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Flock
[2010/05/19 20:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Flock
[2010/05/19 15:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop\Shortcuts and deskclean
[2010/05/19 15:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe
[2010/05/19 15:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/19 15:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/19 15:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/19 15:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/19 15:02:22 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2010/05/19 15:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\My Documents\Image-Line
[2010/05/19 15:02:11 | 001,554,944 | ---- | C] (HMS http://hp.vector.co....hors/VA012897/) -- C:\WINDOWS\System32\vorbis.acm
[2010/05/19 15:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010/05/19 15:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010/05/18 19:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\InfraRecorder
[2010/05/18 19:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2010/05/18 16:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\XP Codec Pack
[2010/05/18 16:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Macromedia
[2010/05/18 16:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Adobe
[2010/05/18 16:36:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nate\My Documents\My Videos
[2010/05/18 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/05/18 16:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\DAEMON Tools Lite
[2010/05/18 16:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/18 16:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\Xiph.Org
[2010/05/18 16:27:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nate\My Documents\My Shapes
[2010/05/18 16:22:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010/05/18 16:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010/05/18 16:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/18 16:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/05/18 16:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/18 16:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/18 16:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/18 16:20:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/18 16:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/18 02:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\My Documents\GTA San Andreas User Files
[2010/05/18 02:12:30 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/18 00:34:24 | 000,000,000 | ---D | C] -- C:\QUARANTINE
[2010/05/18 00:32:57 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/05/18 00:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/05/18 00:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/05/18 00:31:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/05/17 23:59:46 | 001,495,552 | ---- | C] (PGP Corporation) -- C:\WINDOWS\System32\epoPGPsdk.dll
[2010/05/17 23:59:46 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010/05/17 23:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/17 23:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2010/05/17 23:59:31 | 000,072,936 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/17 23:59:31 | 000,064,232 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/05/17 23:59:31 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2010/05/17 23:59:31 | 000,033,960 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/17 23:59:30 | 000,171,400 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/05/17 23:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/05/17 23:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/05/17 23:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/17 23:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/17 23:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/17 23:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/05/17 23:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/17 23:33:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/05/17 23:32:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/17 23:24:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nate\IETldCache
[2010/05/17 23:22:45 | 011,070,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/05/17 23:22:45 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/05/17 23:22:45 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/05/17 23:22:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/05/17 23:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/17 23:22:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/17 23:22:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/17 23:22:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/17 23:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\OpenOffice.org
[2010/05/17 23:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\My Documents\Downloads
[2010/05/17 23:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Google
[2010/05/17 23:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/05/17 22:55:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/05/17 21:36:55 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/05/17 21:36:55 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/05/17 21:36:55 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/05/17 21:36:55 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/05/17 21:36:55 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/05/17 21:36:55 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/05/17 21:36:52 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/05/17 21:36:52 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/05/17 21:36:52 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/05/17 21:36:52 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/05/17 21:36:52 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/05/17 21:36:52 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/05/17 21:36:50 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/05/17 21:36:50 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/05/17 21:36:50 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/05/17 21:36:50 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/05/17 21:36:14 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/05/17 21:36:14 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/05/17 21:36:14 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/05/17 21:36:14 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/05/17 21:36:14 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/05/17 21:36:14 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/05/17 21:36:14 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/05/17 21:36:14 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/05/17 21:36:14 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/05/17 21:36:14 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/05/17 21:36:14 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/05/17 21:36:14 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/05/17 21:36:14 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/05/17 21:36:14 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/05/17 21:36:14 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/05/17 21:36:14 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/05/17 21:36:14 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/05/17 21:36:14 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/05/17 21:36:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/05/17 21:36:14 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/05/17 21:36:14 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/05/17 21:36:14 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/05/17 21:22:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/05/17 21:21:35 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/05/17 21:21:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/05/17 21:21:22 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/05/17 21:21:10 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/05/17 21:21:10 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/05/17 21:21:09 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/05/17 21:21:09 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/05/17 21:20:18 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/05/17 21:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop\playstation
[2010/05/17 21:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop\Setup-utility files
[2010/05/17 21:14:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2010/05/17 21:13:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/17 21:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/17 21:13:27 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2010/05/17 21:13:27 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2010/05/17 21:13:26 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2010/05/17 21:13:26 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/05/17 21:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/17 21:13:25 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/17 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/17 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/17 21:13:23 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2010/05/17 21:13:23 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2010/05/17 21:13:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/05/17 21:13:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/05/17 21:13:23 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2010/05/17 21:13:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/05/17 21:13:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2010/05/17 21:13:22 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2010/05/17 21:13:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/05/17 21:13:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2010/05/17 21:13:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/05/17 21:13:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/05/17 21:13:20 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2010/05/17 21:13:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/05/17 21:13:20 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2010/05/17 21:13:20 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/05/17 21:13:20 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2010/05/17 21:13:20 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2010/05/17 21:13:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/05/17 21:13:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/05/17 21:13:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2010/05/17 21:13:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2010/05/17 21:13:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2010/05/17 21:13:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/05/17 21:13:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/05/17 21:13:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/05/17 21:13:19 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2010/05/17 21:13:19 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2010/05/17 21:13:19 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2010/05/17 21:13:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/05/17 21:13:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/05/17 21:13:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2010/05/17 21:13:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2010/05/17 21:13:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2010/05/17 21:13:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/05/17 21:13:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/05/17 21:13:18 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2010/05/17 21:13:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2010/05/17 21:13:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/05/17 21:13:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2010/05/17 21:13:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2010/05/17 21:13:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2010/05/17 21:13:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2010/05/17 21:13:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2010/05/17 21:13:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/05/17 21:13:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/05/17 21:13:16 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/05/17 21:13:16 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2010/05/17 21:13:16 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2010/05/17 21:13:16 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/05/17 21:13:16 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/05/17 21:13:16 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2010/05/17 21:13:16 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/05/17 21:13:16 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/05/17 21:13:16 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2010/05/17 21:13:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/05/17 21:13:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/05/17 21:13:16 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2010/05/17 21:13:16 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2010/05/17 21:13:15 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2010/05/17 21:13:15 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2010/05/17 21:13:15 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2010/05/17 21:13:15 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2010/05/17 21:13:15 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2010/05/17 21:13:15 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2010/05/17 21:13:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2010/05/17 21:13:15 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2010/05/17 21:13:15 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2010/05/17 21:13:15 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2010/05/17 21:13:15 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2010/05/17 21:13:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2010/05/17 21:13:15 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2010/05/17 21:13:15 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2010/05/17 21:13:15 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2010/05/17 21:13:15 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2010/05/17 21:13:15 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2010/05/17 21:13:15 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2010/05/17 21:13:14 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2010/05/17 21:13:14 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2010/05/17 21:13:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2010/05/17 21:13:14 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2010/05/17 21:13:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2010/05/17 21:13:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2010/05/17 21:13:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/17 21:13:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/17 21:13:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/17 21:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/17 21:13:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/17 21:11:38 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/05/17 21:11:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/05/17 21:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/17 21:11:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/17 21:11:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/17 21:11:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/17 21:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/17 21:10:29 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/05/17 21:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/17 21:09:58 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/05/17 21:09:33 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/05/17 21:05:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/17 21:05:10 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/17 21:05:10 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/17 21:05:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/17 21:05:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/05/17 21:00:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/05/17 20:59:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/17 20:59:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/17 20:41:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/05/17 20:39:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/05/17 20:39:07 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/05/17 20:39:07 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/05/17 20:39:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/05/17 20:38:43 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/05/17 20:38:40 | 000,290,816 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/05/17 20:38:40 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/05/17 20:38:39 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/05/17 20:38:39 | 005,030,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/05/17 20:38:39 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/05/17 20:38:39 | 001,206,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/05/17 20:38:39 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/05/17 20:38:38 | 001,389,056 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010/05/17 20:38:38 | 000,104,992 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/05/17 20:38:38 | 000,035,840 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/05/17 20:38:37 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/05/17 20:38:37 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/05/17 20:38:37 | 001,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/05/17 20:38:37 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/05/17 20:38:37 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/05/17 20:38:37 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/17 20:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/05/17 20:38:10 | 000,528,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/05/17 20:35:49 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2010/05/17 20:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/17 20:35:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/17 20:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoPtb.dll
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoPt.dll
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoIt.dll
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoFr.dll
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoEsm.dll
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoEs.dll
[2010/05/17 20:35:25 | 000,016,928 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoEl.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoTr.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoSv.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoSl.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoSk.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoRu.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoPl.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoNo.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoNl.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoHu.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoFi.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoDe.dll
[2010/05/17 20:35:25 | 000,016,416 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoDa.dll
[2010/05/17 20:35:25 | 000,015,904 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoTh.dll
[2010/05/17 20:35:25 | 000,015,904 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoENU.dll
[2010/05/17 20:35:25 | 000,015,904 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoEng.dll
[2010/05/17 20:35:25 | 000,015,392 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoHe.dll
[2010/05/17 20:35:25 | 000,014,880 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoJa.dll
[2010/05/17 20:35:25 | 000,014,368 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoKo.dll
[2010/05/17 20:35:25 | 000,013,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoZht.dll
[2010/05/17 20:35:25 | 000,013,856 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoZhc.dll
[2010/05/17 20:35:24 | 000,372,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvraiins.dll
[2010/05/17 20:35:24 | 000,372,256 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvraidco.dll
[2010/05/17 20:35:24 | 000,145,952 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvgts.sys
[2010/05/17 20:35:24 | 000,015,904 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoCs.dll
[2010/05/17 20:35:24 | 000,015,904 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NvRCoAr.dll
[2010/05/17 20:35:05 | 000,200,704 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1ins.dll
[2010/05/17 20:35:05 | 000,200,704 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\fdco1.dll
[2010/05/17 20:35:05 | 000,054,784 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\NVENETFD.sys
[2010/05/17 20:35:03 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2010/05/17 20:35:02 | 000,955,520 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnrm.sys
[2010/05/17 20:35:02 | 000,122,880 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvconrm.dll
[2010/05/17 20:35:02 | 000,022,016 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvnetbus.sys
[2010/05/17 20:35:02 | 000,009,216 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1ins.dll
[2010/05/17 20:35:02 | 000,009,216 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\bdco1.dll
[2010/05/17 20:35:00 | 000,453,152 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvusmb.exe
[2010/05/17 20:35:00 | 000,122,880 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVCOSMB.DLL
[2010/05/17 20:34:36 | 000,453,152 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2010/05/17 20:33:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Tools
[2010/05/17 20:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/17 20:33:11 | 000,004,864 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\PortIo.sys
[2010/05/17 20:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Application Data\Identities
[2010/05/17 20:32:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/17 20:32:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nate\My Documents\My Pictures
[2010/05/17 20:32:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nate\My Documents\My Music
[2010/05/17 20:31:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nate\Application Data\Microsoft
[2010/05/17 20:31:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nate\SendTo
[2010/05/17 20:31:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nate\Application Data
[2010/05/17 20:31:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nate\Start Menu
[2010/05/17 20:31:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nate\My Documents
[2010/05/17 20:31:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nate\Favorites
[2010/05/17 20:31:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nate\Cookies
[2010/05/17 20:31:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nate\Templates
[2010/05/17 20:31:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nate\PrintHood
[2010/05/17 20:31:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nate\NetHood
[2010/05/17 20:31:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nate\Local Settings
[2010/05/17 20:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft
[2010/05/17 20:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nate\Desktop
[2010/05/17 20:30:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/17 20:30:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/17 20:30:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/17 20:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/17 20:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/17 20:30:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/17 20:29:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/05/17 20:29:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/05/17 20:29:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/05/17 20:29:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/05/17 20:29:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/05/17 20:29:24 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/05/17 20:29:24 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/05/17 20:29:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/05/17 20:29:24 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/05/17 20:29:23 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/05/17 20:29:23 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/05/17 20:29:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/05/17 20:29:23 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/05/17 20:29:23 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/05/17 20:29:23 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/05/17 20:29:22 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/05/17 20:29:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/05/17 20:29:21 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/05/17 20:29:21 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/05/17 20:29:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/05/17 20:29:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/05/17 20:29:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/05/17 20:29:20 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/05/17 20:29:20 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/05/17 20:29:20 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/05/17 20:29:20 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/05/17 20:29:19 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/05/17 20:29:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/05/17 20:29:18 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/05/17 20:29:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/05/17 20:29:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/05/17 20:29:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/05/17 20:29:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/05/17 20:29:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/05/17 20:29:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/05/17 20:29:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/05/17 20:29:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/05/17 20:29:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/05/17 20:29:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/05/17 20:29:16 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/05/17 20:29:16 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/05/17 20:29:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/05/17 20:29:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/05/17 20:29:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/05/17 20:29:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/05/17 20:29:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/05/17 20:29:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/05/17 20:29:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/05/17 20:29:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/05/17 20:29:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/05/17 20:29:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/05/17 20:29:13 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/17 20:29:13 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/17 20:29:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/05/17 20:29:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/05/17 20:29:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/05/17 20:29:11 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/05/17 20:29:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/05/17 20:29:11 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/05/17 20:29:10 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/05/17 20:29:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/05/17 20:29:10 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/05/17 20:29:10 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/05/17 20:29:10 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/05/17 20:29:10 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/05/17 20:29:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/05/17 20:29:09 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/05/17 20:29:09 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/05/17 20:29:09 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/05/17 20:29:09 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/05/17 20:29:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/05/17 20:29:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/05/17 20:29:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/05/17 20:29:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/05/17 20:29:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/05/17 20:29:06 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/05/17 20:29:04 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/05/17 20:29:04 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/05/17 20:29:01 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/05/17 20:29:01 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/05/17 20:29:01 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/05/17 20:29:00 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/05/17 20:28:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/05/17 20:28:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/05/17 20:28:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/05/17 20:28:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/05/17 20:28:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/05/17 20:28:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/05/17 20:28:58 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/05/17 20:28:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/05/17 20:28:57 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/05/17 20:28:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/05/17 20:28:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/05/17 20:28:56 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/05/17 20:28:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/05/17 20:28:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/05/17 20:28:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/05/17 20:28:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/05/17 20:28:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/05/17 20:28:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/05/17 20:28:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/05/17 20:28:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/05/17 20:28:55 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/05/17 20:28:55 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/05/17 20:28:54 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/05/17 20:28:54 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/05/17 20:28:54 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/05/17 20:28:54 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/05/17 20:28:54 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/05/17 20:28:54 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/05/17 20:28:54 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/05/17 20:28:54 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/05/17 20:28:54 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/05/17 20:28:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/05/17 20:28:54 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/05/17 20:28:54 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/05/17 20:28:53 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/05/17 20:28:53 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/05/17 20:28:53 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/05/17 20:28:53 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/05/17 20:28:53 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/05/17 20:28:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/05/17 20:28:53 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/05/17 20:28:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/05/17 20:28:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/05/17 20:28:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/05/17 20:28:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/05/17 20:28:52 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/05/17 20:28:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/05/17 20:28:52 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/05/17 20:28:50 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/05/17 20:28:46 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/05/17 20:28:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/05/17 20:28:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/05/17 20:28:43 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/05/17 20:28:43 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/05/17 20:28:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/05/17 20:28:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/05/17 20:28:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/05/17 20:28:42 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/05/17 20:28:42 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/05/17 20:28:41 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/05/17 20:28:41 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/05/17 20:28:41 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/05/17 20:28:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/05/17 20:28:40 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2010/05/17 20:28:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/05/17 20:28:37 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/05/17 20:28:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/05/17 20:28:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/05/17 20:28:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/05/17 20:28:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/05/17 20:28:36 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/05/17 20:28:36 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/05/17 20:28:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/05/17 20:28:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/05/17 20:28:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/05/17 20:28:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/05/17 20:28:35 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/05/17 20:28:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/05/17 20:28:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/05/17 20:28:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/05/17 20:28:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/05/17 20:28:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/05/17 20:28:34 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/17 20:28:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/05/17 20:28:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/05/17 20:28:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/05/17 20:28:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/05/17 20:28:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/05/17 20:28:29 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/05/17 20:28:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/05/17 20:28:27 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/05/17 20:28:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/05/17 20:28:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/05/17 20:28:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/05/17 20:28:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/05/17 20:28:21 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/05/17 20:28:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/05/17 20:28:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/05/17 20:28:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/05/17 20:28:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/05/17 20:28:18 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/05/17 20:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/17 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/17 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/17 20:28:05 | 000,000,000 | ---D | C] -- C:\DELL
[2010/05/17 20:27:37 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2010/05/17 20:27:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/17 20:26:55 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/17 20:26:55 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/17 20:26:46 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/17 20:26:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/17 20:26:18 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2010/05/17 20:26:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2010/05/17 20:26:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/05/17 20:26:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2010/05/17 20:26:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2010/05/17 20:26:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2010/05/17 20:26:13 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2010/05/17 20:26:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2010/05/17 20:26:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2010/05/17 20:26:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/05/17 20:26:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2010/05/17 20:26:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2010/05/17 20:26:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/05/17 20:26:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2010/05/17 20:26:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/17 20:26:09 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/05/17 20:26:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/05/17 20:26:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2010/05/17 20:26:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2010/05/17 20:26:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2010/05/17 20:26:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/05/17 20:26:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/05/17 20:26:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2010/05/17 20:26:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/05/17 20:26:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/17 20:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/17 20:26:08 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/05/17 20:26:06 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2010/05/17 20:26:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2010/05/17 20:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/17 20:26:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/17 20:26:05 | 001,669,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/05/17 20:26:05 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2010/05/17 20:26:05 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/05/17 20:26:05 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2010/05/17 20:26:05 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/05/17 20:26:05 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/05/17 20:26:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/05/17 20:26:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2010/05/17 20:26:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/05/17 20:26:05 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/05/17 20:26:04 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/05/17 20:26:04 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2010/05/17 20:26:04 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2010/05/17 20:26:04 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2010/05/17 20:26:04 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2010/05/17 20:26:04 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/05/17 20:26:04 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2010/05/17 20:26:04 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2010/05/17 20:26:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2010/05/17 20:26:04 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/05/17 20:26:04 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2010/05/17 20:26:04 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2010/05/17 20:26:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2010/05/17 20:26:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2010/05/17 20:26:03 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2010/05/17 20:26:01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/05/17 20:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/17 20:25:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2010/05/17 20:25:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2010/05/17 20:25:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2010/05/17 20:25:59 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2010/05/17 20:25:57 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2010/05/17 20:25:56 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2010/05/17 20:25:56 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2010/05/17 20:25:56 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2010/05/17 20:25:56 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2010/05/17 20:25:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/17 20:25:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2010/05/17 20:25:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2010/05/17 20:25:54 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2010/05/17 20:25:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2010/05/17 20:25:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/17 20:25:53 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2010/05/17 20:25:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2010/05/17 20:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/17 20:25:51 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2010/05/17 20:25:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2010/05/17 20:25:51 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2010/05/17 20:25:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2010/05/17 20:25:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/05/17 20:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/17 20:25:47 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2010/05/17 20:25:47 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/05/17 20:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/17 20:25:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/17 20:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/17 20:25:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/17 20:25:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/17 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/17 20:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/17 20:25:00 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/05/17 20:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/17 20:24:59 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2010/05/17 20:24:59 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2010/05/17 20:24:59 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2010/05/17 20:24:59 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2010/05/17 20:24:59 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2010/05/17 20:24:59 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2010/05/17 20:24:59 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2010/05/17 20:24:59 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/05/17 20:24:59 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/05/17 20:24:59 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/05/17 20:24:59 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/05/17 20:24:59 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2010/05/17 20:24:58 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/05/17 20:24:58 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/05/17 20:24:58 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/05/17 20:24:58 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/05/17 20:24:58 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2010/05/17 20:24:58 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2010/05/17 20:24:58 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2010/05/17 20:24:58 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/05/17 20:24:58 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/05/17 20:24:57 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2010/05/17 20:24:57 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2010/05/17 20:24:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2010/05/17 20:24:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2010/05/17 20:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/17 20:24:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2010/05/17 20:24:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2010/05/17 20:24:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2010/05/17 20:24:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/05/17 20:24:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2010/05/17 20:24:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2010/05/17 20:24:51 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2010/05/17 20:24:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2010/05/17 20:24:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2010/05/17 20:24:51 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/05/17 20:24:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2010/05/17 20:24:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2010/05/17 20:24:46 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2010/05/17 20:24:46 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2010/05/17 20:24:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2010/05/17 20:24:46 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2010/05/17 20:24:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2010/05/17 20:24:46 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2010/05/17 20:24:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2010/05/17 20:24:45 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2010/05/17 20:24:45 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2010/05/17 20:24:45 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2010/05/17 20:24:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2010/05/17 20:24:45 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2010/05/17 20:24:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2010/05/17 20:24:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2010/05/17 20:24:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2010/05/17 20:24:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/05/17 20:24:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2010/05/17 20:24:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2010/05/17 20:24:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2010/05/17 20:24:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/05/17 20:24:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2010/05/17 20:24:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2010/05/17 20:24:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2010/05/17 20:24:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2010/05/17 20:24:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2010/05/17 20:24:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2010/05/17 20:24:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2010/05/17 20:24:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2010/05/17 20:24:44 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2010/05/17 20:24:44 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/05/17 20:24:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2010/05/17 20:24:44 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2010/05/17 20:24:44 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/05/17 20:24:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2010/05/17 20:24:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/05/17 20:24:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2010/05/17 20:24:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/05/17 20:24:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/05/17 20:24:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2010/05/17 20:24:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2010/05/17 20:24:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2010/05/17 20:24:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2010/05/17 20:24:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/05/17 20:24:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2010/05/17 20:24:43 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2010/05/17 20:24:43 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2010/05/17 20:24:43 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/05/17 20:24:43 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2010/05/17 20:24:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2010/05/17 20:24:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2010/05/17 20:24:43 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2010/05/17 20:24:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2010/05/17 20:24:41 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/05/17 20:24:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/05/17 20:24:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/05/17 20:24:40 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2010/05/17 20:24:40 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2010/05/17 20:24:40 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2010/05/17 20:24:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/05/17 20:24:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/05/17 20:24:40 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/05/17 20:24:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/05/17 20:24:40 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/05/17 20:24:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/05/17 20:24:40 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/05/17 20:24:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/05/17 20:24:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/05/17 20:24:40 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2010/05/17 20:24:33 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2010/05/17 20:24:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2010/05/17 20:24:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2010/05/17 20:24:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2010/05/17 20:24:33 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2010/05/17 20:24:33 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2010/05/17 20:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/17 20:24:32 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2010/05/17 20:24:32 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2010/05/17 20:24:32 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2010/05/17 20:24:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2010/05/17 20:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/17 20:24:31 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/05/17 20:24:31 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2010/05/17 20:24:31 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2010/05/17 20:24:31 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2010/05/17 20:24:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2010/05/17 20:24:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2010/05/17 20:24:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2010/05/17 20:24:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010/05/17 20:24:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2010/05/17 20:24:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2010/05/17 20:24:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2010/05/17 20:24:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2010/05/17 20:24:30 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2010/05/17 20:24:30 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2010/05/17 20:24:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2010/05/17 20:24:30 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2010/05/17 20:24:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2010/05/17 20:24:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2010/05/17 20:24:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2010/05/17 20:24:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/17 20:24:29 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2010/05/17 20:24:29 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2010/05/17 20:24:29 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2010/05/17 20:24:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2010/05/17 20:24:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2010/05/17 20:24:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2010/05/17 20:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/17 20:24:28 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2010/05/17 20:24:25 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2010/05/17 20:24:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2010/05/17 20:24:25 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2010/05/17 20:24:24 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2010/05/17 20:24:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/17 19:53:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/17 19:25:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2004/11/24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 22:44:16 | 000,207,407 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/26 22:44:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 22:43:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 22:43:55 | 2079,707,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/26 22:42:19 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-746137067-725345543-1003UA.job
[2010/05/26 21:48:20 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nate\Desktop\OTL.exe
[2010/05/26 21:44:42 | 000,005,558 | ---- | M] () -- C:\Documents and Settings\Nate\My Documents\cc_20100526_214435.reg
[2010/05/26 21:32:19 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\gmer.exe
[2010/05/26 21:29:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 21:27:02 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Nate\NTUSER.DAT
[2010/05/26 21:12:26 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 19:03:50 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Nate\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 16:18:03 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\Quick Screen Capture.lnk
[2010/05/25 23:41:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-746137067-725345543-1003Core.job
[2010/05/23 22:12:30 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to Main drv2 (D).lnk
[2010/05/23 20:58:06 | 000,000,144 | ---- | M] () -- C:\WINDOWS\Eudcedit.ini
[2010/05/23 20:57:54 | 000,000,679 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/23 19:40:47 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/23 17:25:47 | 000,070,144 | ---- | M] () -- C:\Documents and Settings\Nate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/23 17:14:04 | 000,228,644 | ---- | M] () -- C:\WINDOWS\RSC.ttf
[2010/05/23 15:07:27 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to eudcedit.exe.lnk
[2010/05/23 14:20:10 | 006,917,958 | -H-- | M] () -- C:\Documents and Settings\Nate\Local Settings\Application Data\IconCache.db
[2010/05/23 13:47:51 | 000,047,722 | ---- | M] () -- C:\Documents and Settings\Nate\My Documents\cc_20100523_134537.reg
[2010/05/22 19:31:50 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\budget.xls
[2010/05/22 16:54:41 | 000,068,880 | ---- | M] (Belus Technology Inc.) -- C:\WINDOWS\System32\XZip.dll
[2010/05/22 13:14:51 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to Big Mother (J).lnk
[2010/05/22 13:14:29 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to My Computer.lnk
[2010/05/19 20:46:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/19 13:25:18 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\Computer Management (2).lnk
[2010/05/18 20:23:10 | 000,000,236 | -HS- | M] () -- C:\boot.ini
[2010/05/18 19:16:14 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2010/05/18 16:33:30 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/18 16:26:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/18 16:26:24 | 000,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/18 15:27:33 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/18 15:27:33 | 000,311,912 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/18 15:27:33 | 000,040,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/18 02:12:30 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/18 00:32:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/18 00:32:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/18 00:31:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/17 23:53:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/17 23:33:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/17 23:19:20 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\Nate\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/17 21:29:10 | 000,000,632 | ---- | M] () -- C:\WINDOWS\CoDUO.INI
[2010/05/17 21:22:40 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/17 20:57:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/05/17 20:41:47 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/05/17 20:41:47 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/05/17 20:36:50 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nate\ntuser.ini
[2010/05/17 20:30:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/17 20:29:38 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/17 20:27:50 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/17 20:27:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/17 20:27:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/17 20:27:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/17 20:27:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/17 20:27:37 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/17 20:26:54 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/17 20:26:54 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/17 20:25:28 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/17 20:25:18 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/08 05:33:56 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Nate\Desktop\AutoCorrect Backup Document.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/26 21:44:39 | 000,005,558 | ---- | C] () -- C:\Documents and Settings\Nate\My Documents\cc_20100526_214435.reg
[2010/05/26 21:12:26 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/26 16:18:03 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\Quick Screen Capture.lnk
[2010/05/25 10:51:35 | 2079,707,136 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/23 22:12:30 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to Main drv2 (D).lnk
[2010/05/23 17:21:40 | 000,228,644 | ---- | C] () -- C:\WINDOWS\RSC.ttf
[2010/05/23 15:07:27 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to eudcedit.exe.lnk
[2010/05/23 15:07:21 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/05/23 13:45:42 | 000,047,722 | ---- | C] () -- C:\Documents and Settings\Nate\My Documents\cc_20100523_134537.reg
[2010/05/23 03:30:48 | 000,434,176 | RHS- | C] () -- C:\WINDOWS\System32\cffmon.exe
[2010/05/22 17:59:22 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\AutoCorrect Backup Document.doc
[2010/05/22 16:54:46 | 000,434,176 | RHS- | C] () -- C:\explorer.exe
[2010/05/22 13:14:51 | 000,000,285 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to Big Mother (J).lnk
[2010/05/22 13:14:29 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\Shortcut to My Computer.lnk
[2010/05/20 01:10:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/20 01:10:46 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/05/20 01:10:46 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/05/20 01:10:46 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/05/20 01:10:46 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/05/20 01:10:46 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/05/20 01:10:44 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/05/20 01:10:44 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/05/20 01:10:44 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/05/20 01:10:44 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/05/20 01:10:44 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/05/20 01:10:44 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qasf.dll
[2010/05/20 01:10:44 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/05/20 01:10:44 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/05/20 01:10:44 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/05/20 01:10:43 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/05/20 01:10:43 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/05/19 20:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/19 13:25:18 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\Computer Management (2).lnk
[2010/05/18 20:23:10 | 000,192,307 | ---- | C] () -- C:\wubildr
[2010/05/18 20:23:10 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2010/05/18 16:55:19 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.acm
[2010/05/18 16:33:29 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/05/18 16:22:13 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/18 00:31:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/17 23:59:46 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2010/05/17 23:36:11 | 000,000,972 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-746137067-725345543-1003UA.job
[2010/05/17 23:36:11 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-746137067-725345543-1003Core.job
[2010/05/17 23:19:20 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\Nate\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/05/17 21:36:56 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/17 21:36:56 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/17 21:36:56 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/17 21:36:56 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/17 21:36:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/17 21:36:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/17 21:36:56 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/17 21:36:56 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/17 21:36:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/17 21:36:56 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/17 21:36:56 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/17 21:36:56 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/17 21:36:56 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/17 21:36:56 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/17 21:36:56 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/17 21:36:56 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/17 21:36:56 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/17 21:36:56 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/17 21:36:56 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/17 21:36:56 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/17 21:36:56 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/17 21:36:56 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/17 21:36:56 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/17 21:36:56 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/17 21:36:56 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/17 21:36:56 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/17 21:36:56 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/17 21:36:55 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/17 21:36:55 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/17 21:36:55 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/17 21:36:53 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/17 21:36:53 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/17 21:36:53 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/17 21:36:53 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/17 21:36:53 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/17 21:36:53 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/17 21:36:53 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/17 21:36:53 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/17 21:36:53 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/17 21:36:53 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/17 21:36:53 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/17 21:36:52 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/17 21:36:52 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/17 21:36:52 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/17 21:36:51 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/17 21:36:50 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/05/17 21:36:50 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/17 21:36:50 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/17 21:36:48 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/05/17 21:36:48 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/17 21:36:48 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/17 21:36:48 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/17 21:36:48 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/05/17 21:36:47 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/17 21:36:45 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/17 21:36:43 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/17 21:36:43 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/05/17 21:36:43 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/17 21:36:43 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/17 21:36:43 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/17 21:36:42 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/17 21:36:42 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/17 21:36:42 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/17 21:36:42 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/17 21:36:42 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/17 21:36:41 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/17 21:36:14 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/05/17 21:29:10 | 000,000,632 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2010/05/17 21:21:51 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Nate\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/17 21:18:38 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nate\Desktop\budget.xls
[2010/05/17 21:13:26 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/17 21:13:26 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/17 21:13:26 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/17 21:13:26 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/17 21:13:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/17 21:13:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/17 21:13:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/17 21:13:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/17 21:13:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/17 21:13:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/17 21:13:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/17 21:13:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/17 21:13:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/17 21:13:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/17 21:13:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/17 21:13:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/17 21:13:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/17 21:13:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/17 21:13:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/17 21:13:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/17 21:13:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/17 21:13:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/17 21:13:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/17 21:13:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/17 21:13:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/17 21:13:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/17 21:13:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/17 21:13:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/17 21:13:19 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/17 21:13:19 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/17 21:13:19 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/17 21:13:19 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/17 21:13:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/17 21:13:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/17 21:13:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/17 21:13:18 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/17 21:13:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/17 21:13:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/17 21:13:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/17 21:13:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/17 21:13:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/17 21:13:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/17 21:13:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/17 21:13:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/17 21:13:14 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/17 21:11:25 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/05/17 21:11:25 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/17 21:11:25 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/17 21:11:25 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/17 21:11:25 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/17 21:11:25 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/17 21:11:25 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/17 21:11:25 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/17 21:10:50 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/17 21:09:19 | 000,000,236 | -HS- | C] () -- C:\boot.ini
[2010/05/17 21:09:16 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/17 20:57:22 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/05/17 20:41:47 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/05/17 20:41:47 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/05/17 20:36:11 | 000,207,407 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/17 20:35:49 | 000,018,725 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/17 20:35:04 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2010/05/17 20:35:03 | 000,006,045 | R--- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/05/17 20:35:00 | 000,002,306 | R--- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2010/05/17 20:33:54 | 000,409,600 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe
[2010/05/17 20:31:59 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Nate\ntuser.dat.LOG
[2010/05/17 20:31:59 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Nate\ntuser.ini
[2010/05/17 20:31:58 | 003,145,728 | -H-- | C] () -- C:\Documents and Settings\Nate\NTUSER.DAT
[2010/05/17 20:30:26 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/17 20:29:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/17 20:29:29 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/17 20:29:10 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/17 20:29:10 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/17 20:29:10 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/17 20:28:59 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/17 20:28:59 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/17 20:28:54 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/17 20:28:54 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/17 20:28:53 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/17 20:28:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/17 20:28:45 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/17 20:28:36 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/17 20:28:34 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/17 20:28:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/17 20:28:33 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/17 20:28:33 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/17 20:28:33 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/17 20:28:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/17 20:28:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/17 20:28:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/17 20:28:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/17 20:28:32 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/17 20:28:32 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/17 20:28:32 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/17 20:28:32 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/17 20:28:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/17 20:28:31 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/17 20:28:31 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/17 20:28:31 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/17 20:28:31 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/17 20:28:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/17 20:28:30 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/17 20:28:30 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/17 20:28:30 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/17 20:28:30 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/17 20:28:30 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/17 20:28:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/17 20:27:50 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/17 20:27:50 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/17 20:27:50 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/17 20:27:50 | 000,000,000 | RHS- | C] () -- C:\CONFIG.SYS
[2010/05/17 20:27:50 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/17 20:27:47 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/17 20:27:47 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/17 20:27:46 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/17 20:26:54 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/17 20:26:54 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/17 20:26:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/17 20:26:36 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/17 20:26:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/17 20:26:17 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/17 20:26:13 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/17 20:25:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/17 20:24:47 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/17 20:24:47 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/17 20:24:47 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/17 20:24:47 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/17 20:24:47 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/17 20:24:47 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/17 20:24:47 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/17 20:24:47 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/17 20:24:47 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/17 20:24:47 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/17 20:24:47 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/17 20:24:46 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/17 20:24:46 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/17 20:24:46 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/17 20:24:46 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/17 20:24:46 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/17 20:24:46 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/17 20:24:46 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/17 20:24:46 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/17 20:24:45 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/17 20:24:45 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/17 20:24:44 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/17 20:24:40 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/03/10 22:18:00 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll
[2009/01/15 20:42:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 20:42:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 20:42:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 20:42:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/05 11:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/07/05 11:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/07/05 11:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/06/22 17:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/06/13 11:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/06/12 18:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/07/10 16:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/10/03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/17 20:27:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/18 20:23:10 | 000,000,236 | -HS- | M] () -- C:\boot.ini
[2010/05/18 19:16:14 | 000,000,000 | RHS- | M] () -- C:\CONFIG.SYS
[2004/08/04 13:00:00 | 000,434,176 | RHS- | M] () -- C:\explorer.exe
[2010/05/26 22:43:55 | 2079,707,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 20:27:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/17 20:27:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/17 23:33:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/26 22:43:53 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/10/27 18:37:36 | 000,192,307 | ---- | M] () -- C:\wubildr
[2008/10/27 18:37:36 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 01:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll
[2008/04/14 01:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/17 21:09:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/17 21:09:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/17 21:09:18 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 14:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/05/18 16:33:30 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


Extras

OTL Extras logfile created on: 26/05/2010 22:51:20 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Nate\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.37 Gb Total Space | 11.81 Gb Free Space | 44.78% Space Free | Partition Type: NTFS
Drive D: | 69.91 Gb Total Space | 52.09 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 19.53 Gb Total Space | 11.30 Gb Free Space | 57.85% Space Free | Partition Type: NTFS
Drive Z: | 76.69 Gb Total Space | 76.62 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: BOGEY-3B4E1DD10
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FlockHTML] -- C:\Program Files\Flock\flock.exe (Flock, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"D:\Game Files\CoD2MP_s.exe" = D:\Game Files\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- File not found
"D:\Game Files\Call of Duty\CoDUOMP.exe" = D:\Game Files\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"C:\WINDOWS\system32\cyyyqgt.exe" = C:\WINDOWS\system32\cyyyqgt.exe:*:Enabled:WinServer -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Drumaxx" = Drumaxx
"Flock (2.5.6)" = Flock (2.5.6)
"Guild Wars" = Guild Wars
"Hardcore" = Hardcore
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InfraRecorder" = InfraRecorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PoiZone" = PoiZone
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"Sakura" = Sakura
"Sawer" = Sawer
"Toxic Biohazard" = Toxic Biohazard
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Ubuntu
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/05/2010 08:39:17 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:39:22 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:39:27 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:40:07 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:40:12 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:40:17 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:40:22 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:40:27 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 08:40:32 | Computer Name = BOGEY-3B4E1DD10 | Source = McLogEvent | ID = 259
Description = The file H:\backup of lap\Stress Relief.exe contains the Joke-StressRelief
Joke. Undetermined clean error, delete failed. Detected using Scan engine version
5400.1158 DAT version 5989.0000.

Error - 22/05/2010 12:17:17 | Computer Name = BOGEY-3B4E1DD10 | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 9.2 -- A process is running that cannot be shut
down by Setup. Please either close all applications and run Setup again, or restart
your computer and run Setup again.

[ System Events ]
Error - 26/05/2010 01:13:32 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer COMPAQPC9 using any
of the configured protocols.

Error - 26/05/2010 01:13:53 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer DESMOND-PC using
any of the configured protocols.

Error - 26/05/2010 01:14:14 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer DESMOND-PC using
any of the configured protocols.

Error - 26/05/2010 01:14:18 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer DYRES224-138 using
any of the configured protocols.

Error - 26/05/2010 01:14:21 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer DYRES224-138 using
any of the configured protocols.

Error - 26/05/2010 01:14:25 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer ELLIOT-PC using any
of the configured protocols.

Error - 26/05/2010 01:14:27 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer ELLIOT-PC using any
of the configured protocols.

Error - 26/05/2010 01:14:48 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer EX-S-GUNDAM-BST using
any of the configured protocols.

Error - 26/05/2010 01:15:09 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer EX-S-GUNDAM-BST using
any of the configured protocols.

Error - 26/05/2010 01:15:14 | Computer Name = BOGEY-3B4E1DD10 | Source = DCOM | ID = 10009
Description = DCOM was unable to communicate with the computer HARRI using any of
the configured protocols.


< End of report >

#4 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,570
  • Joined: 31-May 06

Posted 26 May 2010 - 04:50 PM

Hmm this is determined to be in at the start

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKLM..\Run: [WindowsDefender] C:\WINDOWS\system32\cyyyqgt.exe ()
O4 - HKCU..\Run: [Com32] C:\WINDOWS\system32\cyyyqgt.exe ()
O4 - HKCU..\RunServicesOnce: [LogServ] C:\WINDOWS\system32\cyyyqgt.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reboot.exe ()
F3 - HKCU WinNT: Load - (C:\WINDOWS\system32\cyyyqgt.exe) - C:\WINDOWS\system32\cyyyqgt.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\cyyyqgt.exe) - C:\WINDOWS\system32\cyyyqgt.exe ()

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\cyyyqgt.exe"=-

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5 Essexboy

  • Group: GeekU Moderator
  • Posts: 55,570
  • Joined: 31-May 06

Posted 30 May 2010 - 05:58 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1