Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked Browser and Other Problems [Solved]

Started by Seven14 , Jun 23 2010 12:01 AM

  • This topic is locked This topic is locked

#1
Seven14
Posted 23 June 2010 - 12:01 AM

Seven14

    Member

  • Member
  • PipPip
  • 24 posts
Hello,

I've got occasional pop-ups (even when I'm not using the internet). There is a constant double-clicking sound that sounds identical to when a link is accessed in IE (again, even when I'm not using the internet and in this case even when I've disabled my network completely). Many, many links lead to false pages with adds instead of the content I was looking for and occasionally, clicking on thumbnail images while on the internet is disabled.

I also have a Java icon which seems to appear in my taskbar at random. It seems legit, but this has never happened before.

4 days ago, AVG started detecting threats in the Windows\Temp folder, calling the file svchost.exe. Attempting to move them to the vault or remove them was a failure as AVG reported they couldn't be accessed.

I've run AVG, Super Anti Spyware and Malawarebytes. All have turned up with threats I have then removed. The problem seems to go away, and then it comes back again.

Please help. I'm new to the forums, so please just tell me what to do.

Thank you in advance.
  • 0

Advertisements

#2
kahdah
Posted 23 June 2010 - 05:32 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Seven14

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Edited by kahdah, 23 June 2010 - 05:33 AM.

  • 0

#3
Seven14
Posted 25 June 2010 - 11:37 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you for the quick reply, and my apologies for taking so long with mine.

Requested logs:


OLG.txt

OTL logfile created on: 6/24/2010 10:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 632.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 18.49 Gb Free Space | 28.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.80 Gb Free Space | 67.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOW
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norstart) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (oxpar) -- C:\WINDOWS\system32\drivers\oxpar.sys (OEM)
DRV - (oxser) -- C:\WINDOWS\system32\drivers\oxser.sys (OEM)
DRV - (oxmf) -- C:\WINDOWS\system32\drivers\oxmf.sys (OEM)
DRV - (Oxmfuf) -- C:\WINDOWS\system32\drivers\oxmfuf.sys (OEM)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/06/20 23:05:44 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (CAB Class) - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - C:\WINDOWS\system32\S564EVB2.dll (TODO: <Company name>)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 525Blue.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/20 23:05:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2006/02/27 22:00:00 | 008,384,000 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\gagxuj.dll) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server\gagxuj.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/04 16:36:55 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/24 22:01:58 | 000,118,784 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010/06/23 13:18:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 02:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/23 02:29:44 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/23 02:23:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/23 02:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/23 01:33:33 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/06/23 01:33:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt_setup.exe
[2010/06/23 01:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/23 01:16:10 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2010/06/23 01:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/22 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/22 22:46:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/06/22 03:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\yohyisivy
[2010/06/22 00:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Windows Server
[2010/06/21 23:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Youth.In.Revolt.DVDRip.XviD-ARROW
[2010/06/21 01:11:10 | 000,045,056 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\S564EVB2.dll
[2010/06/20 23:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/20 20:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010/06/20 20:31:17 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/20 20:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/20 20:28:21 | 036,600,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdasetup.exe
[2010/06/20 05:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/06/20 05:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/20 05:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/19 22:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lvtwdsjdu
[2010/06/19 22:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/19 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 22:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/19 21:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/06/19 21:48:19 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/06/19 21:48:19 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/06/19 21:48:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/06/19 21:48:18 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/06/19 21:48:18 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/06/19 21:48:17 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/06/19 21:48:17 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/06/19 21:48:17 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/06/19 21:48:16 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/06/19 21:48:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/06/19 21:48:15 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/06/19 21:48:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/06/19 21:48:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/06/19 21:48:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/06/19 21:48:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/06/19 21:48:13 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/06/19 21:48:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/06/19 21:48:12 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/06/19 21:48:11 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/06/19 21:48:10 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/06/19 21:48:10 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/06/19 21:48:10 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/06/19 21:48:09 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/06/19 21:48:09 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/06/19 21:48:08 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/06/19 21:48:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/06/19 21:48:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/06/19 21:48:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/06/19 21:48:07 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/06/19 21:48:05 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/06/19 21:48:05 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/06/19 21:48:05 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/06/19 21:48:04 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/06/19 21:48:03 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/06/19 21:48:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/06/19 21:48:03 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/06/19 21:48:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/06/19 21:48:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/06/19 21:48:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/06/19 21:48:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/06/19 21:48:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/06/19 21:48:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/06/19 21:47:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/06/19 21:47:58 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/06/19 21:47:58 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/06/19 21:47:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/06/19 21:47:57 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/06/19 21:47:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/06/19 21:47:56 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/06/19 21:47:56 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/06/19 21:47:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/06/19 21:47:55 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/06/19 21:47:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/06/19 21:47:53 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/06/19 21:47:53 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/06/19 21:47:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/06/19 21:47:52 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/06/19 21:47:51 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/06/19 21:47:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/06/19 21:47:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/06/19 21:47:50 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/06/19 21:47:50 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/06/19 21:47:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/06/19 21:47:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/06/19 21:47:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/06/19 21:47:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/06/19 21:47:46 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/06/19 21:47:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/06/19 21:47:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/06/19 21:47:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/06/19 21:47:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/06/19 21:47:43 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/06/19 21:47:43 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/06/19 21:47:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/06/19 21:47:42 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/06/19 21:47:42 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/06/19 21:47:41 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/06/19 21:47:41 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/06/19 21:47:41 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/06/19 21:47:40 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/06/19 21:47:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/06/19 21:47:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/06/19 21:47:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/06/19 21:47:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/06/19 21:47:34 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/06/19 21:47:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/06/19 21:47:34 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/06/19 21:47:33 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/06/19 21:47:32 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/06/19 21:47:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/06/19 21:47:30 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/06/19 21:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/19 21:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\pcsx2
[2010/06/19 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\pcsx2
[2010/06/19 15:50:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/19 15:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/19 15:11:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/06/19 15:10:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/06/19 15:09:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/19 15:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/19 15:06:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/19 15:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/19 15:03:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2010/06/13 22:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2010/06/13 22:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/06/10 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sony
[2010/06/10 03:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/06/10 03:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Podcasts
[2010/06/10 03:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Media Go
[2010/06/10 03:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/06/10 03:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2010/06/10 02:59:46 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/06/10 02:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/06/10 02:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/10 02:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/06/10 02:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/06/07 17:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Totem Shared
[2010/05/30 04:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/05/30 04:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/30 04:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/30 04:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/30 04:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2010/05/30 04:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/30 04:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2010/05/30 04:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/05/30 04:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/05/30 04:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2010/05/30 00:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/05/29 16:26:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/29 16:22:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2010/05/29 16:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/29 16:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/27 02:53:18 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/05/27 02:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2010/05/27 02:47:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Moyea
[2010/05/27 01:53:53 | 000,046,592 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusb0.dll
[2010/05/27 01:53:53 | 000,019,456 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusbd-9x.exe
[2010/05/27 01:53:53 | 000,018,944 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\libusbd-nt.exe
[2010/05/27 01:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\LibUSB-Win32-0.1.10.1
[2010/05/27 01:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/05/27 01:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/27 01:15:46 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010/05/27 01:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/27 01:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/05/27 01:14:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/27 01:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/27 01:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/27 01:11:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/27 01:10:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/27 00:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/05/27 00:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/05/26 23:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010/05/26 23:44:56 | 000,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2010/05/26 23:44:56 | 000,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2010/05/26 23:44:21 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/05/26 23:44:16 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2010/05/26 23:44:16 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2010/05/26 23:44:16 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2010/05/26 23:44:16 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2010/05/26 23:44:15 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/05/26 23:29:02 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2010/05/26 22:16:30 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/05/26 22:16:30 | 000,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/05/26 13:27:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2010/05/26 03:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2010/05/26 03:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2010/05/25 22:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/05/25 22:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/05/25 22:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/05/25 22:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2010/05/25 22:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/05/25 22:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2010/05/25 22:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/25 22:18:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/25 22:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/25 22:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/05/25 22:16:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/05/25 22:15:43 | 003,006,464 | ---- | C] (Nero AG) -- C:\WINDOWS\UNNeroShowTime.exe
[2010/05/25 22:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/05/25 22:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead

========== Files - Modified Within 30 Days ==========

[2010/06/24 22:01:58 | 000,118,784 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010/06/24 22:01:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/24 22:01:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/24 13:30:16 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/06/24 13:30:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/06/24 04:56:20 | 005,884,468 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/24 04:51:22 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/06/24 04:51:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/24 04:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/06/24 03:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/06/24 02:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/06/24 01:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/06/24 01:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/06/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/06/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/06/24 00:53:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/06/24 00:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/24 00:17:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/06/24 00:16:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/06/24 00:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/06/23 23:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/06/23 22:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/23 22:05:26 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/23 13:18:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 02:30:40 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/23 02:30:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/23 02:29:51 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/06/23 02:22:19 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/06/23 02:22:19 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/06/23 02:03:03 | 000,070,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/23 02:02:07 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/23 01:33:34 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/06/23 01:33:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt_setup.exe
[2010/06/23 01:32:32 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/06/23 01:16:12 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2010/06/23 01:07:09 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WindowsDefender.msi
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/06/22 22:27:30 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cxA38b.dat
[2010/06/22 22:27:28 | 000,070,146 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\s3422O8V.exe
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/06/22 03:09:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/06/22 03:09:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/06/21 23:47:12 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/21 22:41:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/06/21 13:18:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/06/21 01:53:57 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 01:53:48 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/21 01:11:10 | 000,045,056 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\S564EVB2.dll
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/20 23:05:45 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/06/20 20:44:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/06/20 20:28:24 | 036,600,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdasetup.exe
[2010/06/19 15:50:36 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/19 15:28:01 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/06/13 22:52:14 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PhotoScape.lnk
[2010/06/10 02:58:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/07 20:15:47 | 000,020,358 | ---- | M] () -- C:\WINDOWS\vgirl.prf
[2010/06/02 04:55:30 | 000,527,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/06/02 04:55:30 | 000,239,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/06/02 04:55:30 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/05/29 16:22:35 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/29 15:48:32 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/27 01:52:21 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WinRAR.lnk
[2010/05/27 01:15:58 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/27 01:11:30 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/27 00:26:33 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/05/26 23:45:21 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/05/26 23:45:21 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/05/26 23:45:12 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/26 13:27:19 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/26 11:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/05/26 11:41:02 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/05/26 11:41:02 | 001,868,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/05/26 11:41:02 | 000,470,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/05/26 11:41:02 | 000,248,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/05/25 22:16:51 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/05/25 22:16:11 | 000,000,967 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk

========== Files Created - No Company Name ==========

[2010/06/23 02:30:40 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/23 02:22:19 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/06/23 02:22:19 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/06/23 01:32:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/06/23 01:07:05 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WindowsDefender.msi
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/06/22 22:27:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/06/21 13:18:30 | 000,070,146 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\s3422O8V.exe
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/06/21 01:11:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cxA38b.dat
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/06/20 23:05:45 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/06/20 20:31:17 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/19 15:28:01 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/06/13 22:52:14 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PhotoScape.lnk
[2010/06/10 02:59:38 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2010/06/10 02:59:38 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2010/06/10 02:58:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/07 17:34:13 | 000,020,358 | ---- | C] () -- C:\WINDOWS\vgirl.prf
[2010/05/30 04:46:07 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/30 04:46:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/29 16:22:35 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/29 16:21:47 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/29 16:21:47 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/29 15:48:32 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/05/27 01:53:53 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/05/27 01:52:21 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WinRAR.lnk
[2010/05/27 01:15:58 | 000,002,561 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/27 01:15:58 | 000,002,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/05/27 00:26:33 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/05/26 23:45:21 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/05/26 23:45:21 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/05/26 13:27:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/26 03:44:49 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/26 03:28:08 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2010/05/26 03:21:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/25 22:18:54 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/25 22:16:51 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/05/25 22:16:11 | 000,000,967 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero ShowTime CE.lnk
[2010/05/25 22:15:43 | 000,081,680 | ---- | C] () -- C:\WINDOWS\UNNeroShowTime.cfg
[2008/06/04 17:08:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/04 16:52:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/04 16:52:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/04 16:52:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/04 16:52:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/04 16:52:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/04 16:52:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/04 16:37:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2006/02/27 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/08 06:12:22 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2010/05/30 00:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\fltk.org
[2010/05/27 02:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Moyea
[2010/05/25 22:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nuance
[2010/05/27 02:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2010/06/14 00:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2008/06/04 17:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2010/06/10 02:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/06/10 03:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/06/21 23:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/05/25 22:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Zeon
[2010/05/25 22:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/05/25 22:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/05/25 22:08:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/06/21 01:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/30 04:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/30 04:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2010/06/24 00:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/06/22 03:09:25 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/06/22 03:09:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/06/22 03:09:26 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/06/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2010/06/24 01:05:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2010/06/22 13:20:18 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2010/06/24 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2010/06/22 22:27:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/24 01:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/23 22:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/23 23:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/24 00:16:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/06/24 02:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/06/24 03:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/06/21 13:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/06/21 13:18:31 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/06/24 00:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/06/24 04:47:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/06/21 22:25:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/06/24 00:53:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/06/24 03:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/06/24 04:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/06/21 01:06:40 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/06/22 00:34:22 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/06/23 23:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/06/24 00:17:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/06/24 01:05:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/06/24 02:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/06/20 16:44:33 | 000,002,099 | ---- | M] () -- C:\aaw7boot.log
[2010/06/20 23:05:45 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2008/06/19 12:45:11 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/06/19 13:07:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/19 13:07:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/27 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/02/27 22:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/24 22:01:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/25 06:17:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/25 06:17:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/25 06:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/19 15:50:36 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


Extras.txt

OTL Extras logfile created on: 6/24/2010 10:10:57 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 632.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 18.49 Gb Free Space | 28.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.80 Gb Free Space | 67.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOW
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\~os4.tmp\rlvknlg.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\~os4.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BDE Setup (Map Version)" = BDE Setup (Map Version)
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow v1.1.3452 [2010-05-24]
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"PhotoScape" = PhotoScape
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2010 10:12:19 PM | Computer Name = WINDOW | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/20/2010 10:13:19 PM | Computer Name = WINDOW | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/21/2010 12:50:06 AM | Computer Name = WINDOW | Source = pctsSvc.exe | ID = 0
Description =

Error - 6/21/2010 1:03:48 AM | Computer Name = WINDOW | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/21/2010 1:04:48 AM | Computer Name = WINDOW | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/21/2010 1:09:30 AM | Computer Name = WINDOW | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/21/2010 1:10:30 AM | Computer Name = WINDOW | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 6/21/2010 2:21:08 AM | Computer Name = WINDOW | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0xd0acb0b5.

Error - 6/21/2010 1:08:09 PM | Computer Name = WINDOW | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 6/21/2010 1:09:09 PM | Computer Name = WINDOW | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 6/17/2010 10:17:44 PM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/17/2010 10:17:44 PM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/17/2010 10:32:45 PM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 6/17/2010 11:02:45 PM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 6/18/2010 12:02:45 AM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 6/18/2010 2:02:45 AM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 6/18/2010 2:17:45 AM | Computer Name = WINDOW | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain 525BLUE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/18/2010 1:16:10 PM | Computer Name = WINDOW | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain 525BLUE due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 6/18/2010 1:16:12 PM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 6/18/2010 1:16:13 PM | Computer Name = WINDOW | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >


ark.txt from GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-26 01:27:07
Windows 5.1.2600 Service Pack 2
Running: fxecjcf4.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF748B994]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 003F000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0118DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01194832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 010B9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 012ADFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 012AE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 012ADF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0118DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 010F1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 012ADE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 012ADE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 012AE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 012ADEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1116] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0119488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1188] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 00B4000A
.text C:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00FF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 003F000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0118DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01194832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 010B9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 012ADFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 012AE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 012ADF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0118DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 010F1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 012ADE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 012ADE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 012AE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 012ADEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1312] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0119488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 003F000C
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01194832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 010B9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 012ADFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 012AE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 012ADF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 012ADE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 012ADE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 012AE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2040] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 012ADEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\Explorer.EXE[3936] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[3936] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[3936] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00C1000C

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 864B2EC5

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt 711 bytes
File C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{04665DFE-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{04665DFF-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66FD5BA2-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66FD5BA3-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FA5E995C-80E0-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{FA5E995D-80E0-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{711CF7C8-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{711CF7C9-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F05DFBC9-80E0-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E9DD1A8-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0E9DD1A9-80E1-11DF-AFA8-001E0BA75FF1}.dat 4608 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4BKXLR7A\battleon_com[1] 0 bytes
File C:\WINDOWS\system32\drivers\pci.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Thank you for your help.
  • 0

#4
kahdah
Posted 26 June 2010 - 06:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looking at your system now, one or more of the identified infections is a backdoor Trojan\Rootkit.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
=======
Download TDSSKiller and save it to your Desktop.

  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log
========

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
Seven14
Posted 26 June 2010 - 05:57 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
TDSKiller

19:07:45:531 3436 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
19:07:45:531 3436 ================================================================================
19:07:45:531 3436 SystemInfo:

19:07:45:531 3436 OS Version: 5.1.2600 ServicePack: 2.0
19:07:45:531 3436 Product type: Workstation
19:07:45:531 3436 ComputerName: WINDOW
19:07:45:531 3436 UserName: Administrator
19:07:45:531 3436 Windows directory: C:\WINDOWS
19:07:45:531 3436 Processor architecture: Intel x86
19:07:45:531 3436 Number of processors: 2
19:07:45:531 3436 Page size: 0x1000
19:07:45:531 3436 Boot type: Normal boot
19:07:45:531 3436 ================================================================================
19:07:45:781 3436 Initialize success
19:07:45:781 3436
19:07:45:781 3436 Scanning Services ...
19:07:46:421 3436 Raw services enum returned 315 services
19:07:46:437 3436
19:07:46:437 3436 Scanning Drivers ...
19:07:47:687 3436 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
19:07:47:734 3436 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:07:47:781 3436 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:07:47:781 3436 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:07:47:796 3436 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
19:07:47:843 3436 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
19:07:47:875 3436 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
19:07:47:921 3436 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:07:47:921 3436 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:07:47:968 3436 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:07:47:984 3436 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:07:48:015 3436 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:07:48:031 3436 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:07:48:062 3436 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:07:48:078 3436 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:07:48:109 3436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:07:48:125 3436 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
19:07:48:156 3436 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:07:48:203 3436 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
19:07:48:250 3436 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
19:07:48:281 3436 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
19:07:48:296 3436 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:07:48:328 3436 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
19:07:48:328 3436 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:07:48:343 3436 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
19:07:48:375 3436 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:07:48:421 3436 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
19:07:48:437 3436 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:07:48:468 3436 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
19:07:48:500 3436 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:07:48:531 3436 FltMgr (358db977c3247038eb58a81fddd2b58f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:07:48:578 3436 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:07:48:578 3436 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:07:48:609 3436 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:07:48:656 3436 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:07:48:671 3436 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:07:48:718 3436 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
19:07:48:765 3436 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:07:48:765 3436 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
19:07:48:812 3436 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
19:07:48:828 3436 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
19:07:48:828 3436 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
19:07:48:843 3436 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
19:07:48:843 3436 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
19:07:48:875 3436 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
19:07:48:906 3436 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
19:07:48:937 3436 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
19:07:48:953 3436 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
19:07:48:968 3436 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
19:07:48:968 3436 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
19:07:48:984 3436 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
19:07:49:015 3436 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
19:07:49:015 3436 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
19:07:49:234 3436 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:07:49:421 3436 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:07:49:640 3436 IntcAzAudAddService (e5c925b50154d102734ab446ade781f4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:07:49:703 3436 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:07:49:718 3436 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:07:49:734 3436 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:07:49:750 3436 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:07:49:750 3436 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:07:49:781 3436 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:07:49:812 3436 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:07:49:828 3436 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:07:49:859 3436 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:07:49:875 3436 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:07:49:921 3436 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:07:49:953 3436 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
19:07:49:984 3436 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
19:07:50:000 3436 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
19:07:50:046 3436 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
19:07:50:078 3436 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:07:50:109 3436 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
19:07:50:140 3436 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:07:50:171 3436 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:07:50:187 3436 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
19:07:50:203 3436 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:07:50:218 3436 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:07:50:250 3436 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:07:50:281 3436 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
19:07:50:296 3436 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:07:50:312 3436 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:07:50:312 3436 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
19:07:50:343 3436 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:07:50:343 3436 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
19:07:50:390 3436 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
19:07:50:421 3436 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:07:50:437 3436 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:07:50:453 3436 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:07:50:468 3436 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
19:07:50:468 3436 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:07:50:500 3436 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:07:50:515 3436 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
19:07:50:562 3436 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
19:07:50:578 3436 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:07:50:593 3436 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:07:50:609 3436 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:07:50:640 3436 oxmf (7a1984671b6c3bbf8fd060f8917208c0) C:\WINDOWS\system32\DRIVERS\oxmf.sys
19:07:50:656 3436 Oxmfuf (0bf21f9a594c1995a46184beb838aca1) C:\WINDOWS\system32\DRIVERS\oxmfuf.sys
19:07:50:687 3436 oxpar (0b2f22e758a459b87a06689a8fedf63e) C:\WINDOWS\system32\DRIVERS\oxpar.sys
19:07:50:703 3436 oxser (002830544100a47e821b906c619267a9) C:\WINDOWS\system32\DRIVERS\oxser.sys
19:07:50:734 3436 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
19:07:50:781 3436 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
19:07:50:812 3436 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
19:07:50:828 3436 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:07:50:843 3436 PCI (5f72d1e22d4b1138ed28e944125357c6) C:\WINDOWS\system32\DRIVERS\pci.sys
19:07:50:843 3436 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pci.sys. Real md5: 5f72d1e22d4b1138ed28e944125357c6, Fake md5: 8086d9979234b603ad5bc2f5d890b234
19:07:50:843 3436 File "C:\WINDOWS\system32\DRIVERS\pci.sys" infected by TDSS rootkit ... 19:07:51:453 3436 Backup copy found, using it..
19:07:51:484 3436 will be cured on next reboot
19:07:51:656 3436 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:07:51:687 3436 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:07:51:750 3436 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:07:51:765 3436 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
19:07:51:765 3436 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:07:51:828 3436 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:07:51:843 3436 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:07:51:843 3436 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:07:51:859 3436 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:07:51:890 3436 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:07:51:906 3436 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:07:51:921 3436 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:07:51:937 3436 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
19:07:51:968 3436 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:07:52:000 3436 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:07:52:015 3436 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:07:52:046 3436 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:07:52:062 3436 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
19:07:52:093 3436 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
19:07:52:109 3436 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:07:52:156 3436 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
19:07:52:171 3436 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
19:07:52:234 3436 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
19:07:52:281 3436 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:07:52:281 3436 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
19:07:52:296 3436 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:07:52:312 3436 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:07:52:328 3436 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
19:07:52:343 3436 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:07:52:343 3436 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:07:52:375 3436 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
19:07:52:421 3436 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:07:52:453 3436 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:07:52:468 3436 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
19:07:52:484 3436 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:07:52:500 3436 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
19:07:52:578 3436 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
19:07:52:609 3436 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:07:52:656 3436 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:07:52:687 3436 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:07:52:734 3436 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:07:52:765 3436 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:07:52:796 3436 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
19:07:52:828 3436 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:07:52:859 3436 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
19:07:52:906 3436 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:07:52:953 3436 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
19:07:52:953 3436 Reboot required for cure complete..
19:07:53:468 3436 Cure on reboot scheduled successfully
19:07:53:468 3436
19:07:53:468 3436 Completed
19:07:53:468 3436
19:07:53:468 3436 Results:
19:07:53:468 3436 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:07:53:468 3436 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:07:53:468 3436
19:07:53:484 3436 KLMD(ARK) unloaded successfully


log.txt

ComboFix 10-06-26.02 - Administrator 06/26/2010 19:21:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.598 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat
c:\documents and settings\All Users\Application Data\s3422O8V.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 )))))))))))))))))))))))))))))))
.

2010-06-26 10:58 . 2010-06-26 10:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2010-06-23 06:30 . 2010-06-23 06:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-23 06:22 . 2010-06-23 06:22 -------- d-----w- c:\program files\ERUNT
2010-06-23 05:16 . 2010-06-23 05:16 -------- d-----w- c:\program files\Trend Micro
2010-06-23 02:54 . 2010-06-23 02:54 -------- d-----w- c:\program files\AVG
2010-06-22 07:07 . 2010-06-23 07:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\yohyisivy
2010-06-22 03:03 . 2010-06-22 03:03 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-21 05:11 . 2010-06-21 05:11 45056 ----a-w- c:\windows\system32\S564EVB2.dll
2010-06-21 03:04 . 2010-06-21 03:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-21 00:34 . 2010-06-21 00:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert
2010-06-21 00:29 . 2010-06-21 05:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-20 09:03 . 2010-06-20 09:03 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-20 09:03 . 2010-06-20 09:03 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-20 09:02 . 2010-06-20 09:02 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-20 09:02 . 2010-06-20 09:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-20 09:01 . 2010-06-20 09:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-20 09:01 . 2010-06-20 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-20 02:23 . 2010-06-20 09:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\lvtwdsjdu
2010-06-20 02:18 . 2010-06-20 02:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-20 01:58 . 2010-06-21 05:08 -------- d-----w- c:\windows\Sun
2010-06-20 01:47 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-06-20 01:44 . 2010-06-20 01:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\pcsx2
2010-06-19 20:24 . 2010-06-19 20:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-19 19:50 . 2010-06-19 19:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 19:48 . 2010-06-20 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-19 19:11 . 2010-06-19 19:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-06-19 19:10 . 2010-06-19 19:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-19 19:09 . 2010-06-19 19:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-19 19:06 . 2010-06-19 19:07 -------- dc-h--w- c:\windows\ie8
2010-06-19 19:03 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2010-06-14 02:52 . 2010-06-14 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape
2010-06-14 02:52 . 2010-06-14 02:52 -------- d-----w- c:\program files\PhotoScape
2010-06-11 03:30 . 2010-06-11 03:30 8854 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-06-11 03:30 . 2010-06-11 03:30 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-06-11 03:30 . 2010-06-11 03:30 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-06-10 07:03 . 2010-06-16 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sony
2010-06-10 07:02 . 2010-06-21 04:51 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-10 07:01 . 2010-06-10 07:01 1227048 ----a-w- c:\documents and settings\Administrator\Application Data\Sony Setup\A92FA306-7E43-4282-93A5-F82B9E3E72B4\wic_x86_enu.exe
2010-06-10 07:00 . 2010-06-10 07:00 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-06-10 07:00 . 2010-06-10 07:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-06-10 06:58 . 2010-06-23 02:46 -------- d-----w- c:\windows\system32\LogFiles
2010-06-10 06:58 . 2010-06-10 06:59 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-06-10 06:57 . 2010-06-10 06:57 12212040 ----a-w- c:\documents and settings\Administrator\Application Data\Sony Setup\A34E95A5-C379-4746-B607-09AE7B36A102\WMFDist11-WindowsXP-x86-ENU.exe
2010-06-10 06:56 . 2010-06-10 07:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Setup
2010-06-10 06:56 . 2010-06-10 06:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony
2010-06-07 21:31 . 2010-06-07 21:31 -------- d-----w- c:\program files\Common Files\Totem Shared
2010-05-30 08:55 . 2010-05-30 08:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-05-30 08:54 . 2010-05-30 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-30 08:54 . 2010-05-30 08:54 -------- d-----w- c:\program files\QuickTime
2010-05-30 08:54 . 2010-05-30 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-30 08:54 . 2010-05-30 08:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2010-05-30 08:52 . 2010-06-23 02:48 -------- d-----w- c:\program files\Common Files\Apple
2010-05-30 08:52 . 2010-05-30 08:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-05-30 08:46 . 2010-05-25 00:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-30 08:46 . 2010-05-30 08:46 -------- d-----w- c:\program files\ffdshow
2010-05-30 08:29 . 2006-07-14 00:57 382976 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\mVBExec.dll
2010-05-30 08:29 . 2004-11-13 01:27 74960 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\ADVPACK.DLL
2010-05-30 08:29 . 2004-11-13 01:27 598288 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\oleaut32.dll
2010-05-30 08:29 . 2004-11-13 01:27 4608 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\W95INF32.DLL
2010-05-30 08:29 . 2004-11-13 01:27 2272 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\W95INF16.DLL
2010-05-30 08:29 . 2004-11-13 01:27 22288 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\comcat.dll
2010-05-30 08:29 . 2004-11-13 01:27 164112 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\olepro32.dll
2010-05-30 08:29 . 2004-11-13 01:27 147728 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\asycfilt.dll
2010-05-30 08:29 . 2004-11-13 01:27 1386496 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\msvbvm60.dll
2010-05-30 08:29 . 2010-05-30 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
2010-05-30 04:04 . 2010-05-30 04:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\fltk.org
2010-05-29 20:26 . 2010-05-29 20:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-29 20:21 . 2010-05-29 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-29 20:21 . 2010-05-29 20:22 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-26 23:23 . 2010-05-26 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-06-26 23:08 . 2004-08-04 01:07 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-06-26 10:58 . 2010-05-26 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-06-23 06:03 . 2008-06-04 20:56 70152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-23 02:27 . 2010-06-21 05:11 112 ----a-w- c:\documents and settings\All Users\Application Data\cxA38b.dat
2010-06-02 08:55 . 2010-06-20 01:48 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55 . 2010-06-20 01:48 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55 . 2010-06-20 01:48 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-30 20:02 . 2010-05-26 17:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-05-30 18:11 . 2010-05-27 04:26 -------- d-----w- c:\program files\CCleaner
2010-05-27 06:55 . 2010-05-27 06:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2010-05-27 06:47 . 2010-05-27 06:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea
2010-05-27 05:53 . 2010-05-27 05:53 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2010-05-27 05:15 . 2008-06-04 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-27 05:14 . 2010-05-27 05:14 -------- d-----w- c:\program files\Microsoft Works
2010-05-27 05:14 . 2010-05-27 05:14 -------- d-----w- c:\program files\MSBuild
2010-05-27 05:13 . 2010-05-27 05:13 -------- d-----w- c:\program files\Microsoft.NET
2010-05-27 05:12 . 2010-05-27 05:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-27 04:20 . 2008-06-19 17:00 -------- d-----w- c:\program files\Nortel Networks
2010-05-27 04:19 . 2010-05-26 02:18 -------- d-----r- c:\program files\Skype
2010-05-27 04:08 . 2010-05-27 04:08 -------- d-----w- c:\program files\7-Zip
2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\Common Files\Nero
2010-05-27 03:44 . 2010-05-26 02:15 -------- d-----w- c:\program files\Ahead
2010-05-26 17:27 . 2010-05-26 17:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-26 15:41 . 2010-06-20 01:48 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 07:25 . 2010-05-26 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2010-05-26 02:18 . 2010-05-26 02:18 -------- d-----w- c:\program files\Common Files\Skype
2010-05-26 02:18 . 2010-05-26 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-26 02:16 . 2010-05-26 02:16 -------- d-----w- c:\program files\uTorrent
2010-05-26 02:15 . 2010-05-26 02:15 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\FLEXnet
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nuance
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\program files\Nuance
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-26 02:07 . 2010-05-26 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
.
<pre>
c:\program files\Compaq\SetRefresh\SetRefresh .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}]
2010-06-21 05:11 45056 ----a-w- c:\windows\system32\S564EVB2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-26 15:08 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Reader-reminder]
2008-11-03 15:02 328992 ----a-w- c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-26 15:08 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 21:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-07-10 17:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 6:28 AM 80128]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/27/2010 1:53 AM 33792]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 6:28 AM 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 6:28 AM 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 6:28 AM 70784]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 4:21 PM 136176]
S3 Norstart;Norstar TSP Launcher;Norstart.exe --> Norstart.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:21]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=smb&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-26 19:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,24,79,31,01,78,c0,4c,80,c7,19,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,88,24,79,31,01,78,c0,4c,80,c7,19,\

[HKEY_USERS\S-1-5-21-3031095049-3479610724-1446092743-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,57,b8,57,20,9e,34,48,85,cc,b5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,57,b8,57,20,9e,34,48,85,cc,b5,\
.
Completion time: 2010-06-26 19:25:16
ComboFix-quarantined-files.txt 2010-06-26 23:25

Pre-Run: 17,204,002,816 bytes free
Post-Run: 17,389,297,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 59F81F077EBCB6A22ED51568C5D4168D
  • 0

#6
kahdah
Posted 27 June 2010 - 11:38 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/Hijacked-Browser-Other-Problems-t280300.html

Collect::
c:\windows\system32\S564EVB2.dll

RenV::
c:\program files\Compaq\SetRefresh\SetRefresh .exe

Folder::
c:\documents and settings\NetworkService\Local Settings\Application Data\yohyisivy

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-3031095049-3479610724-1446092743-500\Software\Microsoft\Internet Explorer\User Preferences]
Save this as CFScript.txt


Drag CFScript.txt into ComboFix.exe

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

4. During this run Combofix will collect and automatically upload some sample files.
You will see it say Combofix needs to upload some samples.
If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.
  • 0

#7
Seven14
Posted 27 June 2010 - 04:54 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Combofx.txt

ComboFix 10-06-27.03 - Administrator 06/27/2010 18:43:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.554 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

file zipped: c:\windows\system32\S564EVB2.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Local Settings\Application Data\yohyisivy
c:\windows\system32\S564EVB2.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-27 to 2010-06-27 )))))))))))))))))))))))))))))))
.

2010-06-27 11:46 . 2010-05-21 18:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-27 09:54 . 2010-06-27 09:54 -------- d-----w- c:\windows\system32\KB905474
2010-06-27 09:52 . 2010-06-27 09:52 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-27 09:51 . 2010-06-27 09:51 -------- d-----w- c:\program files\MSXML 6.0
2010-06-27 09:36 . 2010-06-27 09:36 -------- d-----w- c:\windows\ServicePackFiles
2010-06-27 09:35 . 2010-06-27 09:40 -------- d-----w- c:\windows\ie8updates
2010-06-27 07:16 . 2010-06-27 07:29 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-06-27 07:09 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-27 07:09 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-06-27 07:09 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-06-27 07:08 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-06-27 07:08 . 2009-11-21 16:36 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-06-27 07:08 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-06-27 07:08 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-27 07:08 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-27 07:08 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-27 07:08 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-27 07:08 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-27 07:08 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-27 07:08 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-27 07:08 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-06-27 07:07 . 2009-10-23 14:27 3555328 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-27 07:07 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-06-27 07:07 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-27 07:07 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-06-27 07:05 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-06-27 07:05 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-06-27 07:04 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-06-26 10:58 . 2010-06-26 10:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead
2010-06-23 06:30 . 2010-06-23 06:30 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-23 06:22 . 2010-06-23 06:22 -------- d-----w- c:\program files\ERUNT
2010-06-23 05:16 . 2010-06-23 05:16 -------- d-----w- c:\program files\Trend Micro
2010-06-23 02:54 . 2010-06-23 02:54 -------- d-----w- c:\program files\AVG
2010-06-20 02:23 . 2010-06-20 09:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\lvtwdsjdu
2010-06-20 02:18 . 2010-06-20 02:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-20 01:58 . 2010-06-21 05:08 -------- d-----w- c:\windows\Sun
2010-06-20 01:47 . 2008-05-30 18:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-06-20 01:44 . 2010-06-20 01:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\pcsx2
2010-06-19 20:24 . 2010-06-19 20:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-19 19:50 . 2010-06-19 19:50 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 19:48 . 2010-06-20 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-19 19:11 . 2010-06-19 19:11 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-06-19 19:10 . 2010-06-19 19:10 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-19 19:09 . 2010-06-19 19:09 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-06-19 19:06 . 2010-06-19 19:07 -------- dc-h--w- c:\windows\ie8
2010-06-19 19:03 . 2008-02-26 11:59 294912 ------w- c:\windows\system32\dllcache\msctf.dll
2010-06-14 02:52 . 2010-06-14 04:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape
2010-06-14 02:52 . 2010-06-14 02:52 -------- d-----w- c:\program files\PhotoScape
2010-06-11 03:30 . 2010-06-11 03:30 8854 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-06-11 03:30 . 2010-06-11 03:30 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-06-11 03:30 . 2010-06-11 03:30 40960 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-06-10 07:03 . 2010-06-16 03:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sony
2010-06-10 07:02 . 2010-06-21 04:51 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-06-10 07:01 . 2010-06-10 07:01 1227048 ----a-w- c:\documents and settings\Administrator\Application Data\Sony Setup\A92FA306-7E43-4282-93A5-F82B9E3E72B4\wic_x86_enu.exe
2010-06-10 07:00 . 2010-06-10 07:00 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-06-10 07:00 . 2010-06-10 07:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations
2010-06-10 06:58 . 2010-06-23 02:46 -------- d-----w- c:\windows\system32\LogFiles
2010-06-10 06:58 . 2010-06-10 06:59 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-06-10 06:57 . 2010-06-10 06:57 12212040 ----a-w- c:\documents and settings\Administrator\Application Data\Sony Setup\A34E95A5-C379-4746-B607-09AE7B36A102\WMFDist11-WindowsXP-x86-ENU.exe
2010-06-10 06:56 . 2010-06-10 07:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony Setup
2010-06-10 06:56 . 2010-06-10 06:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sony
2010-06-07 21:31 . 2010-06-07 21:31 -------- d-----w- c:\program files\Common Files\Totem Shared
2010-05-30 08:55 . 2010-05-30 08:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-05-30 08:54 . 2010-05-30 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-30 08:54 . 2010-05-30 08:54 -------- d-----w- c:\program files\QuickTime
2010-05-30 08:54 . 2010-05-30 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-30 08:54 . 2010-05-30 08:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2010-05-30 08:52 . 2010-06-23 02:48 -------- d-----w- c:\program files\Common Files\Apple
2010-05-30 08:52 . 2010-05-30 08:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-05-30 08:46 . 2010-05-25 00:33 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-05-30 08:46 . 2010-05-30 08:46 -------- d-----w- c:\program files\ffdshow
2010-05-30 08:29 . 2006-07-14 00:57 382976 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\mVBExec.dll
2010-05-30 08:29 . 2004-11-13 01:27 74960 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\ADVPACK.DLL
2010-05-30 08:29 . 2004-11-13 01:27 598288 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\oleaut32.dll
2010-05-30 08:29 . 2004-11-13 01:27 4608 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\W95INF32.DLL
2010-05-30 08:29 . 2004-11-13 01:27 2272 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\W95INF16.DLL
2010-05-30 08:29 . 2004-11-13 01:27 22288 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\comcat.dll
2010-05-30 08:29 . 2004-11-13 01:27 164112 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\olepro32.dll
2010-05-30 08:29 . 2004-11-13 01:27 147728 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\asycfilt.dll
2010-05-30 08:29 . 2004-11-13 01:27 1386496 -c--a-w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}\WinRun6-SP6\mVB.dll\msvbvm60.dll
2010-05-30 08:29 . 2010-05-30 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
2010-05-30 04:04 . 2010-05-30 04:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\fltk.org
2010-05-29 20:26 . 2010-05-29 20:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-29 20:21 . 2010-05-29 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-29 20:21 . 2010-05-29 20:22 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 22:46 . 2010-05-26 07:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2010-06-27 11:35 . 2008-06-04 20:56 70152 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-27 09:49 . 2008-06-04 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-27 09:44 . 2010-05-27 05:14 -------- d-----w- c:\program files\Microsoft Works
2010-06-26 23:08 . 2004-08-04 01:07 68224 ----a-w- c:\windows\system32\drivers\pci.sys
2010-06-26 10:58 . 2010-05-26 02:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-06-23 02:27 . 2010-06-21 05:11 112 ----a-w- c:\documents and settings\All Users\Application Data\cxA38b.dat
2010-06-21 05:01 . 2010-06-21 00:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-21 03:04 . 2010-06-21 03:04 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-20 09:03 . 2010-06-20 09:03 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-20 09:03 . 2010-06-20 09:03 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-20 09:02 . 2010-06-20 09:02 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-20 09:02 . 2010-06-20 09:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-06-20 09:01 . 2010-06-20 09:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-20 09:01 . 2010-06-20 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-02 08:55 . 2010-06-20 01:48 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 08:55 . 2010-06-20 01:48 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 08:55 . 2010-06-20 01:48 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-30 20:02 . 2010-05-26 17:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2010-05-30 18:11 . 2010-05-27 04:26 -------- d-----w- c:\program files\CCleaner
2010-05-27 06:55 . 2010-05-27 06:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2010-05-27 06:47 . 2010-05-27 06:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Moyea
2010-05-27 05:53 . 2010-05-27 05:53 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2010-05-27 05:14 . 2010-05-27 05:14 -------- d-----w- c:\program files\MSBuild
2010-05-27 05:13 . 2010-05-27 05:13 -------- d-----w- c:\program files\Microsoft.NET
2010-05-27 05:12 . 2010-05-27 05:12 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-27 04:20 . 2008-06-19 17:00 -------- d-----w- c:\program files\Nortel Networks
2010-05-27 04:19 . 2010-05-26 02:18 -------- d-----r- c:\program files\Skype
2010-05-27 04:08 . 2010-05-27 04:08 -------- d-----w- c:\program files\7-Zip
2010-05-27 03:45 . 2010-05-27 03:45 -------- d-----w- c:\program files\Common Files\Nero
2010-05-27 03:44 . 2010-05-26 02:15 -------- d-----w- c:\program files\Ahead
2010-05-26 17:27 . 2010-05-26 17:27 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-26 15:41 . 2010-06-20 01:48 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 15:41 . 2010-06-20 01:48 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 07:25 . 2010-05-26 07:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2010-05-26 02:18 . 2010-05-26 02:18 -------- d-----w- c:\program files\Common Files\Skype
2010-05-26 02:18 . 2010-05-26 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-26 02:16 . 2010-05-26 02:16 -------- d-----w- c:\program files\uTorrent
2010-05-26 02:15 . 2010-05-26 02:15 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\FLEXnet
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nuance
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Zeon
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\program files\Nuance
2010-05-26 02:08 . 2010-05-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-26 02:07 . 2010-05-26 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2010-05-06 10:41 . 2006-02-28 02:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 07:09 . 2006-02-28 02:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2006-02-28 02:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-26_23.23.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-25 01:15 . 2008-10-25 01:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 44768 c:\windows\system32\wups2.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 35552 c:\windows\system32\wups.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 53472 c:\windows\system32\wuauclt.exe
+ 2006-02-28 02:00 . 2009-06-25 08:17 59392 c:\windows\system32\wdigest.dll
+ 2008-06-19 19:41 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
+ 2006-02-28 02:00 . 2009-06-12 11:50 80896 c:\windows\system32\tlntsess.exe
+ 2006-02-28 02:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2010-05-27 05:15 . 2008-11-10 15:41 67472 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-05-27 05:15 . 2008-11-10 15:41 67472 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2010-06-27 02:50 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2006-02-28 02:00 . 2009-06-25 08:17 56320 c:\windows\system32\secur32.dll
+ 2006-02-28 02:00 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
- 2006-02-28 02:00 . 2006-02-28 02:00 69632 c:\windows\system32\raschap.dll
+ 2006-02-28 02:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll
+ 2006-04-25 17:43 . 2010-06-27 11:38 63392 c:\windows\system32\perfc009.dat
- 2006-04-25 17:43 . 2010-06-25 04:28 63392 c:\windows\system32\perfc009.dat
+ 2006-02-28 02:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2006-02-28 02:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 66560 c:\windows\system32\mtxclu.dll
+ 2006-02-28 02:00 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll
+ 2006-02-28 02:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 11264 c:\windows\system32\msrle32.dll
+ 2006-02-28 02:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll
+ 2010-05-27 05:15 . 2008-11-10 15:41 32656 c:\windows\system32\msonpmon.dll
+ 2009-03-08 08:31 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 58880 c:\windows\system32\msdtclog.dll
+ 2006-02-28 02:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2006-02-28 02:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll
+ 2006-02-28 02:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 48640 c:\windows\system32\mqupgrd.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 48640 c:\windows\system32\mqupgrd.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 95744 c:\windows\system32\mqsec.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 95744 c:\windows\system32\mqsec.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 16896 c:\windows\system32\mqise.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 16896 c:\windows\system32\mqise.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 47104 c:\windows\system32\mqdscli.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 47104 c:\windows\system32\mqdscli.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 19968 c:\windows\system32\mqbkup.exe
+ 2006-02-28 02:00 . 2009-06-22 11:49 19968 c:\windows\system32\mqbkup.exe
- 2006-02-28 02:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll
+ 2006-02-28 02:00 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll
+ 2006-02-28 02:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
+ 2006-02-28 02:00 . 2009-06-22 11:48 91776 c:\windows\system32\drivers\mqac.sys
+ 2006-02-28 02:00 . 2009-06-22 11:35 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2006-02-28 02:00 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 11:50 . 2009-06-12 11:50 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 11:50 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 56320 c:\windows\system32\dllcache\secur32.dll
+ 2010-06-27 07:06 . 2009-02-06 09:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2009-10-12 13:54 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-06-24 16:23 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll
+ 2009-09-04 20:45 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 48640 c:\windows\system32\dllcache\mqupgrd.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 95744 c:\windows\system32\dllcache\mqsec.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 16896 c:\windows\system32\dllcache\mqise.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 47104 c:\windows\system32\dllcache\mqdscli.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 19968 c:\windows\system32\dllcache\mqbkup.exe
+ 2009-06-22 11:48 . 2009-06-22 11:48 91776 c:\windows\system32\dllcache\mqac.sys
+ 2009-06-22 11:34 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
- 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:33 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2009-12-14 07:35 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2010-06-27 07:06 . 2005-07-26 04:20 60416 c:\windows\system32\dllcache\colbact.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2010-01-13 14:10 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57 65536 c:\windows\system32\dllcache\asycfilt.dll
+ 2006-02-28 02:00 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll
+ 2006-02-28 02:00 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 96480 c:\windows\system32\cdm.dll
+ 2006-02-28 02:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 84992 c:\windows\system32\avifil32.dll
+ 2006-02-28 02:00 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 58880 c:\windows\system32\atl.dll
+ 2006-02-28 02:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll
+ 2006-02-28 02:00 . 2010-03-05 14:57 65536 c:\windows\system32\asycfilt.dll
+ 2009-06-24 23:56 . 2009-06-24 23:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2009-06-24 23:56 . 2009-06-24 23:56 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2008-05-28 04:49 . 2008-05-28 04:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 02:09 . 2003-02-21 02:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 02:09 . 2003-02-21 02:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 07:32 . 2004-07-15 07:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-15 08:49 . 2004-07-15 08:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 05:30 . 2008-05-28 05:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-07-24 14:50 . 2006-07-24 14:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2003-06-20 05:29 . 2003-06-20 05:29 86016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-27 01:17 . 2006-10-27 01:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2010-05-27 05:14 . 2010-05-27 05:14 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPOL.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 12080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPOL.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 64288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBIDEPIA.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 76624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 51008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 27456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 58168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 86840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 29976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 23:49 . 2006-10-26 23:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 55056 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCANOST.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 76576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RM.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 19784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 39208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RECALL.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 77144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 12112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPOL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 53048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLVBA.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 46864 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 31000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLACCT.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-27 02:59 . 2006-10-27 02:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 72504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 98632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM.EXE
+ 2006-10-26 23:59 . 2006-10-26 23:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 11544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICEPL.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 16192 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NPOFF12.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 12104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPOL.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 20280 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTAGPIA.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-26 23:58 . 2006-10-26 23:58 20776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPGIMME.DLL
+ 2006-10-27 19:26 . 2006-10-27 19:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 67408 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPUI.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 33104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPPPR.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 32592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPMON.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 19:01 . 2006-10-27 19:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-27 01:13 . 2006-10-27 01:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 23:48 . 2006-10-26 23:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-27 01:18 . 2006-10-27 01:18 66880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 21312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MLSHEXT.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-27 01:41 . 2006-10-27 01:41 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INLAUNCH.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 35112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 16688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 22808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 31016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 04:47 . 2006-10-27 04:47 33568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 34088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 04:47 . 2006-10-27 04:47 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2010-05-27 05:14 . 2010-05-27 05:14 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPOL.DLL
+ 2006-10-26 18:04 . 2006-10-26 18:04 75576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2010-05-27 05:13 . 2010-05-27 05:13 12096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPOL.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 35160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DUMPSTER.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 87344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 01:30 . 2006-10-27 01:30 65312 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 94016 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCOLK.DLL
+ 2010-06-27 09:40 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2010-06-27 09:40 . 2009-03-08 08:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2010-06-27 09:40 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2009-11-27 17:33 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:37 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2010-06-27 09:38 . 2010-06-27 09:38 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_a7040da2\System.Drawing.Design.dll
+ 2010-06-27 09:38 . 2010-06-27 09:38 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ec2e55d0\CustomMarshalers.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 10576 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 11112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 11136 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 11152 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 11128 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 19320 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2006-02-28 02:00 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll
- 2005-09-23 14:29 . 2005-09-23 14:29 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2006-12-22 17:02 . 2006-12-22 17:02 6144 c:\windows\system32\mui\0409\mscorees.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 4608 c:\windows\system32\mqsvc.exe
+ 2006-02-28 02:00 . 2009-06-22 11:49 4608 c:\windows\system32\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 4608 c:\windows\system32\dllcache\mqsvc.exe
+ 2009-11-27 16:37 . 2009-11-27 16:37 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-01-31 19:28 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 209632 c:\windows\system32\wuweb.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 327896 c:\windows\system32\wucltui.dll
+ 2006-02-28 02:00 . 2009-08-06 23:23 575704 c:\windows\system32\wuapi.dll
+ 2006-02-28 02:00 . 2009-04-02 03:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-02-28 02:00 . 2009-07-13 06:18 233472 c:\windows\system32\wmpdxm.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 233472 c:\windows\system32\wmpdxm.dll
+ 2006-02-28 02:00 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2006-02-28 02:00 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 02:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2006-02-28 02:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll
+ 2006-02-28 02:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 351232 c:\windows\system32\winhttp.dll
+ 2006-02-28 02:00 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-02-28 02:00 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-02-28 02:00 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2006-02-28 02:00 . 2010-03-10 06:15 420352 c:\windows\system32\vbscript.dll
- 2006-02-28 02:00 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
+ 2006-02-28 02:00 . 2009-10-16 02:51 119808 c:\windows\system32\t2embed.dll
+ 2006-02-28 02:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll
+ 2010-05-27 05:15 . 2008-11-10 15:41 864144 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-05-27 05:15 . 2008-11-10 15:41 864144 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-02-28 02:00 . 2009-12-08 08:59 474112 c:\windows\system32\shlwapi.dll
- 2006-02-28 02:00 . 2009-01-07 22:20 474112 c:\windows\system32\shlwapi.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 169472 c:\windows\system32\Setup\msmqocm.dll
+ 2006-02-28 02:00 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
+ 2006-02-28 02:00 . 2009-06-25 08:17 168448 c:\windows\system32\schannel.dll
+ 2006-02-28 02:00 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll
+ 2006-02-28 02:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 112128 c:\windows\system32\rastls.dll
+ 2006-02-28 02:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll
+ 2006-04-25 17:43 . 2010-06-27 11:38 404298 c:\windows\system32\perfh009.dat
- 2006-04-25 17:43 . 2010-06-25 04:28 404298 c:\windows\system32\perfh009.dat
+ 2006-02-28 02:00 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 266752 c:\windows\system32\oakley.dll
+ 2006-02-28 02:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll
+ 2006-02-28 02:00 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
+ 2006-02-28 02:00 . 2009-02-06 18:46 408064 c:\windows\system32\netlogon.dll
+ 2006-02-28 02:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 245248 c:\windows\system32\mswsock.dll
+ 2006-02-28 02:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll
+ 2006-02-28 02:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll
+ 2006-02-28 02:00 . 2009-09-11 14:03 136192 c:\windows\system32\msv1_0.dll
+ 2006-02-28 02:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2006-02-28 02:00 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll
+ 2006-02-28 02:00 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 343040 c:\windows\system32\mspaint.exe
+ 2006-02-28 02:00 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe
+ 2009-03-08 08:32 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll
+ 2006-02-28 02:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-02-28 02:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2006-02-28 02:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2006-12-22 16:28 . 2006-12-22 16:28 271360 c:\windows\system32\mscoree.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 471552 c:\windows\system32\mqutil.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 471552 c:\windows\system32\mqutil.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 186880 c:\windows\system32\mqtrig.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 186880 c:\windows\system32\mqtrig.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 117248 c:\windows\system32\mqtgsvc.exe
+ 2006-02-28 02:00 . 2009-06-22 11:49 117248 c:\windows\system32\mqtgsvc.exe
+ 2006-02-28 02:00 . 2009-06-25 18:36 517120 c:\windows\system32\mqsnap.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 123392 c:\windows\system32\mqrtdep.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 123392 c:\windows\system32\mqrtdep.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 177152 c:\windows\system32\mqrt.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 177152 c:\windows\system32\mqrt.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 661504 c:\windows\system32\mqqm.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 225280 c:\windows\system32\mqoa.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 225280 c:\windows\system32\mqoa.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 138240 c:\windows\system32\mqad.dll
+ 2006-02-28 02:00 . 2009-06-25 18:36 138240 c:\windows\system32\mqad.dll
+ 2006-02-28 02:00 . 2009-06-25 08:17 729600 c:\windows\system32\lsasrv.dll
- 2006-02-28 02:00 . 2006-10-19 00:03 100864 c:\windows\system32\logagent.exe
+ 2006-02-28 02:00 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2006-02-28 02:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2006-02-28 02:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-02-28 02:00 . 2009-06-25 08:17 301568 c:\windows\system32\kerberos.dll
+ 2010-06-27 09:54 . 2009-03-11 02:18 453512 c:\windows\system32\KB905474\wgasetup.exe
+ 2006-02-28 02:00 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2006-02-28 02:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2006-02-28 02:00 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll
+ 2006-02-28 02:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe
- 2006-02-28 02:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2006-02-28 02:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll
- 2006-04-25 17:39 . 2010-06-23 06:02 267800 c:\windows\system32\FNTCACHE.DAT
+ 2006-04-25 17:39 . 2010-06-27 11:33 267800 c:\windows\system32\FNTCACHE.DAT
+ 2006-02-28 02:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll
+ 2006-02-28 02:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys
+ 2006-02-28 02:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys
+ 2006-02-28 02:00 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys
+ 2006-02-28 02:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys
+ 2006-02-28 02:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys
+ 2006-02-28 02:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys
+ 2006-02-28 02:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2006-02-28 02:00 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-02-28 02:00 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2009-04-02 03:02 . 2009-04-02 03:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2009-07-13 06:18 . 2009-07-13 06:18 233472 c:\windows\system32\dllcache\wmpdxm.dll
+ 2008-06-18 09:03 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2010-06-27 07:06 . 2009-02-06 09:41 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2009-02-10 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2007-10-27 21:40 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2009-06-10 06:32 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2009-12-24 07:05 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2009-03-08 08:34 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2009-03-08 08:33 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 09:52 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 10:45 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys
+ 2009-10-16 02:51 . 2009-10-16 02:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-08-26 08:16 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll
- 2009-01-07 22:20 . 2009-01-07 22:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-01-07 22:20 . 2009-12-08 08:59 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2010-06-27 07:06 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\services.exe
+ 2009-06-25 08:44 . 2009-06-25 08:17 168448 c:\windows\system32\dllcache\schannel.dll
+ 2010-06-27 07:06 . 2009-02-09 10:01 401408 c:\windows\system32\dllcache\rpcss.dll
+ 2009-04-15 15:11 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-10-12 13:54 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll
+ 2010-06-27 07:06 . 2009-03-06 14:00 284160 c:\windows\system32\dllcache\pdh.dll
+ 2009-03-08 08:34 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:53 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll
+ 2010-06-27 07:06 . 2009-02-09 10:01 715264 c:\windows\system32\dllcache\ntdll.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2008-06-20 17:41 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll
+ 2009-08-05 09:11 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:44 . 2009-09-11 14:03 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-03-08 08:32 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-12-16 12:58 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 169472 c:\windows\system32\dllcache\msmqocm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 471552 c:\windows\system32\dllcache\mqutil.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 186880 c:\windows\system32\dllcache\mqtrig.dll
+ 2009-06-22 11:49 . 2009-06-22 11:49 117248 c:\windows\system32\dllcache\mqtgsvc.exe
+ 2009-06-25 18:36 . 2009-06-25 18:36 517120 c:\windows\system32\dllcache\mqsnap.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 123392 c:\windows\system32\dllcache\mqrtdep.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 177152 c:\windows\system32\dllcache\mqrt.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 661504 c:\windows\system32\dllcache\mqqm.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 225280 c:\windows\system32\dllcache\mqoa.dll
+ 2009-06-25 18:36 . 2009-06-25 18:36 138240 c:\windows\system32\dllcache\mqad.dll
+ 2009-06-25 08:44 . 2009-06-25 08:17 729600 c:\windows\system32\dllcache\lsasrv.dll
+ 2008-06-18 05:09 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:18 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2009-06-25 08:44 . 2009-06-25 08:17 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 08:33 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
+ 2010-01-29 15:08 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-03-08 08:31 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 08:32 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-23 13:01 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll
+ 2010-06-27 07:06 . 2009-02-09 10:01 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2008-07-07 20:32 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll
+ 2008-06-20 17:41 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll
+ 2010-04-20 05:51 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll
+ 2008-06-20 10:44 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys
+ 2010-06-27 07:06 . 2009-02-09 10:01 617984 c:\windows\system32\dllcache\advapi32.dll
+ 2006-08-16 11:58 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2006-02-28 02:00 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
+ 2006-02-28 02:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll
+ 2008-05-28 04:49 . 2008-05-28 04:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 07:33 . 2004-07-15 07:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 07:25 . 2004-07-15 07:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 05:30 . 2008-05-28 05:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 08:49 . 2004-07-15 08:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-06-27 09:54 . 2010-06-27 09:54 969728 c:\windows\Installer\22b2f79.msi
+ 2010-06-27 09:52 . 2010-06-27 09:52 470528 c:\windows\Installer\22b2f72.msi
- 2010-05-27 05:11 . 2010-05-27 05:11 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2010-06-27 09:41 . 2010-06-27 09:41 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-02-26 05:01 . 2007-02-26 05:01 437160 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWTRIG20.EXE
+ 2006-10-27 02:48 . 2006-10-27 02:48 439568 c:\windows\Installer\$PatchCache$\Managed\000021599B0090400000000000F01FEC\12.0.6012\DWDCW20.DLL
+ 2006-07-24 14:50 . 2006-07-24 14:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 530760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
+ 2006-10-27 00:49 . 2006-10-27 00:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 781104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2006-10-27 19:23 . 2006-10-27 19:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 18:05 . 2006-10-26 18:05 126784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-07-28 19:21 . 2006-07-28 19:21 277320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 502608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 00:13 . 2006-10-27 00:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 00:55 . 2006-10-27 00:55 272744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 263520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 408880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\RTFHTML.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 744808 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-27 00:09 . 2006-10-27 00:09 590144 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 624456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 413472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 00:09 . 2006-10-27 00:09 136008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 248632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.DLL
+ 2006-10-27 01:07 . 2006-10-27 01:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-27 01:30 . 2006-10-27 01:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 594256 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-07-26 22:53 . 2006-07-26 22:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 138512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLCTL.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 540008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ORGCHART.EXE
+ 2006-10-27 00:23 . 2006-10-27 00:23 782720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 19:39 . 2006-10-27 19:39 687432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 00:32 . 2006-10-27 00:32 604000 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 192848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-10-27 00:34 . 2006-10-27 00:34 660792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 254776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLKFSTUB.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 12:37 . 2006-10-20 12:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 416544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFICE.DLL
+ 2006-10-27 00:06 . 2006-10-27 00:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 23:55 . 2006-10-26 23:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 17:56 . 2006-10-26 17:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 23:50 . 2006-10-26 23:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 18:47 . 2006-10-26 18:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 17:56 . 2006-10-26 17:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 23:56 . 2006-10-26 23:56 864080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSONPDRV.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 18:59 . 2006-10-27 18:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 20:58 . 2006-10-26 20:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 17:58 . 2006-10-26 17:58 290576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 497504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 340248 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-26 23:55 . 2006-10-26 23:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 23:58 . 2006-10-26 23:58 525664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIVWCTL.DLL
+ 2006-10-26 23:58 . 2006-10-26 23:58 274776 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MDIINK.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 118112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 609104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2006-10-27 01:42 . 2006-10-27 01:42 176976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 138024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 631080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 572216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 268080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 955680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 222512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 363304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 224048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 317736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 197920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 377136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 768304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 117584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 300336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 284448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 338216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2010-05-27 05:14 . 2010-05-27 05:14 150320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPHPIA.DLL
+ 2006-10-27 19:09 . 2006-10-27 19:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 154960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ENVELOPE.DLL
+ 2006-10-27 00:55 . 2006-10-27 00:55 116544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EMABLT32.DLL
+ 2006-10-27 02:48 . 2006-10-27 02:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 00:12 . 2006-10-27 00:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-27 04:48 . 2006-10-27 04:48 234784 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 00:12 . 2006-10-27 00:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 133936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 23:59 . 2006-10-26 23:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 19:41 . 2006-10-27 19:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 19:40 . 2006-10-27 19:40 208760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 826232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEWDAT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 00:13 . 2006-10-27 00:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 01:18 . 2006-10-27 01:18 162616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 02:49 . 2006-10-27 02:49 970528 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2004-11-17 21:33 . 2004-11-17 21:33 450669 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\FP4AWEC.DLL
+ 2004-11-17 21:33 . 2004-11-17 21:33 589880 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\FP4AUTL.DLL
+ 2010-06-27 09:40 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2010-06-27 09:40 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2010-06-27 09:40 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2010-06-27 09:40 . 2009-03-08 08:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2010-06-27 09:40 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2010-06-27 09:40 . 2009-03-08 08:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2010-06-27 09:40 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2010-06-27 09:40 . 2009-03-08 08:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2010-06-27 09:40 . 2009-03-08 08:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2010-06-27 09:40 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2010-06-27 09:40 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2010-06-27 09:38 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-06-27 09:38 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-06-27 09:38 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-06-27 09:55 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-06-27 09:55 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-06-27 09:55 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-06-27 09:35 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2010-06-27 09:35 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2010-06-27 09:35 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2010-06-27 07:08 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-06-27 07:09 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2010-06-27 09:39 . 2010-06-27 09:39 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_42278331\System.Drawing.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_01884fd0\System.Drawing.Design.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_34178631\CustomMarshalers.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 609160 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 118176 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 423784 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-06-27 09:45 . 2010-06-27 09:45 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 350064 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2010-06-27 09:44 . 2010-06-27 09:44 149352 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2006-02-28 02:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll
+ 2010-06-27 07:09 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2008-10-25 01:15 . 2008-10-25 01:15 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-02-28 02:00 . 2009-08-06 23:23 1929952 c:\windows\system32\wuaueng.dll
+ 2006-02-28 02:00 . 2010-04-06 08:52 2462720 c:\windows\system32\WMVCore.dll
+ 2006-02-28 02:00 . 2010-02-16 11:27 4734976 c:\windows\system32\wmp.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 1209344 c:\windows\system32\urlmon.dll
+ 2006-02-28 02:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll
+ 2006-02-28 02:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll
- 2006-02-28 02:00 . 2006-02-28 02:00 1435648 c:\windows\system32\query.dll
+ 2006-02-28 02:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll
+ 2006-02-28 02:00 . 2010-02-16 17:35 2143744 c:\windows\system32\ntoskrnl.exe
+ 2006-02-28 02:00 . 2010-02-16 16:57 2021888 c:\windows\system32\ntkrnlpa.exe
+ 2009-08-19 21:07 . 2009-08-19 21:07 1415000 c:\windows\system32\msxml6.dll
+ 2006-02-28 02:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll
+ 2006-02-28 02:00 . 2010-05-06 10:41 5950976 c:\windows\system32\mshtml.dll
+ 2010-06-27 09:54 . 2009-03-11 02:26 1403264 c:\windows\system32\KB905474\wganotifypackageinner.exe
+ 2009-03-08 08:32 . 2010-05-06 10:41 1985536 c:\windows\system32\iertutil.dll
+ 2008-11-21 03:06 . 2008-11-21 03:06 1194848 c:\windows\system32\FM20.DLL
+ 2006-02-28 02:00 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2010-04-06 08:52 . 2010-04-06 08:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-07-13 06:18 . 2009-07-13 06:18 4960256 c:\windows\system32\dllcache\wmp.dll
+ 2010-05-02 07:09 . 2010-05-02 07:09 1859968 c:\windows\system32\dllcache\win32k.sys
+ 2009-03-08 08:34 . 2010-05-06 10:41 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2008-07-03 13:16 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll
+ 2009-07-17 16:27 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll
+ 2010-02-05 18:40 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2010-06-27 07:06 . 2010-02-16 17:37 2186880 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-06-27 07:06 . 2010-02-16 16:57 2021888 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2010-06-27 07:06 . 2010-02-17 15:57 2063744 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-06-27 07:06 . 2010-02-16 17:35 2143744 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2010-01-29 15:08 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll
+ 2009-03-08 08:41 . 2010-05-06 10:41 5950976 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 05:35 . 2008-05-28 05:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 04:48 . 2008-05-28 04:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2008-05-28 04:43 . 2008-05-28 04:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2009-02-25 23:08 . 2009-02-25 23:08 8311808 c:\windows\Installer\22b2f5e.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 1282560 c:\windows\Installer\22b2f48.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 7888384 c:\windows\Installer\22b2f40.msp
+ 2009-04-04 21:10 . 2009-04-04 21:10 9926144 c:\windows\Installer\22b2f36.msp
+ 2009-04-04 14:14 . 2009-04-04 14:14 1094656 c:\windows\Installer\22b2d56.msp
+ 2010-05-19 03:35 . 2010-05-19 03:35 5023744 c:\windows\Installer\22b2d24.msp
+ 2010-05-27 05:15 . 2010-06-27 09:49 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-05-27 05:15 . 2010-05-27 05:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-05-27 05:15 . 2010-06-27 09:49 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-10-26 18:05 . 2006-10-26 18:05 1181520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-27 19:11 . 2006-10-27 19:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 02:58 . 2006-10-27 02:58 3732792 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-27 03:00 . 2006-10-27 03:00 1841984 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VVIEWDWG.DLL
+ 2006-09-30 04:42 . 2006-09-30 04:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 18:57 . 2006-10-27 18:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 23:52 . 2006-10-26 23:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 19:04 . 2006-10-27 19:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-09-15 20:25 . 2006-09-15 20:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 00:07 . 2006-10-27 00:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 19:03 . 2006-10-27 19:03 6579512 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.DLL
+ 2006-10-27 00:24 . 2006-10-27 00:24 1165112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.DLL
+ 2006-10-27 19:03 . 2006-10-27 19:03 1018664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE.EXE
+ 2006-10-27 19:16 . 2006-10-27 19:16 2939704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-27 19:18 . 2006-10-27 19:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-27 00:14 . 2006-10-27 00:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 00:42 . 2006-10-27 00:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 18:47 . 2006-10-26 18:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-27 19:04 . 2006-10-27 19:04 9581360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-26 23:58 . 2006-10-26 23:58 1057632 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPCORE.DLL
+ 2006-10-27 00:00 . 2006-10-27 00:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 5456704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 19:10 . 2006-10-27 19:10 1439032 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 19:37 . 2006-10-27 19:37 1396008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 4746536 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1163048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2738472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 2210608 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 7053096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 04:48 . 2006-10-27 04:48 1555232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 3071288 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 1359648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 3508544 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 19:37 . 2006-10-27 19:37 2689336 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 19:38 . 2006-10-27 19:38 6191400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 00:02 . 2006-10-27 00:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 23:21 . 2006-10-26 23:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 21:10 . 2006-10-26 21:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2010-05-27 05:14 . 2010-05-27 05:14 1276720 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCELPIA.DLL
+ 2006-09-13 13:09 . 2006-09-13 13:09 1277496 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CRYPTOPP.DLL
+ 2006-10-27 19:00 . 2006-10-27 19:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 18:05 . 2006-10-26 18:05 1165584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACCICONS.EXE
+ 2006-10-27 02:49 . 2006-10-27 02:49 1011488 c:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2010-06-27 09:40 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2010-06-27 09:40 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2010-06-27 09:40 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2008-06-04 20:48 . 2010-02-16 17:37 2186880 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-04 20:48 . 2010-02-16 16:57 2021888 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-06-04 20:48 . 2010-02-17 15:57 2063744 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-06-04 20:48 . 2010-02-16 17:35 2143744 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-06-27 09:39 . 2010-06-27 09:39 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_b8474f65\System.dll
+ 2010-06-27 09:38 . 2010-06-27 09:38 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_9dd97631\System.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_efec5ddf\System.Xml.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e6c2b660\System.Xml.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_613afe46\System.Windows.Forms.dll
+ 2010-06-27 09:38 . 2010-06-27 09:38 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_21cabfc2\System.Windows.Forms.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_e704982a\System.Drawing.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_fa502d87\System.Design.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a817e7c7\System.Design.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_50bf3211\mscorlib.dll
+ 2010-06-27 09:39 . 2010-06-27 09:39 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1c05b40b\mscorlib.dll
+ 2010-06-27 09:38 . 2010-06-27 09:38 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2010-06-27 09:38 . 2010-06-27 09:38 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-27 09:45 . 2010-06-27 09:45 1279848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-03-08 08:39 . 2010-05-06 10:41 11076096 c:\windows\system32\ieframe.dll
+ 2009-08-11 01:08 . 2009-08-11 01:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
+ 2009-04-04 21:09 . 2009-04-04 21:09 15190016 c:\windows\Installer\22b2d77.msp
+ 2009-04-04 15:36 . 2009-04-04 15:36 21390848 c:\windows\Installer\22b2d57.msp
+ 2009-08-10 18:09 . 2009-08-10 18:09 17254912 c:\windows\Installer\22b2d3e.msp
+ 2006-10-27 01:13 . 2006-10-27 01:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 19:23 . 2006-10-27 19:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 19:16 . 2006-10-27 19:16 12813096 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 19:14 . 2006-10-27 19:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 19:26 . 2006-10-27 19:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 19:01 . 2006-10-27 19:01 10371880 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 19:07 . 2006-10-27 19:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2010-06-27 09:40 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2009-04-04 21:08 . 2009-04-04 21:08 343058432 c:\windows\Installer\22b2f2b.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-26 141848]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-11-26 15:08 166424 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nuance PDF Reader-reminder]
2008-11-03 15:02 328992 ----a-w- c:\program files\Nuance\PDF Reader\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-11-26 15:08 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-31 21:44 761856 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-07-10 17:53 872448 ----a-w- c:\windows\SMINST\Scheduler.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 oxpar;%OXPAR.SVCDESC%;c:\windows\system32\drivers\oxpar.sys [1/24/2007 6:28 AM 80128]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [5/27/2010 1:53 AM 33792]
R3 oxmf;OXPCI Bus enumerator;c:\windows\system32\drivers\oxmf.sys [1/24/2007 6:28 AM 21888]
R3 Oxmfuf;Filter driver for OX16PCI95x ports;c:\windows\system32\drivers\oxmfuf.sys [1/24/2007 6:28 AM 5888]
R3 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\oxser.sys [1/24/2007 6:28 AM 70784]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2010 4:21 PM 136176]
S3 Norstart;Norstar TSP Launcher;Norstart.exe --> Norstart.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:21]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 20:21]

2010-06-27 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-27 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=smb&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-27 18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-27 18:48:27
ComboFix-quarantined-files.txt 2010-06-27 22:48
ComboFix2.txt 2010-06-26 23:25

Pre-Run: 12,990,324,736 bytes free
Post-Run: 12,993,175,552 bytes free

- - End Of File - - F1FC1EE2976B8A879E63427AB71993B7
Upload was successful



My computer seems to be running better already.
  • 0

#8
kahdah
Posted 28 June 2010 - 05:27 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Update Run Malwarebytes

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=====
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#9
Seven14
Posted 01 July 2010 - 09:13 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
mbam log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4252

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/28/2010 11:18:02 PM
mbam-log-2010-06-28 (23-18-02).txt

Scan type: Quick scan
Objects scanned: 166941
Time elapsed: 15 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



KOnline log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 01, 2010 02:26:30
Records in database: 4263743
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 75556
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:00:20

No threats found. Scanned area is clean.

Selected area has been scanned.



Looks clean to me. Your thought?
  • 0

#10
kahdah
Posted 02 July 2010 - 05:24 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good to me to.
Let me know of any remaining issues and do the following:

  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#11
Seven14
Posted 02 July 2010 - 11:04 PM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No further issues at all. You can bet I'll be donating when I get a chance.

otl.txt


OTL logfile created on: 7/3/2010 12:58:05 AM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 633.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 14.30 Gb Free Space | 22.17% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.80 Gb Free Space | 67.97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINDOW
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Norstart) -- File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (oxpar) -- C:\WINDOWS\system32\drivers\oxpar.sys (OEM)
DRV - (oxser) -- C:\WINDOWS\system32\drivers\oxser.sys (OEM)
DRV - (oxmf) -- C:\WINDOWS\system32\drivers\oxmf.sys (OEM)
DRV - (Oxmfuf) -- C:\WINDOWS\system32\drivers\oxmfuf.sys (OEM)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel® Corporation)
DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel® Corporation)
DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel® Corporation)
DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel® Corporation)
DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel® Corporation)
DRV - (adpu320) -- C:\WINDOWS\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/29 03:00:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/28 23:21:06 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/06/27 18:46:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = 525Blue.com
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/20 23:05:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/01 23:06:48 | 000,118,784 | ---- | C] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010/06/29 03:01:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/28 23:21:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/28 23:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/28 23:21:12 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/28 23:21:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/28 23:21:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/28 23:21:12 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/28 23:21:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/28 23:00:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/28 23:00:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/28 23:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/28 04:18:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/06/28 04:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/06/28 04:18:05 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/06/28 04:18:05 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/06/28 04:18:05 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/06/28 04:18:05 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/06/28 04:18:04 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/06/28 04:18:04 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/06/28 04:18:04 | 000,000,000 | ---D | C] -- C:\f747ee44b78bc5f01b5ca4ea8ffaee9a
[2010/06/28 02:50:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/27 19:25:32 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/06/27 19:25:32 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/06/27 18:49:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/06/27 07:46:26 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/06/27 05:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/27 05:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/06/27 05:36:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/06/27 05:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/27 03:16:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/06/27 03:11:19 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hhctrl.ocx
[2010/06/27 03:09:17 | 000,352,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/06/27 03:09:00 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/06/27 03:08:59 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/06/27 03:08:51 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/06/27 03:08:24 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/06/27 03:08:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/06/27 03:08:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/06/27 03:08:20 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/27 03:08:19 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/06/27 03:08:16 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/06/27 03:08:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/06/27 03:07:33 | 003,555,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/27 03:07:28 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010/06/27 03:07:21 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/06/27 03:06:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2010/06/27 03:06:41 | 002,143,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/06/27 03:06:40 | 002,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/06/27 03:06:40 | 002,021,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/06/27 03:06:39 | 002,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/06/27 03:05:17 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2010/06/27 03:05:00 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/06/27 03:00:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/06/26 22:50:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/06/26 19:19:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/26 19:17:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/26 19:17:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/26 19:17:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/26 19:17:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/26 19:15:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/26 06:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2010/06/25 02:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/25 02:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/23 13:18:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/23 02:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/23 02:23:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/23 02:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/23 01:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/23 01:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/06/22 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/22 22:46:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/06/20 23:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/20 20:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
[2010/06/20 20:31:17 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/20 20:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/20 20:28:21 | 036,600,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdasetup.exe
[2010/06/20 05:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/06/20 05:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/06/20 05:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/19 22:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lvtwdsjdu
[2010/06/19 22:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/19 22:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 22:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/19 21:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/06/19 21:48:19 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010/06/19 21:48:19 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010/06/19 21:48:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010/06/19 21:48:18 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010/06/19 21:48:18 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010/06/19 21:48:17 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010/06/19 21:48:17 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010/06/19 21:48:17 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010/06/19 21:48:16 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/06/19 21:48:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/06/19 21:48:15 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/06/19 21:48:15 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/06/19 21:48:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/06/19 21:48:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/06/19 21:48:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/06/19 21:48:13 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/06/19 21:48:12 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/06/19 21:48:12 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/06/19 21:48:11 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/06/19 21:48:10 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010/06/19 21:48:10 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010/06/19 21:48:10 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010/06/19 21:48:09 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010/06/19 21:48:09 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010/06/19 21:48:08 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010/06/19 21:48:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010/06/19 21:48:07 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010/06/19 21:48:07 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010/06/19 21:48:07 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010/06/19 21:48:05 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010/06/19 21:48:05 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010/06/19 21:48:05 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010/06/19 21:48:04 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010/06/19 21:48:03 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010/06/19 21:48:03 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010/06/19 21:48:03 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010/06/19 21:48:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010/06/19 21:48:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010/06/19 21:48:01 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010/06/19 21:48:01 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010/06/19 21:48:01 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010/06/19 21:48:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010/06/19 21:47:59 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010/06/19 21:47:58 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010/06/19 21:47:58 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010/06/19 21:47:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010/06/19 21:47:57 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010/06/19 21:47:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010/06/19 21:47:56 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010/06/19 21:47:56 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010/06/19 21:47:56 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010/06/19 21:47:55 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010/06/19 21:47:55 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010/06/19 21:47:53 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010/06/19 21:47:53 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010/06/19 21:47:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010/06/19 21:47:52 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010/06/19 21:47:51 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/06/19 21:47:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010/06/19 21:47:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010/06/19 21:47:50 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010/06/19 21:47:50 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010/06/19 21:47:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010/06/19 21:47:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010/06/19 21:47:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010/06/19 21:47:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2010/06/19 21:47:46 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010/06/19 21:47:45 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010/06/19 21:47:45 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010/06/19 21:47:44 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010/06/19 21:47:43 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010/06/19 21:47:43 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010/06/19 21:47:43 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010/06/19 21:47:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2010/06/19 21:47:42 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2010/06/19 21:47:42 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2010/06/19 21:47:41 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010/06/19 21:47:41 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010/06/19 21:47:41 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010/06/19 21:47:40 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010/06/19 21:47:40 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010/06/19 21:47:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010/06/19 21:47:35 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010/06/19 21:47:35 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010/06/19 21:47:34 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010/06/19 21:47:34 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2010/06/19 21:47:34 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2010/06/19 21:47:33 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/06/19 21:47:32 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2010/06/19 21:47:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2010/06/19 21:47:30 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2010/06/19 21:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/19 21:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\pcsx2
[2010/06/19 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\pcsx2
[2010/06/19 15:50:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/19 15:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/06/19 15:11:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010/06/19 15:10:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/06/19 15:09:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/19 15:07:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/06/19 15:06:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/19 15:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/06/19 15:03:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msctf.dll
[2010/06/13 22:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PhotoScape
[2010/06/13 22:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/06/10 03:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sony
[2010/06/10 03:02:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2010/06/10 03:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Podcasts
[2010/06/10 03:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Media Go
[2010/06/10 03:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2010/06/10 03:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2010/06/10 02:59:46 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/06/10 02:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/06/10 02:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/06/10 02:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Setup
[2010/06/10 02:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2010/06/07 17:31:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Totem Shared

========== Files - Modified Within 30 Days ==========

[2010/07/02 22:24:54 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/02 22:23:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 22:23:00 | 000,118,784 | ---- | M] (SoftThinks) -- C:\WINDOWS\System32\chg.exe
[2010/07/02 22:22:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/02 22:22:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 13:32:01 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/02 13:32:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/02 13:31:56 | 003,766,920 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/06/29 03:04:29 | 000,505,608 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/29 03:04:29 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/29 03:04:29 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/29 02:59:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/28 23:21:05 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/28 23:21:05 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/28 23:21:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/28 23:21:05 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/28 23:21:05 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/28 23:00:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 13:07:57 | 000,070,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/28 13:06:30 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 18:47:01 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/27 18:46:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/27 18:38:22 | 003,722,103 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/06/27 05:42:14 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/27 04:09:11 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 19:19:47 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/24 04:51:22 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Administrator\default.pls
[2010/06/24 04:51:15 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/23 13:18:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/06/22 22:27:30 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cxA38b.dat
[2010/06/21 22:41:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/21 01:53:57 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/21 01:53:48 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/20 23:05:45 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010/06/20 20:44:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010/06/20 20:28:24 | 036,600,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\My Documents\sdasetup.exe
[2010/06/19 15:50:36 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/19 15:28:01 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/06/13 22:52:14 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PhotoScape.lnk
[2010/06/10 02:58:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/07 20:15:47 | 000,020,358 | ---- | M] () -- C:\WINDOWS\vgirl.prf

========== Files Created - No Company Name ==========

[2010/06/28 23:00:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 19:19:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/26 19:19:44 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/26 19:17:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/26 19:17:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/26 19:17:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/26 19:17:38 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/26 19:17:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/26 19:13:30 | 003,722,103 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/06/23 02:30:35 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/06/21 01:11:11 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cxA38b.dat
[2010/06/20 23:05:45 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010/06/20 20:31:17 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/19 15:28:01 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
[2010/06/13 22:52:14 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PhotoScape.lnk
[2010/06/10 02:59:38 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2010/06/10 02:59:38 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2010/06/10 02:58:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/06/07 17:34:13 | 000,020,358 | ---- | C] () -- C:\WINDOWS\vgirl.prf
[2010/05/30 04:46:07 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/30 04:46:07 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/05/27 01:53:53 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010/05/26 03:21:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/04 17:08:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/04 16:52:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/04 16:52:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/04 16:52:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/04 16:52:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/04 16:52:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/04 16:52:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/04 16:37:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2006/02/27 22:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/05/08 06:12:22 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

#12
kahdah
Posted 04 July 2010 - 08:46 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
[2010/06/19 22:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\lvtwdsjdu
[2010/06/22 22:27:30 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cxA38b.dat
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • You can then close OTL.
=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the Uninstall, it needs to be there.
======Next======
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set.


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...
  • 0

#13
Seven14
Posted 06 July 2010 - 12:57 AM

Seven14

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thank you so much for everything. Runs great now.
  • 0

#14
kahdah
Posted 06 July 2010 - 04:26 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#15
kahdah
Posted 06 July 2010 - 04:26 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP