Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System.BrokenFileAssociation


  • Please log in to reply

#1
drunkducki

drunkducki

    Member

  • Member
  • PipPip
  • 87 posts
Hi, i'm getting a pop-up message saying "windows cannot open this file, to open this file, windows needs to know what program created it. ..." when i run most of the programs on this pc. I've done virus scans with MSE, Superantispyware, malwarebytes, Kaspersky online scanner and Eset online scanner. None of them found virus except for Superantispyware. it found system.brokenfileassociation in the registry. I clicked remove threat and hoping everything is going to work better. After I rebooted the computer, the virus is back. Ran the scan again and it found the virus. Another thing to note, when i rebooted the pc, MSE is disabled. Please help! Thank you.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/10/2011 at 02:06 PM

Application Version : 5.0.1134

Core Rules Database Version : 7912
Trace Rules Database Version: 5724

Scan type : Quick Scan
Total Scan Time : 00:03:05

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 393
Memory threats detected : 0
Registry items scanned : 31045
Registry threats detected : 1
File items scanned : 6654
File threats detected : 128

Adware.Tracking Cookie
.shawtelevision.112.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oracle.112.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bellcan.adbureau.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.adultsafehockey.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virginamerica.112.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.tigeronline.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.tigeronline.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rogersmedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.m2omedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.m2omedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.vitamine.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.m2omedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mass2onemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mass2onemedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
vitamine.networldmedia.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adcentriconline.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ I:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

System.BrokenFileAssociation
HKCR\.exe

Attached Files


Edited by RKinner, 21 November 2011 - 10:23 AM.

  • 0

Advertisements


#2
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL logfile created on: 2011/11/10 2:15:19 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/M/d

1.75 Gb Total Physical Memory | 0.59 Gb Available Physical Memory | 33.61% Memory free
3.47 Gb Paging File | 2.20 Gb Available in Paging File | 63.43% Paging File free
Paging file location(s): I:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 298.01 Gb Total Space | 118.72 Gb Free Space | 39.84% Space Free | Partition Type: NTFS

Computer Name: HARBOURSIDEXPS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - I:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - I:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - i:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - I:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - I:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll ()
MOD - I:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - I:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - I:\WINDOWS\system32\nvapi.dll ()
MOD - I:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (!SASCORE) -- I:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- i:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl1c3b8004) -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AF3DE5A-AC46-4C08-8681-D6776AE21E4A}\MpKsl1c3b8004.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Netaapl) -- I:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (nvnetbus) -- I:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- I:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvatabus) -- I:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (FsVga) -- I:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/05/04 14:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/03/24 12:56:07 | 000,000,000 | ---D | M]

[2010/04/22 08:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/22 08:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/27 15:28:51 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions
[2011/09/27 15:28:51 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/08/02 08:40:48 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2010/12/22 11:53:09 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/27 13:50:21 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/02 08:40:48 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/12/22 09:44:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 14:59:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = I:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = I:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: ConduitChromeApi (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\2.4.0.4_0\js/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = I:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = I:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mapit 1 = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\2.4.0.4_0\

O1 HOSTS File: ([2010/09/08 07:46:22 | 000,000,098 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] i:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] I:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] I:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTDCPL] I:\WINDOWS\System32\RTDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272489429046 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B6702D-F18F-4D62-BD08-587DE9A03198}: NameServer = 216.251.128.8,216.251.128.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: I:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 13:50:10 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2011/11/10 13:50:10 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2011/11/10 13:50:10 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2011/11/10 13:50:10 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2011/11/10 13:48:25 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/11/10 13:48:21 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/10 13:46:57 | 004,289,249 | R--- | C] (Swearware) -- I:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/10 13:39:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\sreng2
[2011/11/10 13:28:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/08 14:08:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\xp_fileassoc
[2011/11/08 11:01:56 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Security Client
[2011/11/08 10:40:50 | 000,116,224 | ---- | C] (Xerox) -- I:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/11/08 10:40:47 | 000,023,040 | ---- | C] (Xerox Corporation) -- I:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/11/08 10:40:22 | 000,099,865 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\xlog.exe
[2011/11/08 10:40:18 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- I:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/11/08 10:39:58 | 000,154,624 | ---- | C] (Lucent Technologies) -- I:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/11/08 10:39:55 | 000,034,890 | ---- | C] (Raytheon Corp.) -- I:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/11/08 10:39:47 | 000,771,581 | ---- | C] (Rockwell) -- I:\WINDOWS\System32\dllcache\winacisa.sys
[2011/11/08 10:39:28 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- I:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/11/08 10:39:16 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w940nd.sys
[2011/11/08 10:39:12 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w926nd.sys
[2011/11/08 10:39:09 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w840nd.sys
[2011/11/08 10:39:03 | 000,064,605 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\vvoice.sys
[2011/11/08 10:38:59 | 000,397,502 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/11/08 10:38:55 | 000,604,253 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\vmodem.sys
[2011/11/08 10:38:51 | 000,249,402 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\vinwm.sys
[2011/11/08 10:38:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usrti.sys
[2011/11/08 10:38:20 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/11/08 10:38:16 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1806.sys
[2011/11/08 10:38:12 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1801.sys
[2011/11/08 10:38:07 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- I:\WINDOWS\System32\dllcache\usb101et.sys
[2011/11/08 10:37:48 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- I:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/11/08 10:37:34 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- I:\WINDOWS\System32\dllcache\um54scan.dll
[2011/11/08 10:37:31 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- I:\WINDOWS\System32\dllcache\um34scan.dll
[2011/11/08 10:37:17 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/11/08 10:37:13 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridxp.dll
[2011/11/08 10:37:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/11/08 10:37:06 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridkb.dll
[2011/11/08 10:37:03 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/11/08 10:36:59 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\trid3d.dll
[2011/11/08 10:36:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- I:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/11/08 10:36:24 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/11/08 10:36:20 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/11/08 10:36:19 | 000,149,376 | ---- | C] (M-Systems) -- I:\WINDOWS\System32\dllcache\tffsport.sys
[2011/11/08 10:36:15 | 000,017,129 | ---- | C] (TDK Corporation) -- I:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/11/08 10:36:11 | 000,037,961 | ---- | C] (TDK Corporation) -- I:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/11/08 10:35:59 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/11/08 10:35:56 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- I:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/11/08 10:35:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/11/08 10:35:11 | 000,053,248 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/11/08 10:35:08 | 000,285,760 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlnata.sys
[2011/11/08 10:35:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- I:\WINDOWS\System32\dllcache\stcusb.sys
[2011/11/08 10:34:59 | 000,048,736 | ---- | C] (3Com) -- I:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/11/08 10:34:38 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- I:\WINDOWS\System32\dllcache\sparrow.sys
[2011/11/08 10:34:10 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- I:\WINDOWS\System32\dllcache\smiminib.sys
[2011/11/08 10:34:05 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- I:\WINDOWS\System32\dllcache\smidispb.dll
[2011/11/08 10:34:01 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- I:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/11/08 10:33:58 | 000,035,913 | ---- | C] (SMC) -- I:\WINDOWS\System32\dllcache\smcirda.sys
[2011/11/08 10:33:55 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- I:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/11/08 10:33:31 | 000,063,547 | ---- | C] (Symbol Technologies) -- I:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/11/08 10:33:28 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- I:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/11/08 10:33:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- I:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/11/08 10:33:17 | 000,032,768 | ---- | C] (SiS Corporation) -- I:\WINDOWS\System32\dllcache\sisnic.sys
[2011/11/08 10:32:50 | 000,161,568 | ---- | C] (Micro Systemation) -- I:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/11/08 10:32:47 | 000,018,400 | ---- | C] (Micro Systemation) -- I:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/11/08 10:32:44 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/11/08 10:32:41 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/11/08 10:32:17 | 000,017,280 | ---- | C] (SCM Microsystems) -- I:\WINDOWS\System32\dllcache\scr111.sys
[2011/11/08 10:32:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/11/08 10:32:07 | 000,023,936 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/11/08 10:31:53 | 000,077,824 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/11/08 10:31:50 | 000,198,400 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/11/08 10:31:47 | 000,061,504 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/11/08 10:31:43 | 000,179,264 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/11/08 10:31:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/11/08 10:31:37 | 000,062,496 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/11/08 10:31:34 | 000,041,216 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/11/08 10:31:31 | 000,182,272 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/11/08 10:31:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3m.sys
[2011/11/08 10:31:21 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia450.dll
[2011/11/08 10:31:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia430.dll
[2011/11/08 10:31:16 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/11/08 10:31:15 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/11/08 10:31:03 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/11/08 10:30:57 | 000,079,104 | ---- | C] (Comtrol Corporation) -- I:\WINDOWS\System32\dllcache\rocket.sys
[2011/11/08 10:30:54 | 000,037,563 | ---- | C] (RadioLAN) -- I:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/11/08 10:30:50 | 000,086,097 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\reslog32.dll
[2011/11/08 10:30:37 | 000,714,762 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/11/08 10:30:34 | 000,899,146 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/11/08 10:30:05 | 000,130,942 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/11/08 10:30:02 | 000,112,574 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/11/08 10:29:59 | 000,128,286 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserli.sys
[2011/11/08 10:29:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- I:\WINDOWS\System32\dllcache\pscr.sys
[2011/11/08 10:29:02 | 000,086,016 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\pctspk.exe
[2011/11/08 10:28:51 | 000,026,153 | ---- | C] (Linksys) -- I:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/11/08 10:28:50 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- I:\WINDOWS\System32\dllcache\pca200e.sys
[2011/11/08 10:28:47 | 000,030,495 | ---- | C] (Linksys) -- I:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/11/08 10:28:10 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/11/08 10:28:07 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otceth5.sys
[2011/11/08 10:28:04 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/11/08 10:28:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- I:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/11/08 10:27:43 | 000,051,552 | ---- | C] (Kensington Technology Group) -- I:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/11/08 10:27:31 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/11/08 10:27:28 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/11/08 10:27:23 | 000,132,695 | ---- | C] (802.11b) -- I:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/11/08 10:27:15 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/11/08 10:27:12 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/11/08 10:27:04 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/11/08 10:27:01 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/11/08 10:26:58 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/11/08 10:26:55 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/11/08 10:26:53 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128.sys
[2011/11/08 10:26:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128.dll
[2011/11/08 10:26:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- I:\WINDOWS\System32\dllcache\mxport.sys
[2011/11/08 10:26:38 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- I:\WINDOWS\System32\dllcache\mxport.dll
[2011/11/08 10:26:36 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- I:\WINDOWS\System32\dllcache\mxnic.sys
[2011/11/08 10:26:33 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- I:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/11/08 10:26:30 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- I:\WINDOWS\System32\dllcache\mxcard.sys
[2011/11/08 10:25:44 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- I:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/11/08 10:25:09 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- I:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/11/08 10:24:50 | 000,797,500 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/11/08 10:24:47 | 000,802,683 | ---- | C] (Lucent Technologies) -- I:\WINDOWS\System32\dllcache\ltsm.sys
[2011/11/08 10:24:46 | 000,420,992 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/11/08 10:24:43 | 000,606,684 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/11/08 10:24:43 | 000,576,746 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/11/08 10:24:40 | 000,727,786 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/11/08 10:24:32 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- I:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/11/08 10:24:29 | 000,020,573 | ---- | C] (The Linksts Group ) -- I:\WINDOWS\System32\dllcache\lne100.sys
[2011/11/08 10:24:27 | 000,025,065 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/11/08 10:24:24 | 000,015,744 | ---- | C] (Litronic Industries) -- I:\WINDOWS\System32\dllcache\lit220p.sys
[2011/11/08 10:24:20 | 000,026,442 | ---- | C] (SMSC) -- I:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/11/08 10:24:17 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- I:\WINDOWS\System32\dllcache\ktc111.sys
[2011/11/08 10:23:45 | 000,023,552 | ---- | C] (MKNet Corporation) -- I:\WINDOWS\System32\dllcache\irmk7.sys
[2011/11/08 10:23:05 | 000,372,824 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\iconf32.dll
[2011/11/08 10:21:29 | 000,068,608 | ---- | C] (Avisioin) -- I:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/11/08 10:21:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- I:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/11/08 10:20:55 | 000,028,288 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\grserial.sys
[2011/11/08 10:20:53 | 000,082,304 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\grclass.sys
[2011/11/08 10:20:51 | 000,017,408 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\gpr400.sys
[2011/11/08 10:20:35 | 000,454,912 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/11/08 10:20:23 | 000,455,296 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/11/08 10:20:20 | 000,455,680 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fus2base.sys
[2011/11/08 10:20:15 | 000,442,240 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/11/08 10:20:12 | 000,441,728 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/11/08 10:20:09 | 000,444,416 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/11/08 10:20:07 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- I:\WINDOWS\System32\dllcache\forehe.sys
[2011/11/08 10:19:51 | 000,024,618 | ---- | C] (NETGEAR) -- I:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/11/08 10:19:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- I:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/11/08 10:19:45 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- I:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/11/08 10:18:17 | 000,334,208 | ---- | C] (Yamaha Corp.) -- I:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/11/08 10:18:12 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- I:\WINDOWS\System32\dllcache\dp83820.sys
[2011/11/08 10:18:03 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- I:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/11/08 10:18:00 | 000,026,698 | ---- | C] (D-Link Corporation) -- I:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/11/08 10:17:58 | 000,952,007 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\diwan.sys
[2011/11/08 10:17:53 | 000,236,060 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\ditrace.exe
[2011/11/08 10:17:52 | 000,038,985 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/11/08 10:17:51 | 000,031,305 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/11/08 10:17:50 | 000,006,729 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvci.dll
[2011/11/08 10:17:47 | 000,091,305 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\dimaint.sys
[2011/11/08 10:17:26 | 000,024,649 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/11/08 10:17:25 | 000,024,648 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\dfe650.sys
[2011/11/08 10:17:21 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- I:\WINDOWS\System32\dllcache\defpa.sys
[2011/11/08 10:16:57 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/11/08 10:16:56 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/11/08 10:16:55 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/11/08 10:16:54 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/11/08 10:16:52 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/11/08 10:16:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/11/08 10:16:50 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbase.sys
[2011/11/08 10:16:49 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- I:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/11/08 10:16:41 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- I:\WINDOWS\System32\dllcache\cpscan.dll
[2011/11/08 10:16:27 | 000,020,736 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/11/08 10:16:18 | 000,980,034 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\cicap.sys
[2011/11/08 10:16:12 | 000,049,182 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/11/08 10:16:12 | 000,022,044 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/11/08 10:16:11 | 000,022,044 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/11/08 10:16:10 | 000,027,164 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/11/08 10:16:10 | 000,021,530 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/11/08 10:16:06 | 000,714,698 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/11/08 10:16:06 | 000,046,108 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cben5.sys
[2011/11/08 10:16:05 | 000,039,680 | ---- | C] (Silicom Ltd.) -- I:\WINDOWS\System32\dllcache\cb325.sys
[2011/11/08 10:16:04 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- I:\WINDOWS\System32\dllcache\cb102.sys
[2011/11/08 10:16:03 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- I:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/11/08 10:16:01 | 000,164,923 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\diapi2.sys
[2011/11/08 10:15:25 | 000,031,529 | ---- | C] (BreezeCOM) -- I:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/11/08 10:15:24 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/11/08 10:15:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/11/08 10:15:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/11/08 10:15:22 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brserif.dll
[2011/11/08 10:15:22 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- I:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/11/08 10:15:21 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/11/08 10:15:20 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brparimg.sys
[2011/11/08 10:15:18 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/11/08 10:15:18 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/11/08 10:15:17 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/11/08 10:15:16 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/11/08 10:15:15 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/11/08 10:15:15 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/11/08 10:15:14 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brfilt.sys
[2011/11/08 10:15:13 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brevif.dll
[2011/11/08 10:15:12 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/11/08 10:15:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/11/08 10:15:08 | 000,871,388 | ---- | C] (BCM) -- I:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/11/08 10:15:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\banshee.sys
[2011/11/08 10:15:03 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\banshee.dll
[2011/11/08 10:15:02 | 000,089,952 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/11/08 10:15:01 | 000,037,568 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmwan.sys
[2011/11/08 10:15:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- I:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/11/08 10:15:00 | 000,144,384 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmenum.dll
[2011/11/08 10:14:59 | 000,087,552 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/11/08 10:14:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- I:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/11/08 10:14:29 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- I:\WINDOWS\System32\dllcache\amb8002.sys
[2011/11/08 10:14:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- I:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/11/08 10:14:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\admjoy.sys
[2011/11/08 10:14:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8830.sys
[2011/11/08 10:14:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8820.sys
[2011/11/08 10:14:16 | 000,584,448 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8810.sys
[2011/11/08 10:14:14 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- I:\WINDOWS\System32\dllcache\acerscad.dll
[2011/11/08 10:14:10 | 000,462,848 | ---- | C] (Aureal Inc.) -- I:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/11/08 10:14:10 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- I:\WINDOWS\System32\dllcache\a3d.dll
[2011/11/08 10:14:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/11/08 10:14:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/11/08 10:14:03 | 000,762,780 | ---- | C] (3Com, Inc.) -- I:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/10/31 14:48:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\MACAddressChanger_Exe

========== Files - Modified Within 30 Days ==========

[2011/11/10 14:05:04 | 000,000,424 | -H-- | M] () -- I:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/10 14:00:09 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/11/10 13:59:57 | 000,000,896 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 13:59:55 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/11/10 13:47:14 | 004,289,249 | R--- | M] (Swearware) -- I:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/10 13:43:00 | 000,000,900 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 13:39:17 | 000,676,536 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\sreng2.zip
[2011/11/10 13:28:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/10 12:51:00 | 000,001,010 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500UA.job
[2011/11/10 08:51:00 | 000,000,958 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500Core.job
[2011/11/08 14:40:28 | 100,595,488 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_11_09_01_52.exe
[2011/11/08 12:53:11 | 000,036,548 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\VAN FREE STYLE CLUB - Online Group Purchase Instructions[1].pdf
[2011/11/08 11:02:28 | 000,001,945 | ---- | M] () -- I:\WINDOWS\epplauncher.mif
[2011/11/08 10:47:20 | 000,311,912 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/11/08 10:47:20 | 000,040,108 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/11/04 16:52:02 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/31 14:34:31 | 001,324,940 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\netstumblerinstaller_0_4_0.exe
[2011/10/29 08:52:25 | 000,002,344 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/10/29 08:52:25 | 000,002,322 | ---- | M] () -- I:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/27 12:09:02 | 000,051,596 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\image001.jpg
[2011/10/26 11:52:47 | 000,060,794 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Vancouver Freestyle Programs 2011-12.pdf
[2011/10/20 07:43:48 | 000,000,000 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml

========== Files Created - No Company Name ==========

[2011/11/10 13:50:10 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2011/11/10 13:50:10 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2011/11/10 13:50:10 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2011/11/10 13:50:10 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2011/11/10 13:50:10 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2011/11/10 13:39:15 | 000,676,536 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\sreng2.zip
[2011/11/08 14:34:21 | 100,595,488 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_11_09_01_52.exe
[2011/11/08 12:53:11 | 000,036,548 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\VAN FREE STYLE CLUB - Online Group Purchase Instructions[1].pdf
[2011/11/08 11:07:15 | 000,000,424 | -H-- | C] () -- I:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/08 11:02:28 | 000,001,945 | ---- | C] () -- I:\WINDOWS\epplauncher.mif
[2011/11/08 11:02:06 | 000,001,680 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/08 10:40:46 | 000,018,944 | ---- | C] () -- I:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/11/08 10:40:42 | 000,027,648 | ---- | C] () -- I:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/11/08 10:29:55 | 000,033,280 | ---- | C] () -- I:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/11/08 10:29:51 | 000,363,520 | ---- | C] () -- I:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/11/08 10:25:52 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/11/08 10:21:27 | 000,165,888 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/11/08 10:21:22 | 000,093,696 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/11/08 10:21:18 | 000,101,376 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/11/08 10:21:13 | 000,089,088 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/11/08 10:21:09 | 000,083,968 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/11/08 10:17:57 | 000,029,768 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divasu.dll
[2011/11/08 10:17:56 | 000,037,962 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divaprop.dll
[2011/11/08 10:17:55 | 000,006,216 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divaci.dll
[2011/11/08 10:14:53 | 000,026,624 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/11/08 10:14:53 | 000,023,552 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atixbar.sys
[2011/11/08 10:14:52 | 000,019,456 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/11/08 10:14:51 | 000,017,152 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/11/08 10:14:51 | 000,009,472 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/11/08 10:14:50 | 000,026,880 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/11/08 10:14:50 | 000,017,152 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atitunep.sys
[2011/11/08 10:14:49 | 000,049,920 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/11/08 10:14:47 | 000,010,240 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/11/08 10:14:41 | 000,046,464 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/31 14:34:25 | 001,324,940 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\netstumblerinstaller_0_4_0.exe
[2011/10/27 12:09:02 | 000,051,596 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\image001.jpg
[2011/10/26 11:52:48 | 000,060,794 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\Vancouver Freestyle Programs 2011-12.pdf
[2011/03/31 11:43:43 | 000,013,154 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj
[2011/03/31 11:43:43 | 000,013,154 | -HS- | C] () -- I:\Documents and Settings\Administrator\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj
[2010/12/22 12:05:05 | 000,025,620 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2010/11/05 13:44:40 | 000,000,036 | ---- | C] () -- I:\WINDOWS\wwwbatch.ini
[2010/07/08 15:09:49 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\pdfcmnnt.dll
[2010/04/06 14:33:19 | 000,000,022 | ---- | C] () -- I:\WINDOWS\System32\nvModes.dat
[2010/04/06 14:25:53 | 002,183,470 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin
[2010/04/06 14:25:53 | 000,212,992 | ---- | C] () -- I:\WINDOWS\System32\nvapi.dll
[2010/04/06 10:45:20 | 000,000,036 | ---- | C] () -- I:\WINDOWS\webica.ini
[2009/12/24 10:00:19 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2009/12/22 09:45:43 | 000,008,875 | ---- | C] () -- I:\WINDOWS\cfgall.ini
[2009/12/22 09:40:10 | 000,156,672 | ---- | C] () -- I:\WINDOWS\System32\RTLCPAPI.dll
[2009/12/22 09:40:09 | 000,040,960 | ---- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2009/12/22 09:14:13 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2009/12/22 09:09:08 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2009/12/22 01:03:14 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2009/12/22 01:02:01 | 000,119,744 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 001,622,016 | ---- | C] () -- I:\WINDOWS\System32\nwiz.exe
[2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2006/10/22 11:22:00 | 001,339,392 | ---- | C] () -- I:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- I:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2006/10/22 11:22:00 | 000,442,368 | ---- | C] () -- I:\WINDOWS\System32\nvappbar.exe
[2006/10/22 11:22:00 | 000,425,984 | ---- | C] () -- I:\WINDOWS\System32\keystone.exe
[2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/21 15:48:05 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2005/03/21 15:48:05 | 000,004,627 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,311,912 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,040,108 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/18 09:04:41 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\ICAClient
[2011/04/12 08:32:36 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/04/06 15:23:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/04/22 08:30:39 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Administrator\Application Data\Thunderbird
[2010/11/05 12:42:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Applications
[2010/12/22 11:58:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/10 14:05:04 | 000,000,424 | -H-- | M] () -- I:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
When you replied to your own post you made the post invisible to us since we look for posts with no Replies to answer. Looks like you have had at least one infection since 2011/03/31 11:43:43.

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2010/12/22 11:53:09 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/27 13:50:21 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/02 08:40:48 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/03/31 11:43:43 | 000,013,154 | -HS- | C] () -- I:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj
[2011/03/31 11:43:43 | 000,013,154 | -HS- | C] () -- I:\Documents and Settings\Administrator\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj
[2009/12/22 09:44:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Please post your last Combofix log.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Ron
  • 0

#4
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
I:\Documents and Settings\All Users\Application Data\7a3d8u8784tdd04w7i4a1pj moved successfully.
I:\Documents and Settings\Administrator\Local Settings\Application Data\7a3d8u8784tdd04w7i4a1pj moved successfully.
I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
I:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
I:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
I:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
I:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 50694 bytes

User: All Users

User: Craftsman Collision

User: Default User

User: Default User_old

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <{EMPTYJAVA]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_093216

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#5
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL logfile created on: 2011/11/18 9:35:48 AM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/M/d

1.75 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 31.67% Memory free
3.47 Gb Paging File | 2.27 Gb Available in Paging File | 65.31% Paging File free
Paging file location(s): I:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 298.01 Gb Total Space | 118.23 Gb Free Space | 39.67% Space Free | Partition Type: NTFS

Computer Name: HARBOURSIDEXPS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - I:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - I:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - i:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppgooglenaclpluginchrome.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\avutil-51.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\avformat-53.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\avcodec-53.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll ()
MOD - I:\WINDOWS\system32\nvapi.dll ()
MOD - I:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (!SASCORE) -- I:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- i:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MpKsl5d3036c7) -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70B5F00D-8EBB-4103-AC0A-9F2B26C87F4F}\MpKsl5d3036c7.sys (Microsoft Corporation)
DRV - (MpKsle9a3e33b) -- i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70B5F00D-8EBB-4103-AC0A-9F2B26C87F4F}\MpKsle9a3e33b.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Netaapl) -- I:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (nvnetbus) -- I:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- I:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvatabus) -- I:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (FsVga) -- I:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems:

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: I:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/05/04 14:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/03/24 12:56:07 | 000,000,000 | ---D | M]

[2010/04/22 08:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/22 08:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/27 15:28:51 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions
[2011/09/27 15:28:51 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/18 09:32:19 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 14:59:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = I:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = I:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: ConduitChromeApi (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\2.4.0.4_0\js/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = I:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = I:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mapit 1 = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\2.4.0.4_0\

O1 HOSTS File: ([2011/11/18 09:32:20 | 000,000,098 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] i:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] I:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] I:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTDCPL] I:\WINDOWS\System32\RTDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272489429046 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B6702D-F18F-4D62-BD08-587DE9A03198}: NameServer = 216.251.128.8,216.251.128.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: I:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 09:38:59 | 001,916,416 | ---- | C] (AVAST Software) -- I:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/11/18 09:38:34 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/11/16 11:32:33 | 001,036,344 | ---- | C] (Google Inc.) -- I:\Documents and Settings\Administrator\Desktop\chrome.exe
[2011/11/14 08:04:20 | 000,000,000 | ---D | C] -- I:\Program Files\Apple Software Update
[2011/11/14 08:04:16 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2011/11/13 08:44:33 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/10 13:50:10 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2011/11/10 13:50:10 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2011/11/10 13:50:10 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2011/11/10 13:50:10 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2011/11/10 13:48:25 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/11/10 13:48:21 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/10 13:46:57 | 004,289,249 | R--- | C] (Swearware) -- I:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/10 13:39:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\sreng2
[2011/11/10 13:28:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/08 14:08:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\xp_fileassoc
[2011/11/08 11:01:56 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Security Client
[2011/11/08 10:40:50 | 000,116,224 | ---- | C] (Xerox) -- I:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/11/08 10:40:47 | 000,023,040 | ---- | C] (Xerox Corporation) -- I:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/11/08 10:40:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/11/08 10:40:22 | 000,099,865 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\xlog.exe
[2011/11/08 10:40:18 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- I:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/11/08 10:40:16 | 000,019,455 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/11/08 10:40:14 | 000,019,200 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/11/08 10:40:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/11/08 10:40:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wshirda.dll
[2011/11/08 10:40:00 | 000,008,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/11/08 10:39:58 | 000,154,624 | ---- | C] (Lucent Technologies) -- I:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/11/08 10:39:55 | 000,034,890 | ---- | C] (Raytheon Corp.) -- I:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/11/08 10:39:47 | 000,771,581 | ---- | C] (Rockwell) -- I:\WINDOWS\System32\dllcache\winacisa.sys
[2011/11/08 10:39:42 | 000,053,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/11/08 10:39:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/11/08 10:39:32 | 000,701,386 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/11/08 10:39:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/11/08 10:39:32 | 000,023,615 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/11/08 10:39:28 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- I:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/11/08 10:39:26 | 000,033,599 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/11/08 10:39:25 | 000,019,551 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/11/08 10:39:24 | 000,029,311 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/11/08 10:39:21 | 000,012,127 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/11/08 10:39:21 | 000,011,775 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/11/08 10:39:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/11/08 10:39:16 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w940nd.sys
[2011/11/08 10:39:12 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w926nd.sys
[2011/11/08 10:39:09 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w840nd.sys
[2011/11/08 10:39:03 | 000,064,605 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\vvoice.sys
[2011/11/08 10:38:59 | 000,397,502 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/11/08 10:38:55 | 000,604,253 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\vmodem.sys
[2011/11/08 10:38:51 | 000,249,402 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\vinwm.sys
[2011/11/08 10:38:47 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- I:\WINDOWS\System32\dllcache\viairda.sys
[2011/11/08 10:38:46 | 000,005,376 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\viaide.sys
[2011/11/08 10:38:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/11/08 10:38:39 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/11/08 10:38:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usrti.sys
[2011/11/08 10:38:31 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usrpda.sys
[2011/11/08 10:38:28 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usroslba.sys
[2011/11/08 10:38:23 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/11/08 10:38:20 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/11/08 10:38:16 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1806.sys
[2011/11/08 10:38:12 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1801.sys
[2011/11/08 10:38:11 | 000,020,608 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/11/08 10:38:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbser.sys
[2011/11/08 10:38:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbprint.sys
[2011/11/08 10:38:08 | 000,060,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/11/08 10:38:07 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- I:\WINDOWS\System32\dllcache\usb101et.sys
[2011/11/08 10:38:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/11/08 10:37:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/11/08 10:37:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/11/08 10:37:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/11/08 10:37:48 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- I:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/11/08 10:37:45 | 000,022,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/11/08 10:37:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/11/08 10:37:38 | 000,047,616 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/11/08 10:37:34 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- I:\WINDOWS\System32\dllcache\um54scan.dll
[2011/11/08 10:37:31 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- I:\WINDOWS\System32\dllcache\um34scan.dll
[2011/11/08 10:37:27 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- I:\WINDOWS\System32\dllcache\ultra.sys
[2011/11/08 10:37:23 | 000,011,520 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\twotrack.sys
[2011/11/08 10:37:17 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/11/08 10:37:13 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridxp.dll
[2011/11/08 10:37:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/11/08 10:37:06 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridkb.dll
[2011/11/08 10:37:03 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/11/08 10:36:59 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\trid3d.dll
[2011/11/08 10:36:55 | 000,034,375 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\tpro4.sys
[2011/11/08 10:36:52 | 000,042,496 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\tp4res.dll
[2011/11/08 10:36:51 | 000,082,944 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/11/08 10:36:48 | 000,031,744 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\tp4.dll
[2011/11/08 10:36:44 | 000,004,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\toside.sys
[2011/11/08 10:36:40 | 000,230,912 | ---- | C] (Toshiba Corporation) -- I:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011/11/08 10:36:37 | 000,241,664 | ---- | C] (Toshiba Corporation) -- I:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011/11/08 10:36:33 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- I:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/11/08 10:36:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- I:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/11/08 10:36:24 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/11/08 10:36:20 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/11/08 10:36:19 | 000,149,376 | ---- | C] (M-Systems) -- I:\WINDOWS\System32\dllcache\tffsport.sys
[2011/11/08 10:36:15 | 000,017,129 | ---- | C] (TDK Corporation) -- I:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/11/08 10:36:11 | 000,037,961 | ---- | C] (TDK Corporation) -- I:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/11/08 10:36:06 | 000,030,464 | ---- | C] (Toshiba Corporation) -- I:\WINDOWS\System32\dllcache\tbatm155.sys
[2011/11/08 10:36:02 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\tandqic.sys
[2011/11/08 10:35:59 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/11/08 10:35:56 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- I:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/11/08 10:35:51 | 000,032,640 | ---- | C] (LSI Logic) -- I:\WINDOWS\System32\dllcache\symc8xx.sys
[2011/11/08 10:35:48 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- I:\WINDOWS\System32\dllcache\symc810.sys
[2011/11/08 10:35:44 | 000,030,688 | ---- | C] (LSI Logic) -- I:\WINDOWS\System32\dllcache\sym_u3.sys
[2011/11/08 10:35:41 | 000,028,384 | ---- | C] (LSI Logic) -- I:\WINDOWS\System32\dllcache\sym_hi.sys
[2011/11/08 10:35:38 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\sxports.dll
[2011/11/08 10:35:35 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\sx.sys
[2011/11/08 10:35:32 | 000,003,968 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/11/08 10:35:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/11/08 10:35:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/11/08 10:35:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/11/08 10:35:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/11/08 10:35:18 | 000,015,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\streamip.sys
[2011/11/08 10:35:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/11/08 10:35:11 | 000,053,248 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/11/08 10:35:08 | 000,285,760 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlnata.sys
[2011/11/08 10:35:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- I:\WINDOWS\System32\dllcache\stcusb.sys
[2011/11/08 10:34:59 | 000,048,736 | ---- | C] (3Com) -- I:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/11/08 10:34:55 | 000,099,328 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\srusd.dll
[2011/11/08 10:34:50 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- I:\WINDOWS\System32\dllcache\spxupchk.dll
[2011/11/08 10:34:45 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- I:\WINDOWS\System32\dllcache\speed.sys
[2011/11/08 10:34:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- I:\WINDOWS\System32\dllcache\spdports.dll
[2011/11/08 10:34:38 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- I:\WINDOWS\System32\dllcache\sparrow.sys
[2011/11/08 10:34:35 | 000,007,552 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/11/08 10:34:32 | 000,037,040 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonypi.sys
[2011/11/08 10:34:29 | 000,114,688 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonypi.dll
[2011/11/08 10:34:26 | 000,020,752 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonync.sys
[2011/11/08 10:34:23 | 000,009,600 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sonymc.sys
[2011/11/08 10:34:22 | 000,007,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sonyait.sys
[2011/11/08 10:34:19 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/11/08 10:34:10 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- I:\WINDOWS\System32\dllcache\smiminib.sys
[2011/11/08 10:34:05 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- I:\WINDOWS\System32\dllcache\smidispb.dll
[2011/11/08 10:34:01 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- I:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/11/08 10:33:58 | 000,035,913 | ---- | C] (SMC) -- I:\WINDOWS\System32\dllcache\smcirda.sys
[2011/11/08 10:33:55 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- I:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/11/08 10:33:52 | 000,006,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smbhc.sys
[2011/11/08 10:33:51 | 000,016,000 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/11/08 10:33:51 | 000,006,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smbclass.sys
[2011/11/08 10:33:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smb3w.dll
[2011/11/08 10:33:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smb0w.dll
[2011/11/08 10:33:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sma0w.dll
[2011/11/08 10:33:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sm91w.dll
[2011/11/08 10:33:32 | 000,011,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\slip.sys
[2011/11/08 10:33:31 | 000,063,547 | ---- | C] (Symbol Technologies) -- I:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/11/08 10:33:28 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- I:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/11/08 10:33:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- I:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/11/08 10:33:21 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisv256.dll
[2011/11/08 10:33:18 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisv.sys
[2011/11/08 10:33:17 | 000,032,768 | ---- | C] (SiS Corporation) -- I:\WINDOWS\System32\dllcache\sisnic.sys
[2011/11/08 10:33:14 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/11/08 10:33:11 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/11/08 10:33:08 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/11/08 10:33:05 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/11/08 10:33:01 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/11/08 10:32:58 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/11/08 10:32:50 | 000,161,568 | ---- | C] (Micro Systemation) -- I:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/11/08 10:32:47 | 000,018,400 | ---- | C] (Micro Systemation) -- I:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/11/08 10:32:44 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/11/08 10:32:41 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/11/08 10:32:38 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/11/08 10:32:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\serscan.sys
[2011/11/08 10:32:30 | 000,017,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sermouse.sys
[2011/11/08 10:32:25 | 000,011,520 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/11/08 10:32:25 | 000,006,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/11/08 10:32:22 | 000,011,648 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/11/08 10:32:17 | 000,017,280 | ---- | C] (SCM Microsystems) -- I:\WINDOWS\System32\dllcache\scr111.sys
[2011/11/08 10:32:14 | 000,016,640 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/11/08 10:32:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/11/08 10:32:07 | 000,023,936 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/11/08 10:32:06 | 000,043,904 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/11/08 10:32:03 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\sblfx.dll
[2011/11/08 10:31:59 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- I:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/11/08 10:31:56 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- I:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/11/08 10:31:53 | 000,077,824 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/11/08 10:31:50 | 000,198,400 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/11/08 10:31:47 | 000,061,504 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/11/08 10:31:43 | 000,179,264 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/11/08 10:31:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/11/08 10:31:37 | 000,062,496 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/11/08 10:31:34 | 000,041,216 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/11/08 10:31:31 | 000,182,272 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/11/08 10:31:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3m.sys
[2011/11/08 10:31:25 | 000,065,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/11/08 10:31:21 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia450.dll
[2011/11/08 10:31:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia430.dll
[2011/11/08 10:31:16 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/11/08 10:31:15 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/11/08 10:31:13 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- I:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/11/08 10:31:10 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- I:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/11/08 10:31:07 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- I:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/11/08 10:31:03 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/11/08 10:30:59 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- I:\WINDOWS\System32\dllcache\rpfun.sys
[2011/11/08 10:30:57 | 000,079,104 | ---- | C] (Comtrol Corporation) -- I:\WINDOWS\System32\dllcache\rocket.sys
[2011/11/08 10:30:54 | 000,037,563 | ---- | C] (RadioLAN) -- I:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/11/08 10:30:50 | 000,086,097 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\reslog32.dll
[2011/11/08 10:30:41 | 000,019,584 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\rasirda.sys
[2011/11/08 10:30:37 | 000,714,762 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/11/08 10:30:34 | 000,899,146 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/11/08 10:30:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\qvusd.dll
[2011/11/08 10:30:27 | 000,003,328 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/11/08 10:30:22 | 000,049,024 | ---- | C] (QLogic Corporation) -- I:\WINDOWS\System32\dllcache\ql1280.sys
[2011/11/08 10:30:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ql1240.sys
[2011/11/08 10:30:16 | 000,045,312 | ---- | C] (QLogic Corporation) -- I:\WINDOWS\System32\dllcache\ql12160.sys
[2011/11/08 10:30:13 | 000,033,152 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/11/08 10:30:10 | 000,040,320 | ---- | C] (QLogic Corporation) -- I:\WINDOWS\System32\dllcache\ql1080.sys
[2011/11/08 10:30:09 | 000,006,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\qic157.sys
[2011/11/08 10:30:05 | 000,130,942 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/11/08 10:30:02 | 000,112,574 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/11/08 10:29:59 | 000,128,286 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserli.sys
[2011/11/08 10:29:58 | 000,159,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/11/08 10:29:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/11/08 10:29:52 | 000,035,328 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\psisload.dll
[2011/11/08 10:29:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- I:\WINDOWS\System32\dllcache\pscr.sys
[2011/11/08 10:29:46 | 000,017,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ppa3.sys
[2011/11/08 10:29:43 | 000,017,792 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ppa.sys
[2011/11/08 10:29:43 | 000,008,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\powerfil.sys
[2011/11/08 10:29:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/11/08 10:29:34 | 000,121,344 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/11/08 10:29:31 | 000,019,840 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philtune.sys
[2011/11/08 10:29:28 | 000,092,416 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\phildec.sys
[2011/11/08 10:29:25 | 000,173,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philcam2.sys
[2011/11/08 10:29:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philcam1.sys
[2011/11/08 10:29:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philcam1.dll
[2011/11/08 10:29:15 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/11/08 10:29:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\phdsext.ax
[2011/11/08 10:29:14 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm3.sys
[2011/11/08 10:29:13 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/11/08 10:29:13 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm2.sys
[2011/11/08 10:29:09 | 000,005,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/11/08 10:29:06 | 000,027,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\perc2.sys
[2011/11/08 10:29:05 | 000,169,984 | ---- | C] (Cisco Systems) -- I:\WINDOWS\System32\dllcache\pcx500.sys
[2011/11/08 10:29:02 | 000,086,016 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\pctspk.exe
[2011/11/08 10:28:59 | 000,035,328 | ---- | C] (AMD Inc.) -- I:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/11/08 10:28:57 | 000,029,769 | ---- | C] (AMD Inc.) -- I:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/11/08 10:28:54 | 000,030,282 | ---- | C] (AMD Inc.) -- I:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/11/08 10:28:51 | 000,026,153 | ---- | C] (Linksys) -- I:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/11/08 10:28:50 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- I:\WINDOWS\System32\dllcache\pca200e.sys
[2011/11/08 10:28:47 | 000,030,495 | ---- | C] (Linksys) -- I:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/11/08 10:28:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/11/08 10:28:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovui2.dll
[2011/11/08 10:28:36 | 000,025,216 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/11/08 10:28:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/11/08 10:28:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/11/08 10:28:27 | 000,351,616 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/11/08 10:28:25 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/11/08 10:28:22 | 000,031,872 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovce.sys
[2011/11/08 10:28:19 | 000,028,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcd.sys
[2011/11/08 10:28:16 | 000,048,000 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/11/08 10:28:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovca.sys
[2011/11/08 10:28:10 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/11/08 10:28:07 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otceth5.sys
[2011/11/08 10:28:04 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/11/08 10:28:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- I:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/11/08 10:27:53 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- I:\WINDOWS\System32\dllcache\nv3.sys
[2011/11/08 10:27:50 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- I:\WINDOWS\System32\dllcache\nv3.dll
[2011/11/08 10:27:43 | 000,051,552 | ---- | C] (Kensington Technology Group) -- I:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/11/08 10:27:39 | 000,009,344 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ntapm.sys
[2011/11/08 10:27:37 | 000,007,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/11/08 10:27:35 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- I:\WINDOWS\System32\dllcache\nscirda.sys
[2011/11/08 10:27:31 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/11/08 10:27:28 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/11/08 10:27:24 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- I:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/11/08 10:27:23 | 000,132,695 | ---- | C] (802.11b) -- I:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/11/08 10:27:18 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\netflx3.sys
[2011/11/08 10:27:15 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/11/08 10:27:12 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/11/08 10:27:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ne2000.sys
[2011/11/08 10:27:08 | 000,010,880 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ndisip.sys
[2011/11/08 10:27:06 | 000,085,248 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/11/08 10:27:04 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/11/08 10:27:01 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/11/08 10:26:58 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/11/08 10:26:55 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/11/08 10:26:53 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128.sys
[2011/11/08 10:26:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128.dll
[2011/11/08 10:26:47 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\n100325.sys
[2011/11/08 10:26:44 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/11/08 10:26:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- I:\WINDOWS\System32\dllcache\mxport.sys
[2011/11/08 10:26:38 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- I:\WINDOWS\System32\dllcache\mxport.dll
[2011/11/08 10:26:36 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- I:\WINDOWS\System32\dllcache\mxnic.sys
[2011/11/08 10:26:33 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- I:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/11/08 10:26:30 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- I:\WINDOWS\System32\dllcache\mxcard.sys
[2011/11/08 10:26:26 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- I:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/11/08 10:26:15 | 000,005,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mstee.sys
[2011/11/08 10:26:14 | 000,049,024 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mstape.sys
[2011/11/08 10:26:10 | 000,012,416 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/11/08 10:26:04 | 000,002,944 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/11/08 10:26:03 | 000,022,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msircomm.sys
[2011/11/08 10:25:56 | 000,035,200 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msgame.sys
[2011/11/08 10:25:53 | 000,006,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msfsio.sys
[2011/11/08 10:25:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msdv.sys
[2011/11/08 10:25:44 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- I:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/11/08 10:25:39 | 000,015,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mpe.sys
[2011/11/08 10:25:34 | 000,016,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/11/08 10:25:28 | 000,006,528 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\miniqic.sys
[2011/11/08 10:25:23 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\mgaum.sys
[2011/11/08 10:25:20 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\mgaud.dll
[2011/11/08 10:25:19 | 000,026,112 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\memstpci.sys
[2011/11/08 10:25:16 | 000,047,616 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\memgrp.dll
[2011/11/08 10:25:13 | 000,008,320 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\memcard.sys
[2011/11/08 10:25:09 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- I:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/11/08 10:25:06 | 000,007,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mammoth.sys
[2011/11/08 10:25:02 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\maestro.sys
[2011/11/08 10:24:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/11/08 10:24:57 | 000,058,368 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/11/08 10:24:54 | 000,022,848 | ---- | C] (Logitech Inc.) -- I:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/11/08 10:24:53 | 000,020,864 | ---- | C] (Logitech Inc.) -- I:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/11/08 10:24:50 | 000,797,500 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/11/08 10:24:47 | 000,802,683 | ---- | C] (Lucent Technologies) -- I:\WINDOWS\System32\dllcache\ltsm.sys
[2011/11/08 10:24:47 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ltotape.sys
[2011/11/08 10:24:46 | 000,420,992 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/11/08 10:24:43 | 000,606,684 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/11/08 10:24:43 | 000,576,746 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/11/08 10:24:40 | 000,727,786 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/11/08 10:24:36 | 000,004,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\loop.sys
[2011/11/08 10:24:32 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- I:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/11/08 10:24:29 | 000,020,573 | ---- | C] (The Linksts Group ) -- I:\WINDOWS\System32\dllcache\lne100.sys
[2011/11/08 10:24:27 | 000,025,065 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/11/08 10:24:24 | 000,015,744 | ---- | C] (Litronic Industries) -- I:\WINDOWS\System32\dllcache\lit220p.sys
[2011/11/08 10:24:22 | 000,034,688 | ---- | C] (Toshiba Corp.) -- I:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/11/08 10:24:20 | 000,026,442 | ---- | C] (SMSC) -- I:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/11/08 10:24:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/11/08 10:24:17 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- I:\WINDOWS\System32\dllcache\ktc111.sys
[2011/11/08 10:24:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/11/08 10:24:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/11/08 10:24:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kousd.dll
[2011/11/08 10:24:11 | 000,253,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/11/08 10:24:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kdsui.dll
[2011/11/08 10:23:50 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- I:\WINDOWS\System32\dllcache\irstusb.sys
[2011/11/08 10:23:48 | 000,018,688 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irsir.sys
[2011/11/08 10:23:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irmon.dll
[2011/11/08 10:23:45 | 000,023,552 | ---- | C] (MKNet Corporation) -- I:\WINDOWS\System32\dllcache\irmk7.sys
[2011/11/08 10:23:44 | 000,151,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irftp.exe
[2011/11/08 10:23:43 | 000,088,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irda.sys
[2011/11/08 10:23:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ipsink.ax
[2011/11/08 10:23:38 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- I:\WINDOWS\System32\dllcache\ip5515.sys
[2011/11/08 10:23:35 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\io8ports.dll
[2011/11/08 10:23:33 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\io8.sys
[2011/11/08 10:23:32 | 000,005,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\intelide.sys
[2011/11/08 10:23:29 | 000,013,056 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\inport.sys
[2011/11/08 10:23:26 | 000,016,000 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ini910u.sys
[2011/11/08 10:23:05 | 000,372,824 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\iconf32.dll
[2011/11/08 10:23:03 | 000,100,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/11/08 10:23:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/11/08 10:22:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam5com.dll
[2011/11/08 10:22:55 | 000,154,496 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/11/08 10:22:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/11/08 10:22:50 | 000,091,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam4com.dll
[2011/11/08 10:22:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/11/08 10:22:46 | 000,141,056 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam3.sys
[2011/11/08 10:22:43 | 000,038,528 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/11/08 10:22:41 | 000,109,085 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/11/08 10:22:38 | 000,100,936 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/11/08 10:22:36 | 000,009,216 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/11/08 10:22:33 | 000,028,700 | ---- | C] (IBM Corp.) -- I:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/11/08 10:22:31 | 000,702,845 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/11/08 10:22:31 | 000,161,020 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/11/08 10:22:28 | 000,058,592 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/11/08 10:22:26 | 000,353,184 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/11/08 10:22:25 | 000,018,560 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\i2omp.sys
[2011/11/08 10:22:23 | 000,008,576 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/11/08 10:22:14 | 000,488,383 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/11/08 10:22:12 | 000,050,751 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/11/08 10:22:10 | 000,073,279 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/11/08 10:22:07 | 000,044,863 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/11/08 10:22:05 | 000,057,471 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/11/08 10:22:02 | 000,542,879 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/11/08 10:22:00 | 000,391,199 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/11/08 10:21:58 | 000,009,759 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/11/08 10:21:55 | 000,115,807 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/11/08 10:21:53 | 000,199,711 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/11/08 10:21:51 | 000,289,887 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/11/08 10:21:48 | 000,067,167 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/11/08 10:21:46 | 000,150,239 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/11/08 10:21:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hr1w.dll
[2011/11/08 10:21:41 | 000,005,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/11/08 10:21:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/11/08 10:21:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/11/08 10:21:34 | 000,025,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpn.sys
[2011/11/08 10:21:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/11/08 10:21:29 | 000,068,608 | ---- | C] (Avisioin) -- I:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/11/08 10:21:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/11/08 10:21:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- I:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/11/08 10:21:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/11/08 10:21:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/11/08 10:21:07 | 000,119,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/11/08 10:21:03 | 000,002,688 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/11/08 10:21:01 | 000,008,576 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hidgame.sys
[2011/11/08 10:21:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/11/08 10:20:57 | 000,907,456 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/11/08 10:20:55 | 000,028,288 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\grserial.sys
[2011/11/08 10:20:53 | 000,082,304 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\grclass.sys
[2011/11/08 10:20:51 | 000,017,408 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\gpr400.sys
[2011/11/08 10:20:48 | 000,059,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\gckernel.sys
[2011/11/08 10:20:47 | 000,010,624 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\gameenum.sys
[2011/11/08 10:20:45 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g400m.sys
[2011/11/08 10:20:43 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g400d.dll
[2011/11/08 10:20:40 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g200m.sys
[2011/11/08 10:20:38 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g200d.dll
[2011/11/08 10:20:35 | 000,454,912 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/11/08 10:20:26 | 000,092,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\fuusd.dll
[2011/11/08 10:20:23 | 000,455,296 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/11/08 10:20:20 | 000,455,680 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fus2base.sys
[2011/11/08 10:20:15 | 000,442,240 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/11/08 10:20:12 | 000,441,728 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/11/08 10:20:09 | 000,444,416 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/11/08 10:20:07 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- I:\WINDOWS\System32\dllcache\forehe.sys
[2011/11/08 10:20:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/11/08 10:20:01 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- I:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/11/08 10:19:55 | 000,022,090 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/11/08 10:19:51 | 000,024,618 | ---- | C] (NETGEAR) -- I:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/11/08 10:19:49 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- I:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/11/08 10:19:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- I:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/11/08 10:19:45 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- I:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/11/08 10:19:43 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/11/08 10:19:41 | 000,016,998 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\ex10.sys
[2011/11/08 10:19:36 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esunib.dll
[2011/11/08 10:19:34 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esuni.dll
[2011/11/08 10:19:31 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esuimg.dll
[2011/11/08 10:19:29 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esucm.dll
[2011/11/08 10:19:28 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\essm2e.sys
[2011/11/08 10:19:26 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\ess.sys
[2011/11/08 10:19:24 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/11/08 10:19:22 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/11/08 10:19:19 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/11/08 10:19:17 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es198x.sys
[2011/11/08 10:19:16 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- I:\WINDOWS\System32\dllcache\es1969.sys
[2011/11/08 10:19:14 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/11/08 10:19:12 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/11/08 10:19:09 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/11/08 10:19:07 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/11/08 10:19:05 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/11/08 10:19:03 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqn.sys
[2011/11/08 10:19:01 | 000,114,944 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/11/08 10:18:59 | 000,018,503 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\epro4.sys
[2011/11/08 10:18:58 | 000,144,896 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/11/08 10:18:56 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/11/08 10:18:51 | 000,019,996 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\em556n4.sys
[2011/11/08 10:18:50 | 000,025,159 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\elnk3.sys
[2011/11/08 10:18:49 | 000,007,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/11/08 10:18:47 | 000,171,520 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/11/08 10:18:46 | 000,070,174 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/11/08 10:18:44 | 000,455,199 | ---- | C] (3Com Corporation.) -- I:\WINDOWS\System32\dllcache\el985n51.sys
[2011/11/08 10:18:43 | 000,153,631 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/11/08 10:18:41 | 000,066,591 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/11/08 10:18:40 | 000,241,206 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656se5.sys
[2011/11/08 10:18:38 | 000,077,386 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/11/08 10:18:36 | 000,634,134 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/11/08 10:18:35 | 000,069,194 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/11/08 10:18:34 | 000,026,141 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/11/08 10:18:32 | 000,069,692 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/11/08 10:18:31 | 000,024,653 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/11/08 10:18:29 | 000,055,999 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/11/08 10:18:28 | 000,044,103 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el515.sys
[2011/11/08 10:18:25 | 000,019,594 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/11/08 10:18:24 | 000,117,760 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\e100b325.sys
[2011/11/08 10:18:23 | 000,050,719 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/11/08 10:18:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dshowext.ax
[2011/11/08 10:18:17 | 000,334,208 | ---- | C] (Yamaha Corp.) -- I:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/11/08 10:18:14 | 000,020,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/11/08 10:18:12 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- I:\WINDOWS\System32\dllcache\dp83820.sys
[2011/11/08 10:18:10 | 000,023,808 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/11/08 10:18:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/11/08 10:18:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/11/08 10:18:07 | 000,206,976 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4.sys
[2011/11/08 10:18:03 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- I:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/11/08 10:18:02 | 000,008,320 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dlttape.sys
[2011/11/08 10:18:00 | 000,026,698 | ---- | C] (D-Link Corporation) -- I:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/11/08 10:17:58 | 000,952,007 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\diwan.sys
[2011/11/08 10:17:53 | 000,236,060 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\ditrace.exe
[2011/11/08 10:17:52 | 000,038,985 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/11/08 10:17:51 | 000,031,305 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/11/08 10:17:50 | 000,006,729 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvci.dll
[2011/11/08 10:17:47 | 000,091,305 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\dimaint.sys
[2011/11/08 10:17:46 | 000,614,429 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiview.exe
[2011/11/08 10:17:45 | 000,042,432 | ---- | C] (Digi International, Inc.) -- I:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/11/08 10:17:43 | 000,110,621 | ---- | C] (Digi International, Inc.) -- I:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/11/08 10:17:42 | 000,021,606 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/11/08 10:17:41 | 000,041,046 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/11/08 10:17:40 | 000,102,484 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiinf.dll
[2011/11/08 10:17:39 | 000,159,828 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digihlc.dll
[2011/11/08 10:17:37 | 000,229,462 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/11/08 10:17:36 | 000,090,525 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digifep5.sys
[2011/11/08 10:17:35 | 000,103,044 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digidxb.sys
[2011/11/08 10:17:34 | 000,131,156 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digidbp.dll
[2011/11/08 10:17:32 | 000,037,735 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/11/08 10:17:31 | 000,065,622 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/11/08 10:17:29 | 000,419,357 | ---- | C] (Digi International) -- I:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/11/08 10:17:28 | 000,029,531 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\dgapci.sys
[2011/11/08 10:17:26 | 000,024,649 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/11/08 10:17:25 | 000,024,648 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\dfe650.sys
[2011/11/08 10:17:23 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\devldr32.exe
[2011/11/08 10:17:22 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\devcon32.dll
[2011/11/08 10:17:21 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- I:\WINDOWS\System32\dllcache\defpa.sys
[2011/11/08 10:17:20 | 000,007,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/11/08 10:17:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/11/08 10:17:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/11/08 10:17:16 | 000,063,208 | ---- | C] (Intel Corporation.) -- I:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/11/08 10:17:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/11/08 10:17:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/11/08 10:17:11 | 000,014,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/11/08 10:17:09 | 000,179,584 | ---- | C] (Mylex Corporation) -- I:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/11/08 10:17:06 | 000,117,760 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/11/08 10:17:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyzports.dll
[2011/11/08 10:17:04 | 000,049,792 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyzport.sys
[2011/11/08 10:17:03 | 000,027,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/11/08 10:17:02 | 000,027,648 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyyports.dll
[2011/11/08 10:17:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyyport.sys
[2011/11/08 10:16:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/11/08 10:16:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/11/08 10:16:57 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/11/08 10:16:57 | 000,017,152 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/11/08 10:16:56 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/11/08 10:16:55 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/11/08 10:16:54 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/11/08 10:16:52 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/11/08 10:16:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/11/08 10:16:50 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbase.sys
[2011/11/08 10:16:49 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- I:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/11/08 10:16:49 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/11/08 10:16:47 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- I:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/11/08 10:16:46 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/11/08 10:16:45 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/11/08 10:16:43 | 000,175,104 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\csamsp.dll
[2011/11/08 10:16:42 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- I:\WINDOWS\System32\dllcache\crtaud.sys
[2011/11/08 10:16:41 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- I:\WINDOWS\System32\dllcache\cpscan.dll
[2011/11/08 10:16:40 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- I:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/11/08 10:16:39 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/11/08 10:16:38 | 000,014,976 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/11/08 10:16:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\compbatt.sys
[2011/11/08 10:16:31 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- I:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/11/08 10:16:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cnusd.dll
[2011/11/08 10:16:28 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- I:\WINDOWS\System32\dllcache\cmdide.sys
[2011/11/08 10:16:27 | 000,020,736 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/11/08 10:16:27 | 000,013,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/11/08 10:16:25 | 000,248,064 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/11/08 10:16:23 | 000,170,880 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cl546x.dll
[2011/11/08 10:16:23 | 000,111,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cl5465.dll
[2011/11/08 10:16:22 | 000,045,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cirrus.sys
[2011/11/08 10:16:21 | 000,091,264 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cirrus.dll
[2011/11/08 10:16:19 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- I:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/11/08 10:16:18 | 000,980,034 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\cicap.sys
[2011/11/08 10:16:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\changer.sys
[2011/11/08 10:16:12 | 000,049,182 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/11/08 10:16:12 | 000,022,044 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/11/08 10:16:11 | 000,022,044 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/11/08 10:16:10 | 000,027,164 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/11/08 10:16:10 | 000,021,530 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/11/08 10:16:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/11/08 10:16:07 | 000,017,024 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/11/08 10:16:06 | 000,714,698 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/11/08 10:16:06 | 000,046,108 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cben5.sys
[2011/11/08 10:16:05 | 000,039,680 | ---- | C] (Silicom Ltd.) -- I:\WINDOWS\System32\dllcache\cb325.sys
[2011/11/08 10:16:04 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- I:\WINDOWS\System32\dllcache\cb102.sys
[2011/11/08 10:16:03 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- I:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/11/08 10:16:01 | 000,164,923 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\diapi2.sys
[2011/11/08 10:16:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext30.dll
[2011/11/08 10:15:59 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext30.ax
[2011/11/08 10:15:58 | 000,236,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext20.dll
[2011/11/08 10:15:57 | 000,244,224 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext20.ax
[2011/11/08 10:15:57 | 000,074,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camexo20.dll
[2011/11/08 10:15:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camexo20.ax
[2011/11/08 10:15:55 | 000,171,264 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/11/08 10:15:54 | 000,223,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/11/08 10:15:53 | 000,314,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camdro21.sys
[2011/11/08 10:15:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/11/08 10:15:25 | 000,031,529 | ---- | C] (BreezeCOM) -- I:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/11/08 10:15:24 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/11/08 10:15:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/11/08 10:15:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/11/08 10:15:22 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brserif.dll
[2011/11/08 10:15:22 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- I:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/11/08 10:15:21 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/11/08 10:15:20 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brparimg.sys
[2011/11/08 10:15:18 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/11/08 10:15:18 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/11/08 10:15:17 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/11/08 10:15:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/11/08 10:15:16 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/11/08 10:15:15 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/11/08 10:15:15 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/11/08 10:15:14 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brfilt.sys
[2011/11/08 10:15:13 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brevif.dll
[2011/11/08 10:15:12 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/11/08 10:15:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/11/08 10:15:10 | 000,102,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/11/08 10:15:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/11/08 10:15:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\bdasup.sys
[2011/11/08 10:15:08 | 000,871,388 | ---- | C] (BCM) -- I:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/11/08 10:15:08 | 000,026,568 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/11/08 10:15:07 | 000,054,271 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/11/08 10:15:06 | 000,066,557 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/11/08 10:15:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\battc.sys
[2011/11/08 10:15:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\banshee.sys
[2011/11/08 10:15:03 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\banshee.dll
[2011/11/08 10:15:03 | 000,096,640 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/11/08 10:15:02 | 000,089,952 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/11/08 10:15:01 | 000,037,568 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmwan.sys
[2011/11/08 10:15:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- I:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/11/08 10:15:00 | 000,144,384 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmenum.dll
[2011/11/08 10:14:59 | 000,087,552 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/11/08 10:14:58 | 000,036,096 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/11/08 10:14:58 | 000,013,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/11/08 10:14:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\avc.sys
[2011/11/08 10:14:49 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atiragem.sys
[2011/11/08 10:14:48 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atiraged.dll
[2011/11/08 10:14:46 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atimtai.sys
[2011/11/08 10:14:45 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atimpab.sys
[2011/11/08 10:14:45 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atimpae.sys
[2011/11/08 10:14:44 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atidvai.dll
[2011/11/08 10:14:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\atievxx.exe
[2011/11/08 10:14:43 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atidrae.dll
[2011/11/08 10:14:42 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atidrab.dll
[2011/11/08 10:14:38 | 000,096,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ati.dll
[2011/11/08 10:14:38 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- I:\WINDOWS\System32\dllcache\ati.sys
[2011/11/08 10:14:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- I:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/11/08 10:14:35 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- I:\WINDOWS\System32\dllcache\asc3550.sys
[2011/11/08 10:14:34 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- I:\WINDOWS\System32\dllcache\asc.sys
[2011/11/08 10:14:34 | 000,022,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/11/08 10:14:32 | 000,006,272 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/11/08 10:14:31 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- I:\WINDOWS\System32\dllcache\an983.sys
[2011/11/08 10:14:30 | 000,012,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\amsint.sys
[2011/11/08 10:14:29 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- I:\WINDOWS\System32\dllcache\amb8002.sys
[2011/11/08 10:14:29 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\aliide.sys
[2011/11/08 10:14:28 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\ali5261.sys
[2011/11/08 10:14:28 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\alifir.sys
[2011/11/08 10:14:27 | 000,056,960 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/11/08 10:14:27 | 000,055,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/11/08 10:14:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aha154x.sys
[2011/11/08 10:14:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/11/08 10:14:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/11/08 10:14:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- I:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/11/08 10:14:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\admjoy.sys
[2011/11/08 10:14:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8830.sys
[2011/11/08 10:14:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8820.sys
[2011/11/08 10:14:16 | 000,584,448 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8810.sys
[2011/11/08 10:14:16 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- I:\WINDOWS\System32\dllcache\adm8511.sys
[2011/11/08 10:14:15 | 000,007,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\adicvls.sys
[2011/11/08 10:14:14 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- I:\WINDOWS\System32\dllcache\acerscad.dll
[2011/11/08 10:14:13 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- I:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/11/08 10:14:13 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- I:\WINDOWS\System32\dllcache\ac97via.sys
[2011/11/08 10:14:12 | 000,096,256 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/11/08 10:14:11 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/11/08 10:14:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/11/08 10:14:10 | 000,462,848 | ---- | C] (Aureal Inc.) -- I:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/11/08 10:14:10 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- I:\WINDOWS\System32\dllcache\a3d.dll
[2011/11/08 10:14:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\8514a.dll
[2011/11/08 10:14:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\61883.sys
[2011/11/08 10:14:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/11/08 10:14:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/11/08 10:14:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/11/08 10:14:03 | 000,762,780 | ---- | C] (3Com, Inc.) -- I:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/11/08 10:14:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/11/08 10:13:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/10/31 14:48:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\MACAddressChanger_Exe

========== Files - Modified Within 30 Days ==========

[2011/11/18 09:39:08 | 001,916,416 | ---- | M] (AVAST Software) -- I:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/11/18 09:38:43 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/11/18 09:37:38 | 000,000,424 | -H-- | M] () -- I:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/18 09:32:48 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/11/18 09:32:36 | 000,000,896 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 09:32:33 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/11/18 09:32:20 | 000,000,098 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/18 08:51:00 | 000,001,010 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500UA.job
[2011/11/18 08:51:00 | 000,000,958 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500Core.job
[2011/11/18 08:43:00 | 000,000,900 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/17 12:09:35 | 001,036,344 | ---- | M] (Google Inc.) -- I:\Documents and Settings\Administrator\Desktop\chrome.exe
[2011/11/15 14:57:33 | 000,517,725 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Convention .pdf
[2011/11/14 08:04:23 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/11 16:52:18 | 000,002,344 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/11/11 16:52:18 | 000,002,322 | ---- | M] () -- I:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/10 13:47:14 | 004,289,249 | R--- | M] (Swearware) -- I:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/10 13:39:17 | 000,676,536 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\sreng2.zip
[2011/11/10 13:28:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/08 14:40:28 | 100,595,488 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_11_09_01_52.exe
[2011/11/08 12:53:11 | 000,036,548 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\VAN FREE STYLE CLUB - Online Group Purchase Instructions[1].pdf
[2011/11/08 11:02:28 | 000,001,945 | ---- | M] () -- I:\WINDOWS\epplauncher.mif
[2011/11/08 10:47:20 | 000,311,912 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/11/08 10:47:20 | 000,040,108 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/10/31 14:34:31 | 001,324,940 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\netstumblerinstaller_0_4_0.exe
[2011/10/27 12:09:02 | 000,051,596 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\image001.jpg
[2011/10/26 11:52:47 | 000,060,794 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Vancouver Freestyle Programs 2011-12.pdf
[2011/10/20 07:43:48 | 000,000,000 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml

========== Files Created - No Company Name ==========

[2011/11/15 14:57:32 | 000,517,725 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\Convention .pdf
[2011/11/10 13:50:10 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2011/11/10 13:50:10 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2011/11/10 13:50:10 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2011/11/10 13:50:10 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2011/11/10 13:50:10 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2011/11/10 13:39:15 | 000,676,536 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\sreng2.zip
[2011/11/08 14:34:21 | 100,595,488 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_11_09_01_52.exe
[2011/11/08 12:53:11 | 000,036,548 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\VAN FREE STYLE CLUB - Online Group Purchase Instructions[1].pdf
[2011/11/08 11:07:15 | 000,000,424 | -H-- | C] () -- I:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/08 11:02:28 | 000,001,945 | ---- | C] () -- I:\WINDOWS\epplauncher.mif
[2011/11/08 11:02:06 | 000,001,680 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/08 10:40:46 | 000,018,944 | ---- | C] () -- I:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/11/08 10:40:42 | 000,027,648 | ---- | C] () -- I:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/11/08 10:29:55 | 000,033,280 | ---- | C] () -- I:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/11/08 10:29:51 | 000,363,520 | ---- | C] () -- I:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/11/08 10:25:52 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/11/08 10:21:27 | 000,165,888 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/11/08 10:21:22 | 000,093,696 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/11/08 10:21:18 | 000,101,376 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/11/08 10:21:13 | 000,089,088 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/11/08 10:21:09 | 000,083,968 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/11/08 10:17:57 | 000,029,768 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divasu.dll
[2011/11/08 10:17:56 | 000,037,962 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divaprop.dll
[2011/11/08 10:17:55 | 000,006,216 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divaci.dll
[2011/11/08 10:14:53 | 000,026,624 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/11/08 10:14:53 | 000,023,552 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atixbar.sys
[2011/11/08 10:14:52 | 000,019,456 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/11/08 10:14:51 | 000,017,152 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/11/08 10:14:51 | 000,009,472 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/11/08 10:14:50 | 000,026,880 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/11/08 10:14:50 | 000,017,152 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atitunep.sys
[2011/11/08 10:14:49 | 000,049,920 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/11/08 10:14:47 | 000,010,240 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/11/08 10:14:41 | 000,046,464 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/31 14:34:25 | 001,324,940 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\netstumblerinstaller_0_4_0.exe
[2011/10/27 12:09:02 | 000,051,596 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\image001.jpg
[2011/10/26 11:52:48 | 000,060,794 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\Vancouver Freestyle Programs 2011-12.pdf
[2010/12/22 12:05:05 | 000,025,620 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2010/11/05 13:44:40 | 000,000,036 | ---- | C] () -- I:\WINDOWS\wwwbatch.ini
[2010/07/08 15:09:49 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\pdfcmnnt.dll
[2010/04/06 14:33:19 | 000,000,022 | ---- | C] () -- I:\WINDOWS\System32\nvModes.dat
[2010/04/06 14:25:53 | 002,183,470 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin
[2010/04/06 14:25:53 | 000,212,992 | ---- | C] () -- I:\WINDOWS\System32\nvapi.dll
[2010/04/06 10:45:20 | 000,000,036 | ---- | C] () -- I:\WINDOWS\webica.ini
[2009/12/24 10:00:19 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2009/12/22 09:45:43 | 000,008,875 | ---- | C] () -- I:\WINDOWS\cfgall.ini
[2009/12/22 09:40:10 | 000,156,672 | ---- | C] () -- I:\WINDOWS\System32\RTLCPAPI.dll
[2009/12/22 09:40:09 | 000,040,960 | ---- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2009/12/22 09:14:13 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2009/12/22 09:09:08 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2009/12/22 01:03:14 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2009/12/22 01:02:01 | 000,119,744 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 001,622,016 | ---- | C] () -- I:\WINDOWS\System32\nwiz.exe
[2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2006/10/22 11:22:00 | 001,339,392 | ---- | C] () -- I:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- I:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2006/10/22 11:22:00 | 000,442,368 | ---- | C] () -- I:\WINDOWS\System32\nvappbar.exe
[2006/10/22 11:22:00 | 000,425,984 | ---- | C] () -- I:\WINDOWS\System32\keystone.exe
[2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/21 15:48:05 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2005/03/21 15:48:05 | 000,004,627 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,311,912 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,040,108 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat

< End of report >
  • 0

#6
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
ComboFix 11-11-10.03 - Administrator 2011/11/10 13:51:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.1789.1465 [GMT -8:00]
Running from: i:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))
.
.
2011-11-08 22:28 . 2011-11-08 22:28 28752 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AF3DE5A-AC46-4C08-8681-D6776AE21E4A}\MpKslbfa7e822.sys
2011-11-08 19:09 . 2011-10-18 09:28 6668624 ----a-w- i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AF3DE5A-AC46-4C08-8681-D6776AE21E4A}\mpengine.dll
2011-11-08 19:01 . 2011-11-08 19:02 -------- d-----w- i:\program files\Microsoft Security Client
2011-11-08 18:40 . 2008-04-14 13:42 116224 -c--a-w- i:\windows\system32\dllcache\xrxwiadr.dll
2011-11-08 18:40 . 2001-08-18 06:36 23040 -c--a-w- i:\windows\system32\dllcache\xrxwbtmp.dll
2011-11-08 18:40 . 2008-04-14 13:42 18944 -c--a-w- i:\windows\system32\dllcache\xrxscnui.dll
2011-11-08 18:40 . 2001-08-18 06:37 27648 -c--a-w- i:\windows\system32\dllcache\xrxftplt.exe
2011-11-08 18:40 . 2001-08-18 06:37 4608 -c--a-w- i:\windows\system32\dllcache\xrxflnch.exe
2011-11-08 18:40 . 2001-08-18 06:37 99865 -c--a-w- i:\windows\system32\dllcache\xlog.exe
2011-11-08 18:40 . 2001-08-17 20:11 16970 -c--a-w- i:\windows\system32\dllcache\xem336n5.sys
2011-11-08 18:40 . 2008-04-14 06:04 19455 -c--a-w- i:\windows\system32\dllcache\wvchntxx.sys
2011-11-08 18:40 . 2008-04-14 08:16 19200 -c--a-w- i:\windows\system32\dllcache\wstcodec.sys
2011-11-08 18:40 . 2008-04-14 13:42 8192 -c--a-w- i:\windows\system32\dllcache\wshirda.dll
2011-11-08 18:40 . 2008-04-14 06:04 12063 -c--a-w- i:\windows\system32\dllcache\wsiintxx.sys
2011-11-08 18:40 . 2008-04-14 08:06 8832 -c--a-w- i:\windows\system32\dllcache\wmiacpi.sys
2011-11-08 18:38 . 2001-08-17 21:28 397502 -c--a-w- i:\windows\system32\dllcache\vpctcom.sys
2011-11-08 18:37 . 2001-08-18 06:36 28160 -c--a-w- i:\windows\system32\dllcache\umaxu40.dll
2011-11-08 18:36 . 2001-08-17 22:56 315520 -c--a-w- i:\windows\system32\dllcache\trid3d.dll
2011-11-08 18:35 . 2001-08-17 20:50 36640 -c--a-w- i:\windows\system32\dllcache\t2r4mini.sys
2011-11-08 18:34 . 2001-08-17 20:11 48736 -c--a-w- i:\windows\system32\dllcache\srwlnd5.sys
2011-11-08 18:33 . 2001-08-17 20:10 35913 -c--a-w- i:\windows\system32\dllcache\smcirda.sys
2011-11-08 18:32 . 2001-08-17 20:50 101760 -c--a-w- i:\windows\system32\dllcache\sis300ip.sys
2011-11-08 18:31 . 2001-08-17 20:50 75392 -c--a-w- i:\windows\system32\dllcache\s3savmxm.sys
2011-11-08 18:30 . 2001-08-17 20:19 3840 -c--a-w- i:\windows\system32\dllcache\rpfun.sys
2011-11-08 18:29 . 2001-08-17 21:28 128286 -c--a-w- i:\windows\system32\dllcache\ptserli.sys
2011-11-08 18:28 . 2001-08-17 20:11 35328 -c--a-w- i:\windows\system32\dllcache\pcntpci5.sys
2011-11-08 18:27 . 2001-08-17 20:50 198144 -c--a-w- i:\windows\system32\dllcache\nv3.sys
2011-11-08 18:26 . 2001-08-17 20:50 33088 -c--a-w- i:\windows\system32\dllcache\n9i128v2.sys
2011-11-08 18:25 . 2001-08-17 22:02 35200 -c--a-w- i:\windows\system32\dllcache\msgame.sys
2011-11-08 18:24 . 2001-08-18 06:36 58880 -c--a-w- i:\windows\system32\dllcache\m3092dc.dll
2011-11-08 18:23 . 2001-08-17 21:49 26624 -c--a-w- i:\windows\system32\dllcache\irstusb.sys
2011-11-08 18:22 . 2001-08-18 06:36 45056 -c--a-w- i:\windows\system32\dllcache\icam5com.dll
2011-11-08 18:21 . 2001-08-18 06:36 9759 -c--a-w- i:\windows\system32\dllcache\hsf_inst.dll
2011-11-08 18:20 . 2001-08-17 21:28 907456 -c--a-w- i:\windows\system32\dllcache\hcf_msft.sys
2011-11-08 18:19 . 2001-08-17 20:10 22090 -c--a-w- i:\windows\system32\dllcache\fem556n5.sys
2011-11-08 18:18 . 2001-08-17 20:12 18503 -c--a-w- i:\windows\system32\dllcache\epro4.sys
2011-11-08 18:17 . 2001-08-17 20:14 952007 -c--a-w- i:\windows\system32\dllcache\diwan.sys
2011-11-08 18:16 . 2001-08-18 06:36 28672 -c--a-w- i:\windows\system32\dllcache\cyycoins.dll
2011-11-08 18:15 . 2001-08-18 06:36 236032 -c--a-w- i:\windows\system32\dllcache\camext20.dll
2011-11-08 18:14 . 2001-08-18 06:36 87552 -c--a-w- i:\windows\system32\dllcache\avmcoxp.dll
2011-11-08 18:13 . 2001-08-17 22:56 66048 -c--a-w- i:\windows\system32\dllcache\s3legacy.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 17:50 . 2011-10-11 17:50 414368 ----a-w- i:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 01:00 . 2010-09-08 22:11 22216 ----a-w- i:\windows\system32\drivers\mbam.sys
2011-05-04 22:59 . 2011-03-24 20:56 142296 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="i:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-20 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="i:\windows\system32\nvraidservice.exe" [2005-07-23 126464]
"RTDCPL"="RTDCPL.EXE" [2005-05-26 12275200]
"Adobe Reader Speed Launcher"="i:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="i:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IMJPMIG8.1"="i:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="i:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-13 44032]
"MSPY2002"="i:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="i:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="i:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="i:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="i:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="i:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="i:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MSC"="i:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "i:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-20 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- i:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"i:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 MpKslbfa7e822;MpKslbfa7e822;i:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5AF3DE5A-AC46-4C08-8681-D6776AE21E4A}\MpKslbfa7e822.sys [2011/11/8 2:28 PM 28752]
R1 SASDIFSV;SASDIFSV;i:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010/2/17 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;i:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010/5/10 10:41 AM 67664]
R2 !SASCORE;SAS Core Service;i:\program files\SUPERAntiSpyware\SASCORE.EXE [2010/4/28 7:22 AM 116608]
S2 gupdate;Google Update Service (gupdate);i:\program files\Google\Update\GoogleUpdate.exe [2011/2/18 2:13 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);i:\program files\Google\Update\GoogleUpdate.exe [2011/2/18 2:13 PM 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;i:\windows\system32\drivers\netaapl.sys [2010/12/22 11:56 AM 18432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-11-10 i:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- i:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 22:13]
.
2011-11-10 i:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- i:\program files\Google\Update\GoogleUpdate.exe [2011-02-18 22:13]
.
2011-11-10 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500Core.job
- i:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 12:18]
.
2011-11-10 i:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500UA.job
- i:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-10 12:18]
.
2011-11-08 i:\windows\Tasks\MP Scheduled Scan.job
- i:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 23:39]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://manuals.craftsmancollision.com/Operations/default.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{71B6702D-F18F-4D62-BD08-587DE9A03198}: NameServer = 216.251.128.8,216.251.128.9
FF - ProfilePath - i:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
i:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2264)
i:\windows\system32\ieframe.dll
i:\windows\system32\OneX.DLL
i:\windows\system32\eappprxy.dll
.
Completion time: 2011-11-10 13:55:44
ComboFix-quarantined-files.txt 2011-11-10 21:55
ComboFix2.txt 2010-09-09 19:28
.
Pre-Run: 127,106,363,392 bytes free
Post-Run: 127,458,779,136 bytes free
.
- - End Of File - - FB157D9972E06B93C5C37BE052EF71CD
  • 0

#7
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
09:45:15.0484 4000 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
09:45:16.0000 4000 ============================================================
09:45:16.0000 4000 Current date / time: 2011/11/18 09:45:16.0000
09:45:16.0000 4000 SystemInfo:
09:45:16.0000 4000
09:45:16.0000 4000 OS Version: 5.1.2600 ServicePack: 3.0
09:45:16.0000 4000 Product type: Workstation
09:45:16.0000 4000 ComputerName: HARBOURSIDEXPS
09:45:16.0000 4000 UserName: Administrator
09:45:16.0000 4000 Windows directory: I:\WINDOWS
09:45:16.0000 4000 System windows directory: I:\WINDOWS
09:45:16.0000 4000 Processor architecture: Intel x86
09:45:16.0000 4000 Number of processors: 2
09:45:16.0000 4000 Page size: 0x1000
09:45:16.0000 4000 Boot type: Normal boot
09:45:16.0000 4000 ============================================================
09:45:16.0625 4000 Initialize success
09:45:38.0312 3468 ============================================================
09:45:38.0312 3468 Scan started
09:45:38.0312 3468 Mode: Manual;
09:45:38.0312 3468 ============================================================
09:45:38.0531 3468 Abiosdsk - ok
09:45:38.0531 3468 abp480n5 - ok
09:45:38.0578 3468 ACPI (8fd99680a539792a30e97944fdaecf17) I:\WINDOWS\system32\DRIVERS\ACPI.sys
09:45:38.0578 3468 ACPI - ok
09:45:38.0625 3468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) I:\WINDOWS\system32\drivers\ACPIEC.sys
09:45:38.0625 3468 ACPIEC - ok
09:45:38.0625 3468 adpu160m - ok
09:45:38.0656 3468 aec (8bed39e3c35d6a489438b8141717a557) I:\WINDOWS\system32\drivers\aec.sys
09:45:38.0656 3468 aec - ok
09:45:38.0703 3468 AFD (7e775010ef291da96ad17ca4b17137d7) I:\WINDOWS\System32\drivers\afd.sys
09:45:38.0718 3468 AFD - ok
09:45:38.0718 3468 Aha154x - ok
09:45:38.0734 3468 aic78u2 - ok
09:45:38.0734 3468 aic78xx - ok
09:45:38.0812 3468 ALCXWDM (3c297a80222d7da2697e3e6d948a9795) I:\WINDOWS\system32\drivers\ALCXWDM.SYS
09:45:38.0859 3468 ALCXWDM - ok
09:45:38.0875 3468 AliIde - ok
09:45:38.0890 3468 amsint - ok
09:45:38.0906 3468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) I:\WINDOWS\system32\DRIVERS\arp1394.sys
09:45:38.0906 3468 Arp1394 - ok
09:45:38.0906 3468 asc - ok
09:45:38.0921 3468 asc3350p - ok
09:45:38.0937 3468 asc3550 - ok
09:45:38.0953 3468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) I:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:45:38.0953 3468 AsyncMac - ok
09:45:38.0953 3468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) I:\WINDOWS\system32\DRIVERS\atapi.sys
09:45:38.0953 3468 atapi - ok
09:45:38.0968 3468 Atdisk - ok
09:45:39.0000 3468 Atmarpc (9916c1225104ba14794209cfa8012159) I:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:45:39.0000 3468 Atmarpc - ok
09:45:39.0015 3468 audstub (d9f724aa26c010a217c97606b160ed68) I:\WINDOWS\system32\DRIVERS\audstub.sys
09:45:39.0015 3468 audstub - ok
09:45:39.0078 3468 Beep (da1f27d85e0d1525f6621372e7b685e9) I:\WINDOWS\system32\drivers\Beep.sys
09:45:39.0078 3468 Beep - ok
09:45:39.0203 3468 catchme - ok
09:45:39.0234 3468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) I:\WINDOWS\system32\drivers\cbidf2k.sys
09:45:39.0234 3468 cbidf2k - ok
09:45:39.0234 3468 cd20xrnt - ok
09:45:39.0265 3468 Cdaudio (c1b486a7658353d33a10cc15211a873b) I:\WINDOWS\system32\drivers\Cdaudio.sys
09:45:39.0265 3468 Cdaudio - ok
09:45:39.0281 3468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) I:\WINDOWS\system32\drivers\Cdfs.sys
09:45:39.0281 3468 Cdfs - ok
09:45:39.0281 3468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) I:\WINDOWS\system32\DRIVERS\cdrom.sys
09:45:39.0281 3468 Cdrom - ok
09:45:39.0328 3468 cercsr6 (84853b3fd012251690570e9e7e43343f) I:\WINDOWS\system32\drivers\cercsr6.sys
09:45:39.0328 3468 cercsr6 - ok
09:45:39.0328 3468 Changer - ok
09:45:39.0343 3468 CmdIde - ok
09:45:39.0359 3468 Cpqarray - ok
09:45:39.0375 3468 dac2w2k - ok
09:45:39.0390 3468 dac960nt - ok
09:45:39.0390 3468 Disk (044452051f3e02e7963599fc8f4f3e25) I:\WINDOWS\system32\DRIVERS\disk.sys
09:45:39.0390 3468 Disk - ok
09:45:39.0468 3468 dmboot (d992fe1274bde0f84ad826acae022a41) I:\WINDOWS\system32\drivers\dmboot.sys
09:45:39.0484 3468 dmboot - ok
09:45:39.0484 3468 dmio (7c824cf7bbde77d95c08005717a95f6f) I:\WINDOWS\system32\drivers\dmio.sys
09:45:39.0500 3468 dmio - ok
09:45:39.0500 3468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) I:\WINDOWS\system32\drivers\dmload.sys
09:45:39.0500 3468 dmload - ok
09:45:39.0531 3468 DMusic (8a208dfcf89792a484e76c40e5f50b45) I:\WINDOWS\system32\drivers\DMusic.sys
09:45:39.0531 3468 DMusic - ok
09:45:39.0578 3468 dpti2o - ok
09:45:39.0609 3468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) I:\WINDOWS\system32\drivers\drmkaud.sys
09:45:39.0609 3468 drmkaud - ok
09:45:39.0656 3468 Fastfat (38d332a6d56af32635675f132548343e) I:\WINDOWS\system32\drivers\Fastfat.sys
09:45:39.0656 3468 Fastfat - ok
09:45:39.0687 3468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) I:\WINDOWS\system32\DRIVERS\fdc.sys
09:45:39.0687 3468 Fdc - ok
09:45:39.0718 3468 Fips (d45926117eb9fa946a6af572fbe1caa3) I:\WINDOWS\system32\drivers\Fips.sys
09:45:39.0718 3468 Fips - ok
09:45:39.0750 3468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) I:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:45:39.0750 3468 Flpydisk - ok
09:45:39.0765 3468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) I:\WINDOWS\system32\drivers\fltmgr.sys
09:45:39.0765 3468 FltMgr - ok
09:45:39.0796 3468 FsVga (455f778ee14368468560bd7cb8c854d0) I:\WINDOWS\system32\DRIVERS\fsvga.sys
09:45:39.0796 3468 FsVga - ok
09:45:39.0812 3468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) I:\WINDOWS\system32\drivers\Fs_Rec.sys
09:45:39.0812 3468 Fs_Rec - ok
09:45:39.0843 3468 Ftdisk (6ac26732762483366c3969c9e4d2259d) I:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:45:39.0843 3468 Ftdisk - ok
09:45:39.0859 3468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) I:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:45:39.0859 3468 GEARAspiWDM - ok
09:45:39.0890 3468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) I:\WINDOWS\system32\DRIVERS\msgpc.sys
09:45:39.0890 3468 Gpc - ok
09:45:39.0921 3468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) I:\WINDOWS\system32\DRIVERS\hidusb.sys
09:45:39.0921 3468 hidusb - ok
09:45:39.0937 3468 hpn - ok
09:45:40.0000 3468 HTTP (f80a415ef82cd06ffaf0d971528ead38) I:\WINDOWS\system32\Drivers\HTTP.sys
09:45:40.0000 3468 HTTP - ok
09:45:40.0015 3468 i2omgmt - ok
09:45:40.0015 3468 i2omp - ok
09:45:40.0046 3468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) I:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:45:40.0046 3468 i8042prt - ok
09:45:40.0078 3468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) I:\WINDOWS\system32\DRIVERS\imapi.sys
09:45:40.0078 3468 Imapi - ok
09:45:40.0093 3468 ini910u - ok
09:45:40.0109 3468 IntelIde - ok
09:45:40.0125 3468 intelppm (8c953733d8f36eb2133f5bb58808b66b) I:\WINDOWS\system32\DRIVERS\intelppm.sys
09:45:40.0125 3468 intelppm - ok
09:45:40.0156 3468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) I:\WINDOWS\system32\drivers\ip6fw.sys
09:45:40.0156 3468 Ip6Fw - ok
09:45:40.0187 3468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) I:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:45:40.0187 3468 IpFilterDriver - ok
09:45:40.0187 3468 IpInIp (b87ab476dcf76e72010632b5550955f5) I:\WINDOWS\system32\DRIVERS\ipinip.sys
09:45:40.0203 3468 IpInIp - ok
09:45:40.0203 3468 IpNat (cc748ea12c6effde940ee98098bf96bb) I:\WINDOWS\system32\DRIVERS\ipnat.sys
09:45:40.0203 3468 IpNat - ok
09:45:40.0218 3468 IPSec (23c74d75e36e7158768dd63d92789a91) I:\WINDOWS\system32\DRIVERS\ipsec.sys
09:45:40.0218 3468 IPSec - ok
09:45:40.0234 3468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) I:\WINDOWS\system32\DRIVERS\irenum.sys
09:45:40.0234 3468 IRENUM - ok
09:45:40.0250 3468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) I:\WINDOWS\system32\DRIVERS\isapnp.sys
09:45:40.0250 3468 isapnp - ok
09:45:40.0265 3468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) I:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:45:40.0265 3468 Kbdclass - ok
09:45:40.0281 3468 kbdhid (9ef487a186dea361aa06913a75b3fa99) I:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:45:40.0281 3468 kbdhid - ok
09:45:40.0312 3468 kmixer (692bcf44383d056aed41b045a323d378) I:\WINDOWS\system32\drivers\kmixer.sys
09:45:40.0312 3468 kmixer - ok
09:45:40.0343 3468 KSecDD (b467646c54cc746128904e1654c750c1) I:\WINDOWS\system32\drivers\KSecDD.sys
09:45:40.0343 3468 KSecDD - ok
09:45:40.0359 3468 lbrtfdc - ok
09:45:40.0390 3468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) I:\WINDOWS\system32\drivers\mnmdd.sys
09:45:40.0390 3468 mnmdd - ok
09:45:40.0406 3468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) I:\WINDOWS\system32\drivers\Modem.sys
09:45:40.0406 3468 Modem - ok
09:45:40.0421 3468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) I:\WINDOWS\system32\DRIVERS\mouclass.sys
09:45:40.0421 3468 Mouclass - ok
09:45:40.0468 3468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) I:\WINDOWS\system32\DRIVERS\mouhid.sys
09:45:40.0468 3468 mouhid - ok
09:45:40.0468 3468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) I:\WINDOWS\system32\drivers\MountMgr.sys
09:45:40.0468 3468 MountMgr - ok
09:45:40.0500 3468 MpFilter (fee0baded54222e9f1dae9541212aab1) I:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:45:40.0500 3468 MpFilter - ok
09:45:40.0593 3468 MpKsl5d3036c7 (5f53edfead46fa7adb78eee9ecce8fdf) i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70B5F00D-8EBB-4103-AC0A-9F2B26C87F4F}\MpKsl5d3036c7.sys
09:45:40.0593 3468 MpKsl5d3036c7 - ok
09:45:40.0656 3468 MpKsle9a3e33b (5f53edfead46fa7adb78eee9ecce8fdf) i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70B5F00D-8EBB-4103-AC0A-9F2B26C87F4F}\MpKsle9a3e33b.sys
09:45:40.0656 3468 MpKsle9a3e33b - ok
09:45:40.0671 3468 mraid35x - ok
09:45:40.0703 3468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) I:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:45:40.0703 3468 MRxDAV - ok
09:45:40.0734 3468 MRxSmb (f3aefb11abc521122b67095044169e98) I:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:45:40.0750 3468 MRxSmb - ok
09:45:40.0781 3468 Msfs (c941ea2454ba8350021d774daf0f1027) I:\WINDOWS\system32\drivers\Msfs.sys
09:45:40.0781 3468 Msfs - ok
09:45:40.0812 3468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) I:\WINDOWS\system32\drivers\MSKSSRV.sys
09:45:40.0812 3468 MSKSSRV - ok
09:45:40.0828 3468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) I:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:45:40.0828 3468 MSPCLOCK - ok
09:45:40.0859 3468 MSPQM (bad59648ba099da4a17680b39730cb3d) I:\WINDOWS\system32\drivers\MSPQM.sys
09:45:40.0859 3468 MSPQM - ok
09:45:40.0875 3468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) I:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:45:40.0875 3468 mssmbios - ok
09:45:40.0906 3468 Mup (2f625d11385b1a94360bfc70aaefdee1) I:\WINDOWS\system32\drivers\Mup.sys
09:45:40.0906 3468 Mup - ok
09:45:40.0921 3468 NDIS (1df7f42665c94b825322fae71721130d) I:\WINDOWS\system32\drivers\NDIS.sys
09:45:40.0921 3468 NDIS - ok
09:45:40.0953 3468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) I:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:45:40.0953 3468 NdisTapi - ok
09:45:40.0968 3468 Ndisuio (f927a4434c5028758a842943ef1a3849) I:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:45:40.0968 3468 Ndisuio - ok
09:45:40.0984 3468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) I:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:45:40.0984 3468 NdisWan - ok
09:45:41.0015 3468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) I:\WINDOWS\system32\drivers\NDProxy.sys
09:45:41.0015 3468 NDProxy - ok
09:45:41.0062 3468 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) I:\WINDOWS\system32\DRIVERS\netaapl.sys
09:45:41.0062 3468 Netaapl - ok
09:45:41.0062 3468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) I:\WINDOWS\system32\DRIVERS\netbios.sys
09:45:41.0078 3468 NetBIOS - ok
09:45:41.0109 3468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) I:\WINDOWS\system32\DRIVERS\netbt.sys
09:45:41.0109 3468 NetBT - ok
09:45:41.0156 3468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) I:\WINDOWS\system32\DRIVERS\nic1394.sys
09:45:41.0156 3468 NIC1394 - ok
09:45:41.0156 3468 Npfs (3182d64ae053d6fb034f44b6def8034a) I:\WINDOWS\system32\drivers\Npfs.sys
09:45:41.0156 3468 Npfs - ok
09:45:41.0203 3468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) I:\WINDOWS\system32\drivers\Ntfs.sys
09:45:41.0203 3468 Ntfs - ok
09:45:41.0218 3468 Null (73c1e1f395918bc2c6dd67af7591a3ad) I:\WINDOWS\system32\drivers\Null.sys
09:45:41.0218 3468 Null - ok
09:45:41.0343 3468 nv (ba1b732c1a70cfea0c1b64f2850bf44f) I:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:45:41.0406 3468 nv - ok
09:45:41.0406 3468 nvatabus (52b64661469fa11e51c006099b251fa7) I:\WINDOWS\system32\drivers\nvatabus.sys
09:45:41.0406 3468 nvatabus - ok
09:45:41.0437 3468 NVENETFD (2f4ca0052a50d122b9f0a2efa52dfa67) I:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:45:41.0437 3468 NVENETFD - ok
09:45:41.0500 3468 nvnetbus (197779dde275445ab253667832120ea7) I:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:45:41.0500 3468 nvnetbus - ok
09:45:41.0500 3468 nvraid (9ca8859ca78eeb39ed3346a7bc89057b) I:\WINDOWS\system32\drivers\nvraid.sys
09:45:41.0500 3468 nvraid - ok
09:45:41.0562 3468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) I:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:45:41.0562 3468 NwlnkFlt - ok
09:45:41.0578 3468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) I:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:45:41.0578 3468 NwlnkFwd - ok
09:45:41.0593 3468 ohci1394 (ca33832df41afb202ee7aeb05145922f) I:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:45:41.0593 3468 ohci1394 - ok
09:45:41.0625 3468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) I:\WINDOWS\system32\drivers\Parport.sys
09:45:41.0625 3468 Parport - ok
09:45:41.0640 3468 PartMgr (beb3ba25197665d82ec7065b724171c6) I:\WINDOWS\system32\drivers\PartMgr.sys
09:45:41.0640 3468 PartMgr - ok
09:45:41.0671 3468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) I:\WINDOWS\system32\drivers\ParVdm.sys
09:45:41.0671 3468 ParVdm - ok
09:45:41.0687 3468 PCI (a219903ccf74233761d92bef471a07b1) I:\WINDOWS\system32\DRIVERS\pci.sys
09:45:41.0687 3468 PCI - ok
09:45:41.0687 3468 PCIDump - ok
09:45:41.0703 3468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) I:\WINDOWS\system32\DRIVERS\pciide.sys
09:45:41.0703 3468 PCIIde - ok
09:45:41.0734 3468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) I:\WINDOWS\system32\drivers\Pcmcia.sys
09:45:41.0734 3468 Pcmcia - ok
09:45:41.0750 3468 PDCOMP - ok
09:45:41.0750 3468 PDFRAME - ok
09:45:41.0765 3468 PDRELI - ok
09:45:41.0765 3468 PDRFRAME - ok
09:45:41.0781 3468 perc2 - ok
09:45:41.0796 3468 perc2hib - ok
09:45:41.0843 3468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) I:\WINDOWS\system32\DRIVERS\raspptp.sys
09:45:41.0843 3468 PptpMiniport - ok
09:45:41.0859 3468 PSched (09298ec810b07e5d582cb3a3f9255424) I:\WINDOWS\system32\DRIVERS\psched.sys
09:45:41.0859 3468 PSched - ok
09:45:41.0875 3468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) I:\WINDOWS\system32\DRIVERS\ptilink.sys
09:45:41.0875 3468 Ptilink - ok
09:45:41.0875 3468 ql1080 - ok
09:45:41.0890 3468 Ql10wnt - ok
09:45:41.0906 3468 ql12160 - ok
09:45:41.0906 3468 ql1240 - ok
09:45:41.0921 3468 ql1280 - ok
09:45:41.0953 3468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) I:\WINDOWS\system32\DRIVERS\rasacd.sys
09:45:41.0953 3468 RasAcd - ok
09:45:41.0968 3468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) I:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:45:41.0968 3468 Rasl2tp - ok
09:45:41.0984 3468 RasPppoe (5bc962f2654137c9909c3d4603587dee) I:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:45:41.0984 3468 RasPppoe - ok
09:45:41.0984 3468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) I:\WINDOWS\system32\DRIVERS\raspti.sys
09:45:41.0984 3468 Raspti - ok
09:45:42.0015 3468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) I:\WINDOWS\system32\DRIVERS\rdbss.sys
09:45:42.0015 3468 Rdbss - ok
09:45:42.0015 3468 RDPCDD (4912d5b403614ce99c28420f75353332) I:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:45:42.0031 3468 RDPCDD - ok
09:45:42.0046 3468 rdpdr (15cabd0f7c00c47c70124907916af3f1) I:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:45:42.0046 3468 rdpdr - ok
09:45:42.0093 3468 RDPWD (6728e45b66f93c08f11de2e316fc70dd) I:\WINDOWS\system32\drivers\RDPWD.sys
09:45:42.0093 3468 RDPWD - ok
09:45:42.0125 3468 redbook (f828dd7e1419b6653894a8f97a0094c5) I:\WINDOWS\system32\DRIVERS\redbook.sys
09:45:42.0125 3468 redbook - ok
09:45:42.0234 3468 SASDIFSV (39763504067962108505bff25f024345) I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:45:42.0234 3468 SASDIFSV - ok
09:45:42.0265 3468 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:45:42.0265 3468 SASKUTIL - ok
09:45:42.0328 3468 Secdrv (90a3935d05b494a5a39d37e71f09a677) I:\WINDOWS\system32\DRIVERS\secdrv.sys
09:45:42.0328 3468 Secdrv - ok
09:45:42.0359 3468 serenum (0f29512ccd6bead730039fb4bd2c85ce) I:\WINDOWS\system32\DRIVERS\serenum.sys
09:45:42.0359 3468 serenum - ok
09:45:42.0375 3468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) I:\WINDOWS\system32\DRIVERS\serial.sys
09:45:42.0375 3468 Serial - ok
09:45:42.0421 3468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) I:\WINDOWS\system32\drivers\Sfloppy.sys
09:45:42.0421 3468 Sfloppy - ok
09:45:42.0437 3468 Simbad - ok
09:45:42.0437 3468 Sparrow - ok
09:45:42.0468 3468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) I:\WINDOWS\system32\drivers\splitter.sys
09:45:42.0468 3468 splitter - ok
09:45:42.0484 3468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) I:\WINDOWS\system32\DRIVERS\sr.sys
09:45:42.0484 3468 sr - ok
09:45:42.0562 3468 Srv (0f6aefad3641a657e18081f52d0c15af) I:\WINDOWS\system32\DRIVERS\srv.sys
09:45:42.0562 3468 Srv - ok
09:45:42.0578 3468 swenum (3941d127aef12e93addf6fe6ee027e0f) I:\WINDOWS\system32\DRIVERS\swenum.sys
09:45:42.0578 3468 swenum - ok
09:45:42.0593 3468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) I:\WINDOWS\system32\drivers\swmidi.sys
09:45:42.0593 3468 swmidi - ok
09:45:42.0609 3468 symc810 - ok
09:45:42.0625 3468 symc8xx - ok
09:45:42.0640 3468 sym_hi - ok
09:45:42.0640 3468 sym_u3 - ok
09:45:42.0656 3468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) I:\WINDOWS\system32\drivers\sysaudio.sys
09:45:42.0656 3468 sysaudio - ok
09:45:42.0703 3468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) I:\WINDOWS\system32\DRIVERS\tcpip.sys
09:45:42.0703 3468 Tcpip - ok
09:45:42.0718 3468 TDPIPE (6471a66807f5e104e4885f5b67349397) I:\WINDOWS\system32\drivers\TDPIPE.sys
09:45:42.0718 3468 TDPIPE - ok
09:45:42.0750 3468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) I:\WINDOWS\system32\drivers\TDTCP.sys
09:45:42.0750 3468 TDTCP - ok
09:45:42.0781 3468 TermDD (88155247177638048422893737429d9e) I:\WINDOWS\system32\DRIVERS\termdd.sys
09:45:42.0781 3468 TermDD - ok
09:45:42.0796 3468 TosIde - ok
09:45:42.0828 3468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) I:\WINDOWS\system32\drivers\Udfs.sys
09:45:42.0828 3468 Udfs - ok
09:45:42.0843 3468 ultra - ok
09:45:42.0875 3468 Update (402ddc88356b1bac0ee3dd1580c76a31) I:\WINDOWS\system32\DRIVERS\update.sys
09:45:42.0890 3468 Update - ok
09:45:42.0953 3468 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) I:\WINDOWS\system32\Drivers\usbaapl.sys
09:45:42.0953 3468 USBAAPL - ok
09:45:42.0968 3468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) I:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:45:42.0968 3468 usbccgp - ok
09:45:43.0000 3468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) I:\WINDOWS\system32\DRIVERS\usbehci.sys
09:45:43.0000 3468 usbehci - ok
09:45:43.0015 3468 usbhub (1ab3cdde553b6e064d2e754efe20285c) I:\WINDOWS\system32\DRIVERS\usbhub.sys
09:45:43.0015 3468 usbhub - ok
09:45:43.0015 3468 usbohci (0daecce65366ea32b162f85f07c6753b) I:\WINDOWS\system32\DRIVERS\usbohci.sys
09:45:43.0015 3468 usbohci - ok
09:45:43.0062 3468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) I:\WINDOWS\system32\DRIVERS\usbscan.sys
09:45:43.0062 3468 usbscan - ok
09:45:43.0078 3468 usbstor (a32426d9b14a089eaa1d922e0c5801a9) I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:45:43.0078 3468 usbstor - ok
09:45:43.0078 3468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) I:\WINDOWS\System32\drivers\vga.sys
09:45:43.0093 3468 VgaSave - ok
09:45:43.0093 3468 ViaIde - ok
09:45:43.0109 3468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) I:\WINDOWS\system32\drivers\VolSnap.sys
09:45:43.0109 3468 VolSnap - ok
09:45:43.0140 3468 Wanarp (e20b95baedb550f32dd489265c1da1f6) I:\WINDOWS\system32\DRIVERS\wanarp.sys
09:45:43.0140 3468 Wanarp - ok
09:45:43.0203 3468 Wdf01000 (d918617b46457b9ac28027722e30f647) I:\WINDOWS\system32\Drivers\wdf01000.sys
09:45:43.0218 3468 Wdf01000 - ok
09:45:43.0218 3468 WDICA - ok
09:45:43.0250 3468 wdmaud (6768acf64b18196494413695f0c3a00f) I:\WINDOWS\system32\drivers\wdmaud.sys
09:45:43.0250 3468 wdmaud - ok
09:45:43.0343 3468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:45:43.0453 3468 \Device\Harddisk0\DR0 - ok
09:45:43.0453 3468 Boot (0x1200) (2806f945d6f433d78e26a73d28f3d2f4) \Device\Harddisk0\DR0\Partition0
09:45:43.0453 3468 \Device\Harddisk0\DR0\Partition0 - ok
09:45:43.0468 3468 ============================================================
09:45:43.0468 3468 Scan finished
09:45:43.0468 3468 ============================================================
09:45:43.0484 2752 Detected object count: 0
09:45:43.0484 2752 Actual detected object count: 0
09:45:46.0265 3004 Deinitialize success
  • 0

#8
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-18 09:45:57
-----------------------------
09:45:57.000 OS Version: Windows 5.1.2600 Service Pack 3
09:45:57.000 Number of processors: 2 586 0x404
09:45:57.000 ComputerName: HARBOURSIDEXPS UserName: Administrator
09:45:57.484 Initialize success
09:46:26.593 Service scanning
09:46:26.921 Service MpKsl5d3036c7 i:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70B5F00D-8EBB-4103-AC0A-9F2B26C87F4F}\MpKsl5d3036c7.sys **LOCKED** 32
09:46:27.515 Modules scanning
09:46:30.671 Scan finished successfully
09:46:45.000 The log file has been saved successfully to "I:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Did you not get an Extras Log when you ran OTL? Did you click on the All option in the Extra Registry group before hitting SCAN?

Since MSSE is not finding the problem let's see if we can get the free Avast to run.

Download and Save the free Avast installer.
http://www.avast.com...ivirus-download

Normally I would have you remove MSSE first but I want to make sure you can install Avast first so Pause MSSE and then Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.) If it works and is able to update then uninstall MSSE. Click on the Avast ball. Then click on Scan Computer, then on Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
If it found anything, See if you can find aswboot.txt in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\ and copy and paste it into a reply.

Let's also check with GMER and Rootkit revealer:

Download GMER from http://www.gmer.net/download.php Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingcomputer.com/forums/topic114351.html to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.


We Need to check for Rootkits with RootRepeal

[*]Extract RootRepeal.exe from the archive.
Right click on rootrepeal.zip and Extract All. Then move to the folder it created and find rootrepeal.exe and run it.
[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Ron
  • 0

#10
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
sorry i didn't click on all option. Ran OTL again.

OTL Extras logfile created on: 2011/11/18 12:04:23 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/M/d

1.75 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 34.63% Memory free
3.47 Gb Paging File | 2.36 Gb Available in Paging File | 67.89% Paging File free
Paging file location(s): I:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 298.01 Gb Total Space | 118.18 Gb Free Space | 39.66% Space Free | Partition Type: NTFS

Computer Name: HARBOURSIDEXPS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- I:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- I:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- I:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- I:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- I:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- I:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- I:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- I:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- I:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "I:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "I:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "I:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "I:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "I:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe I:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "I:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF1D5FEC-D67C-43C8-9230-41F5DF350196}" = MetaFrame Presentation Server Client
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Revo Uninstaller" = Revo Uninstaller 1.87
"SystemRequirementsLab" = System Requirements Lab
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010/9/8 6:17:19 PM | Computer Name = HARBOURSIDEXPS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2010/9/8 6:29:46 PM | Computer Name = HARBOURSIDEXPS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.46.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2010/9/9 7:02:05 PM | Computer Name = HARBOURSIDEXPS | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x0001fffe.

Error - 2010/9/9 7:17:47 PM | Computer Name = HARBOURSIDEXPS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 2010/9/9 7:17:51 PM | Computer Name = HARBOURSIDEXPS | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.46.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2010/10/7 1:59:14 PM | Computer Name = HARBOURSIDEXPS | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.43.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2010/10/7 1:59:15 PM | Computer Name = HARBOURSIDEXPS | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.43.0.1000, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2010/11/1 3:53:16 PM | Computer Name = HARBOURSIDEXPS | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 9.2.0.124, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011/3/7 1:45:52 PM | Computer Name = HARBOURSIDEXPS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4066, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2011/3/7 1:45:54 PM | Computer Name = HARBOURSIDEXPS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4066, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

[ System Events ]
Error - 2011/11/18 1:43:38 PM | Computer Name = HARBOURSIDEXPS | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 2011/11/18 1:51:57 PM | Computer Name = HARBOURSIDEXPS | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2011/11/18 1:52:03 PM | Computer Name = HARBOURSIDEXPS | Source = nvraid | ID = 262155
Description = The driver detected a controller error on .

Error - 2011/11/18 2:01:51 PM | Computer Name = HARBOURSIDEXPS | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2011/11/18 2:02:21 PM | Computer Name = HARBOURSIDEXPS | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 2011/11/18 2:02:21 PM | Computer Name = HARBOURSIDEXPS | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2011/11/18 2:02:51 PM | Computer Name = HARBOURSIDEXPS | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 2011/11/18 2:02:51 PM | Computer Name = HARBOURSIDEXPS | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 2011/11/18 4:07:11 PM | Computer Name = HARBOURSIDEXPS | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 2011/11/18 4:07:41 PM | Computer Name = HARBOURSIDEXPS | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.



Copy the text in the code box:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
wuauserv.dll
DMIcall.sys
beep.sys
Netshell.dll
netcfgx.dll
Netman.dll
connect.dll
mswsock.dll
mmswsock.dll 
/md5stop
mdnsNSP.dll

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#12
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Avast didn't find anything.

I get BSOD running rootrepeal. Error: nvraid.sys
  • 0

#13
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-18 14:48:30
Windows 5.1.2600 Service Pack 3
Running: fmf7xn83.exe; Driver: I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kgryifob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB08CB374]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB09322B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB08EF829]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB08CD996]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB08CD9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB08CDB04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB08EF1DD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB08CD8EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB08CDA3E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB08CD940]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB08CDAB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB08CB398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB08EFEEF]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB08F01A5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB08CDD88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB08EFD5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB08EFBC5]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB0932368]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB08CB162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB08CB3BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB08CDEFC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB08CBE54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB08CD9C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB08CDA16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB08CDB2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB08EF539]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB08CD918]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB08CDBC0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB08CDA7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB08CD96E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB08CDCA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB08CDADC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB0932400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB08EFA40]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB08CBD1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB08EF892]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB093A6E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB08EE850]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB08CB3E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB08CB404]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB08CB1BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB08CB2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB08EFFF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB08CB2D4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB08CB31C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB08CB428]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB09479A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes CALL CB28F843
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B08CC4AF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B09433DE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B0944E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 2 Bytes JMP B09479AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx + 3 805D117D 4 Bytes [37, 30, CC, CC] {AAA ; XOR AH, CL; INT 3 }
.text I:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB712F360, 0x24BB1D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP B08CEE48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF81395C 5 Bytes JMP B08CED54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7690 BF823FF7 5 Bytes JMP B08CE0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 118C2 BF839930 5 Bytes JMP B08CE326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 1194D BF8399BB 5 Bytes JMP B08CE4CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 33C8 BF83D961 5 Bytes JMP B08CE016 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF847820 5 Bytes JMP B08CEFB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3A66 BF84ABEE 5 Bytes JMP B08CF1BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1DB5 BF85352E 5 Bytes JMP B08CECC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3629 BF8578AB 5 Bytes JMP B08CDFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + A0E7 BF85E369 5 Bytes JMP B08CED7E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF861C8A 5 Bytes JMP B08CF118 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF87C6BE 5 Bytes JMP B08CE4A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 9219 BF8B0165 5 Bytes JMP B08CE14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + ABB BF8B9773 5 Bytes JMP B08CEEFA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 4CA2 BF8C3290 5 Bytes JMP B08CE1E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB8E7 5 Bytes JMP B08CE254 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBB67 5 Bytes JMP B08CE28E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F99C1 5 Bytes JMP B08CDF32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A0A BF913BA8 5 Bytes JMP B08CE096 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25DE BF91477C 5 Bytes JMP B08CE1AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F3D BF9170DB 5 Bytes JMP B08CE5E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 190E BF9454A3 5 Bytes JMP B08CF070 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\WINDOWS\system32\nvsvc32.exe[324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text I:\WINDOWS\system32\nvsvc32.exe[324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\nvsvc32.exe[324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text I:\WINDOWS\system32\nvsvc32.exe[324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\nvsvc32.exe[324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text I:\WINDOWS\system32\nvsvc32.exe[324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text I:\WINDOWS\system32\nvsvc32.exe[324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text I:\WINDOWS\system32\nvsvc32.exe[324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text I:\WINDOWS\system32\nvsvc32.exe[324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\WINDOWS\system32\nvsvc32.exe[324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[440] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\System32\svchost.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\System32\svchost.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\System32\svchost.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\System32\svchost.exe[532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\System32\svchost.exe[532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\System32\svchost.exe[532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\System32\svchost.exe[532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Program Files\Java\jre6\bin\jqs.exe[564] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\WINDOWS\System32\smss.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\svchost.exe[688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\WINDOWS\system32\svchost.exe[688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\WINDOWS\system32\svchost.exe[688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\WINDOWS\system32\svchost.exe[688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\WINDOWS\system32\svchost.exe[688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\System32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\System32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\System32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\System32\svchost.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\System32\svchost.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\System32\svchost.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\System32\svchost.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\System32\svchost.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\System32\svchost.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\System32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\Explorer.EXE[1088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\Explorer.EXE[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\Explorer.EXE[1088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\Explorer.EXE[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\Explorer.EXE[1088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\WINDOWS\Explorer.EXE[1088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\WINDOWS\Explorer.EXE[1088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\WINDOWS\Explorer.EXE[1088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\WINDOWS\Explorer.EXE[1088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\WINDOWS\Explorer.EXE[1088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\spoolsv.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\spoolsv.exe[1572] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\spoolsv.exe[1572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\spoolsv.exe[1572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\svchost.exe[1804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\svchost.exe[1804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\svchost.exe[1804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text I:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1852] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Program Files\Bonjour\mDNSResponder.exe[1884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\WINDOWS\system32\csrss.exe[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\csrss.exe[1956] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\winlogon.exe[1980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text I:\WINDOWS\system32\winlogon.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\winlogon.exe[1980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text I:\WINDOWS\system32\winlogon.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\winlogon.exe[1980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\winlogon.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\winlogon.exe[1980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\winlogon.exe[1980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\winlogon.exe[1980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\winlogon.exe[1980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\services.exe[2024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\services.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\services.exe[2024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\services.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\services.exe[2024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\services.exe[2024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\services.exe[2024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\services.exe[2024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\services.exe[2024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\services.exe[2024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\lsass.exe[2036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\system32\lsass.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\lsass.exe[2036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\system32\lsass.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text I:\WINDOWS\system32\lsass.exe[2036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text I:\WINDOWS\system32\lsass.exe[2036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\lsass.exe[2036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\lsass.exe[2036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\lsass.exe[2036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\lsass.exe[2036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\WINDOWS\System32\alg.exe[2604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text I:\WINDOWS\System32\alg.exe[2604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\System32\alg.exe[2604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text I:\WINDOWS\System32\alg.exe[2604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\System32\alg.exe[2604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text I:\WINDOWS\System32\alg.exe[2604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text I:\WINDOWS\System32\alg.exe[2604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text I:\WINDOWS\System32\alg.exe[2604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text I:\WINDOWS\System32\alg.exe[2604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\System32\alg.exe[2604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\WINDOWS\system32\NOTEPAD.EXE[2756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text I:\WINDOWS\system32\ctfmon.exe[2916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text I:\WINDOWS\system32\ctfmon.exe[2916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\WINDOWS\system32\ctfmon.exe[2916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text I:\WINDOWS\system32\ctfmon.exe[2916] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text I:\WINDOWS\system32\ctfmon.exe[2916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text I:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text I:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text I:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text I:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text I:\WINDOWS\system32\ctfmon.exe[2916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001801F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001803FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00521014
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00520804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00520A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00520C0C
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00520E10
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005201F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005203FC
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00520600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00530804
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00530A08
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00530600
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005301F8
.text I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005303FC
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA0804
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AA0A08
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0600
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AA01F8
.text I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe[3984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AA03FC
.text I:\Program Files\AVAST Software\Avast\AvastUI.exe[4068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text I:\Program Files\AVAST Software\Avast\AvastUI.exe[4068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[300] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[756] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002A0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1016] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1744] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\WINDOWS\system32\services.exe[2024] @ I:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00610002
IAT I:\WINDOWS\system32\services.exe[2024] @ I:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00610000
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3020] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3056] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3060] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3100] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3152] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3248] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002A0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3340] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002A0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3592] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3632] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3640] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3876] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002F0010
IAT I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3960] @ I:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002E0010

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
  • 0

#14
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL logfile created on: 2011/11/18 2:58:04 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/M/d

1.75 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 36.46% Memory free
3.47 Gb Paging File | 2.38 Gb Available in Paging File | 68.51% Paging File free
Paging file location(s): I:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 298.01 Gb Total Space | 118.15 Gb Free Space | 39.65% Space Free | Partition Type: NTFS

Computer Name: HARBOURSIDEXPS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - I:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - I:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - I:\Program Files\AVAST Software\Avast\defs\11111801\algo.dll ()
MOD - I:\Program Files\AVAST Software\Avast\defs\11111801\aswRep.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()
MOD - I:\WINDOWS\system32\nvapi.dll ()
MOD - I:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (wuauserv) -- File not found
SRV - (!SASCORE) -- I:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avast! Antivirus) -- I:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- I:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (aswSnx) -- I:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- I:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- I:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- I:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- I:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- I:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- I:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (Netaapl) -- I:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (nvnetbus) -- I:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- I:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvatabus) -- I:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- I:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (FsVga) -- I:\WINDOWS\system32\drivers\fsvga.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems:

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: I:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: I:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/18 12:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/05/04 14:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/03/24 12:56:07 | 000,000,000 | ---D | M]

[2010/04/22 08:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/22 08:30:39 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/09/27 15:28:51 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions
[2011/09/27 15:28:51 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- I:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6zb9x1bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/18 09:32:19 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- I:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 14:59:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = i:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = I:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = I:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ConduitChromeApi (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\2.4.0.4_0\js/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = I:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = I:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = I:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = I:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = I:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Mapit 1 = I:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\2.4.0.4_0\

O1 HOSTS File: ([2011/11/18 09:32:20 | 000,000,098 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast] I:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IMEKRMIG6.1] I:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] I:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSPY2002] I:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] I:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] I:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] I:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTDCPL] I:\WINDOWS\System32\RTDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272489429046 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B6702D-F18F-4D62-BD08-587DE9A03198}: NameServer = 216.251.128.8,216.251.128.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - I:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: I:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 14:56:40 | 001,036,344 | ---- | C] (Google Inc.) -- I:\Documents and Settings\Administrator\Desktop\Unconfirmed 86330.crdownload
[2011/11/18 14:49:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\RootRepeal
[2011/11/18 12:09:03 | 000,000,000 | -HSD | C] -- I:\Config.Msi
[2011/11/18 12:05:57 | 000,320,856 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/18 12:05:57 | 000,020,568 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/18 12:05:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/11/18 12:05:56 | 000,442,200 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/18 12:05:56 | 000,110,552 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/18 12:05:56 | 000,104,536 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/18 12:05:56 | 000,052,568 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/18 12:05:56 | 000,034,392 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/18 12:05:56 | 000,030,808 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/18 12:05:46 | 000,199,304 | ---- | C] (AVAST Software) -- I:\WINDOWS\System32\aswBoot.exe
[2011/11/18 12:05:46 | 000,041,184 | ---- | C] (AVAST Software) -- I:\WINDOWS\avastSS.scr
[2011/11/18 12:05:35 | 000,000,000 | ---D | C] -- I:\Program Files\AVAST Software
[2011/11/18 12:05:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/18 12:00:39 | 000,000,000 | -HSD | C] -- I:\RECYCLER
[2011/11/18 09:38:59 | 001,916,416 | ---- | C] (AVAST Software) -- I:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/11/18 09:38:34 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/11/16 11:32:33 | 001,036,344 | ---- | C] (Google Inc.) -- I:\Documents and Settings\Administrator\Desktop\chrome.exe
[2011/11/14 08:04:20 | 000,000,000 | ---D | C] -- I:\Program Files\Apple Software Update
[2011/11/13 08:44:33 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/10 13:50:10 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2011/11/10 13:50:10 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2011/11/10 13:50:10 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2011/11/10 13:50:10 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2011/11/10 13:48:25 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/11/10 13:48:21 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Administrator\My Documents\My Videos
[2011/11/10 13:46:57 | 004,289,249 | R--- | C] (Swearware) -- I:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/10 13:39:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\sreng2
[2011/11/10 13:28:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/08 14:08:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\xp_fileassoc
[2011/11/08 10:40:50 | 000,116,224 | ---- | C] (Xerox) -- I:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/11/08 10:40:47 | 000,023,040 | ---- | C] (Xerox Corporation) -- I:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/11/08 10:40:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\xrxflnch.exe
[2011/11/08 10:40:22 | 000,099,865 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\xlog.exe
[2011/11/08 10:40:18 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- I:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/11/08 10:40:16 | 000,019,455 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wvchntxx.sys
[2011/11/08 10:40:14 | 000,019,200 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/11/08 10:40:12 | 000,012,063 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wsiintxx.sys
[2011/11/08 10:40:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wshirda.dll
[2011/11/08 10:40:00 | 000,008,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wmiacpi.sys
[2011/11/08 10:39:58 | 000,154,624 | ---- | C] (Lucent Technologies) -- I:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/11/08 10:39:55 | 000,034,890 | ---- | C] (Raytheon Corp.) -- I:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/11/08 10:39:47 | 000,771,581 | ---- | C] (Rockwell) -- I:\WINDOWS\System32\dllcache\winacisa.sys
[2011/11/08 10:39:42 | 000,053,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wiamsmud.dll
[2011/11/08 10:39:38 | 000,087,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2011/11/08 10:39:32 | 000,701,386 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\wdhaalba.sys
[2011/11/08 10:39:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\wceusbsh.sys
[2011/11/08 10:39:32 | 000,023,615 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wch7xxnt.sys
[2011/11/08 10:39:28 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- I:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/11/08 10:39:26 | 000,033,599 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\watv04nt.sys
[2011/11/08 10:39:25 | 000,019,551 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\watv02nt.sys
[2011/11/08 10:39:24 | 000,029,311 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\watv01nt.sys
[2011/11/08 10:39:21 | 000,012,127 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wadv02nt.sys
[2011/11/08 10:39:21 | 000,011,775 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wadv05nt.sys
[2011/11/08 10:39:20 | 000,012,415 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\wadv01nt.sys
[2011/11/08 10:39:16 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w940nd.sys
[2011/11/08 10:39:12 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w926nd.sys
[2011/11/08 10:39:09 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- I:\WINDOWS\System32\dllcache\w840nd.sys
[2011/11/08 10:39:03 | 000,064,605 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\vvoice.sys
[2011/11/08 10:38:59 | 000,397,502 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/11/08 10:38:55 | 000,604,253 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\vmodem.sys
[2011/11/08 10:38:51 | 000,249,402 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\vinwm.sys
[2011/11/08 10:38:47 | 000,024,576 | ---- | C] (VIA Technologies, Inc.) -- I:\WINDOWS\System32\dllcache\viairda.sys
[2011/11/08 10:38:46 | 000,005,376 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\viaide.sys
[2011/11/08 10:38:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/11/08 10:38:39 | 000,687,999 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2011/11/08 10:38:35 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usrti.sys
[2011/11/08 10:38:31 | 000,113,762 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usrpda.sys
[2011/11/08 10:38:28 | 000,007,556 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usroslba.sys
[2011/11/08 10:38:23 | 000,224,802 | ---- | C] (U.S. Robotics Corporation) -- I:\WINDOWS\System32\dllcache\usr1807a.sys
[2011/11/08 10:38:20 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/11/08 10:38:16 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1806.sys
[2011/11/08 10:38:12 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- I:\WINDOWS\System32\dllcache\usr1801.sys
[2011/11/08 10:38:11 | 000,020,608 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbuhci.sys
[2011/11/08 10:38:10 | 000,026,112 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbser.sys
[2011/11/08 10:38:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbprint.sys
[2011/11/08 10:38:08 | 000,060,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\usbaudio.sys
[2011/11/08 10:38:07 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- I:\WINDOWS\System32\dllcache\usb101et.sys
[2011/11/08 10:38:02 | 000,094,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxud32.dll
[2011/11/08 10:37:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxu40.dll
[2011/11/08 10:37:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxu22.dll
[2011/11/08 10:37:51 | 000,069,632 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxu12.dll
[2011/11/08 10:37:48 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- I:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/11/08 10:37:45 | 000,022,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxpcls.sys
[2011/11/08 10:37:41 | 000,050,176 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxp60.dll
[2011/11/08 10:37:38 | 000,047,616 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\umaxcam.dll
[2011/11/08 10:37:34 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- I:\WINDOWS\System32\dllcache\um54scan.dll
[2011/11/08 10:37:31 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- I:\WINDOWS\System32\dllcache\um34scan.dll
[2011/11/08 10:37:27 | 000,036,736 | ---- | C] (Promise Technology, Inc.) -- I:\WINDOWS\System32\dllcache\ultra.sys
[2011/11/08 10:37:23 | 000,011,520 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\twotrack.sys
[2011/11/08 10:37:17 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/11/08 10:37:13 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridxp.dll
[2011/11/08 10:37:10 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/11/08 10:37:06 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tridkb.dll
[2011/11/08 10:37:03 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/11/08 10:36:59 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\trid3d.dll
[2011/11/08 10:36:55 | 000,034,375 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\tpro4.sys
[2011/11/08 10:36:52 | 000,042,496 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\tp4res.dll
[2011/11/08 10:36:51 | 000,082,944 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\tp4mon.exe
[2011/11/08 10:36:48 | 000,031,744 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\tp4.dll
[2011/11/08 10:36:44 | 000,004,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\toside.sys
[2011/11/08 10:36:40 | 000,230,912 | ---- | C] (Toshiba Corporation) -- I:\WINDOWS\System32\dllcache\tosdvd03.sys
[2011/11/08 10:36:37 | 000,241,664 | ---- | C] (Toshiba Corporation) -- I:\WINDOWS\System32\dllcache\tosdvd02.sys
[2011/11/08 10:36:33 | 000,028,232 | ---- | C] (TOSHIBA Corporation) -- I:\WINDOWS\System32\dllcache\tos4mo.sys
[2011/11/08 10:36:29 | 000,123,995 | ---- | C] (Tiger Jet Network) -- I:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/11/08 10:36:24 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/11/08 10:36:20 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/11/08 10:36:19 | 000,149,376 | ---- | C] (M-Systems) -- I:\WINDOWS\System32\dllcache\tffsport.sys
[2011/11/08 10:36:15 | 000,017,129 | ---- | C] (TDK Corporation) -- I:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/11/08 10:36:11 | 000,037,961 | ---- | C] (TDK Corporation) -- I:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/11/08 10:36:06 | 000,030,464 | ---- | C] (Toshiba Corporation) -- I:\WINDOWS\System32\dllcache\tbatm155.sys
[2011/11/08 10:36:02 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\tandqic.sys
[2011/11/08 10:35:59 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/11/08 10:35:56 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- I:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/11/08 10:35:51 | 000,032,640 | ---- | C] (LSI Logic) -- I:\WINDOWS\System32\dllcache\symc8xx.sys
[2011/11/08 10:35:48 | 000,016,256 | ---- | C] (Symbios Logic Inc.) -- I:\WINDOWS\System32\dllcache\symc810.sys
[2011/11/08 10:35:44 | 000,030,688 | ---- | C] (LSI Logic) -- I:\WINDOWS\System32\dllcache\sym_u3.sys
[2011/11/08 10:35:41 | 000,028,384 | ---- | C] (LSI Logic) -- I:\WINDOWS\System32\dllcache\sym_hi.sys
[2011/11/08 10:35:38 | 000,094,293 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\sxports.dll
[2011/11/08 10:35:35 | 000,103,936 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\sx.sys
[2011/11/08 10:35:32 | 000,003,968 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\swusbflt.sys
[2011/11/08 10:35:29 | 000,010,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\swpidflt.dll
[2011/11/08 10:35:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\swpdflt2.dll
[2011/11/08 10:35:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sw_wheel.dll
[2011/11/08 10:35:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sw_effct.dll
[2011/11/08 10:35:18 | 000,015,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\streamip.sys
[2011/11/08 10:35:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/11/08 10:35:11 | 000,053,248 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/11/08 10:35:08 | 000,285,760 | ---- | C] (Stallion Technologies) -- I:\WINDOWS\System32\dllcache\stlnata.sys
[2011/11/08 10:35:04 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- I:\WINDOWS\System32\dllcache\stcusb.sys
[2011/11/08 10:34:59 | 000,048,736 | ---- | C] (3Com) -- I:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/11/08 10:34:55 | 000,099,328 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\srusd.dll
[2011/11/08 10:34:50 | 000,024,660 | ---- | C] (Perle Systems Ltd.) -- I:\WINDOWS\System32\dllcache\spxupchk.dll
[2011/11/08 10:34:45 | 000,061,824 | ---- | C] (Perle Systems Ltd.) -- I:\WINDOWS\System32\dllcache\speed.sys
[2011/11/08 10:34:42 | 000,106,584 | ---- | C] (Perle Systems Ltd.) -- I:\WINDOWS\System32\dllcache\spdports.dll
[2011/11/08 10:34:38 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- I:\WINDOWS\System32\dllcache\sparrow.sys
[2011/11/08 10:34:35 | 000,007,552 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonypvu1.sys
[2011/11/08 10:34:32 | 000,037,040 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonypi.sys
[2011/11/08 10:34:29 | 000,114,688 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonypi.dll
[2011/11/08 10:34:26 | 000,020,752 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\sonync.sys
[2011/11/08 10:34:23 | 000,009,600 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sonymc.sys
[2011/11/08 10:34:22 | 000,007,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sonyait.sys
[2011/11/08 10:34:19 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\snyaitmc.sys
[2011/11/08 10:34:10 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- I:\WINDOWS\System32\dllcache\smiminib.sys
[2011/11/08 10:34:05 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- I:\WINDOWS\System32\dllcache\smidispb.dll
[2011/11/08 10:34:01 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- I:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/11/08 10:33:58 | 000,035,913 | ---- | C] (SMC) -- I:\WINDOWS\System32\dllcache\smcirda.sys
[2011/11/08 10:33:55 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- I:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/11/08 10:33:52 | 000,006,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smbhc.sys
[2011/11/08 10:33:51 | 000,016,000 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smbbatt.sys
[2011/11/08 10:33:51 | 000,006,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smbclass.sys
[2011/11/08 10:33:47 | 000,045,568 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smb3w.dll
[2011/11/08 10:33:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\smb0w.dll
[2011/11/08 10:33:41 | 000,028,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sma0w.dll
[2011/11/08 10:33:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sm91w.dll
[2011/11/08 10:33:32 | 000,011,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\slip.sys
[2011/11/08 10:33:31 | 000,063,547 | ---- | C] (Symbol Technologies) -- I:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/11/08 10:33:28 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- I:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/11/08 10:33:25 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- I:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/11/08 10:33:21 | 000,157,696 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisv256.dll
[2011/11/08 10:33:18 | 000,050,432 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisv.sys
[2011/11/08 10:33:17 | 000,032,768 | ---- | C] (SiS Corporation) -- I:\WINDOWS\System32\dllcache\sisnic.sys
[2011/11/08 10:33:14 | 000,238,592 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisgrv.dll
[2011/11/08 10:33:11 | 000,104,064 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sisgrp.sys
[2011/11/08 10:33:08 | 000,150,144 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis6306v.dll
[2011/11/08 10:33:05 | 000,068,608 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis6306p.sys
[2011/11/08 10:33:01 | 000,252,032 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis300iv.dll
[2011/11/08 10:32:58 | 000,101,760 | ---- | C] (Silicon Integrated Systems Corporation) -- I:\WINDOWS\System32\dllcache\sis300ip.sys
[2011/11/08 10:32:50 | 000,161,568 | ---- | C] (Micro Systemation) -- I:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/11/08 10:32:47 | 000,018,400 | ---- | C] (Micro Systemation) -- I:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/11/08 10:32:44 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/11/08 10:32:41 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- I:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/11/08 10:32:38 | 000,036,480 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\sfmanm.sys
[2011/11/08 10:32:33 | 000,006,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\serscan.sys
[2011/11/08 10:32:30 | 000,017,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sermouse.sys
[2011/11/08 10:32:25 | 000,011,520 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\scsiscan.sys
[2011/11/08 10:32:25 | 000,006,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\seaddsmc.sys
[2011/11/08 10:32:22 | 000,011,648 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\scsiprnt.sys
[2011/11/08 10:32:17 | 000,017,280 | ---- | C] (SCM Microsystems) -- I:\WINDOWS\System32\dllcache\scr111.sys
[2011/11/08 10:32:14 | 000,016,640 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\scmstcs.sys
[2011/11/08 10:32:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/11/08 10:32:07 | 000,023,936 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/11/08 10:32:06 | 000,043,904 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\sbp2port.sys
[2011/11/08 10:32:03 | 000,495,616 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\sblfx.dll
[2011/11/08 10:31:59 | 000,075,392 | ---- | C] (S3 Graphics, Inc.) -- I:\WINDOWS\System32\dllcache\s3savmxm.sys
[2011/11/08 10:31:56 | 000,245,632 | ---- | C] (S3 Graphics, Inc.) -- I:\WINDOWS\System32\dllcache\s3savmx.dll
[2011/11/08 10:31:53 | 000,077,824 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/11/08 10:31:50 | 000,198,400 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/11/08 10:31:47 | 000,061,504 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/11/08 10:31:43 | 000,179,264 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/11/08 10:31:40 | 000,210,496 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/11/08 10:31:37 | 000,062,496 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/11/08 10:31:34 | 000,041,216 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/11/08 10:31:31 | 000,182,272 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/11/08 10:31:28 | 000,166,720 | ---- | C] (S3 Incorporated) -- I:\WINDOWS\System32\dllcache\s3m.sys
[2011/11/08 10:31:25 | 000,065,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\s3legacy.sys
[2011/11/08 10:31:21 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia450.dll
[2011/11/08 10:31:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia430.dll
[2011/11/08 10:31:16 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/11/08 10:31:15 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/11/08 10:31:13 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- I:\WINDOWS\System32\dllcache\rtl8139.sys
[2011/11/08 10:31:10 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- I:\WINDOWS\System32\dllcache\rtl8029.sys
[2011/11/08 10:31:07 | 000,030,720 | ---- | C] (Conexant Systems Inc.) -- I:\WINDOWS\System32\dllcache\rthwcls.sys
[2011/11/08 10:31:03 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/11/08 10:30:59 | 000,003,840 | ---- | C] (Conexant Systems Inc.) -- I:\WINDOWS\System32\dllcache\rpfun.sys
[2011/11/08 10:30:57 | 000,079,104 | ---- | C] (Comtrol Corporation) -- I:\WINDOWS\System32\dllcache\rocket.sys
[2011/11/08 10:30:54 | 000,037,563 | ---- | C] (RadioLAN) -- I:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/11/08 10:30:50 | 000,086,097 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\reslog32.dll
[2011/11/08 10:30:41 | 000,019,584 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\rasirda.sys
[2011/11/08 10:30:37 | 000,714,762 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/11/08 10:30:34 | 000,899,146 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/11/08 10:30:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\qvusd.dll
[2011/11/08 10:30:27 | 000,003,328 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\qv2kux.sys
[2011/11/08 10:30:22 | 000,049,024 | ---- | C] (QLogic Corporation) -- I:\WINDOWS\System32\dllcache\ql1280.sys
[2011/11/08 10:30:19 | 000,040,448 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ql1240.sys
[2011/11/08 10:30:16 | 000,045,312 | ---- | C] (QLogic Corporation) -- I:\WINDOWS\System32\dllcache\ql12160.sys
[2011/11/08 10:30:13 | 000,033,152 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ql10wnt.sys
[2011/11/08 10:30:10 | 000,040,320 | ---- | C] (QLogic Corporation) -- I:\WINDOWS\System32\dllcache\ql1080.sys
[2011/11/08 10:30:09 | 000,006,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\qic157.sys
[2011/11/08 10:30:05 | 000,130,942 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/11/08 10:30:02 | 000,112,574 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/11/08 10:29:59 | 000,128,286 | ---- | C] (PCTEL, INC.) -- I:\WINDOWS\System32\dllcache\ptserli.sys
[2011/11/08 10:29:58 | 000,159,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ptpusd.dll
[2011/11/08 10:29:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ptpusb.dll
[2011/11/08 10:29:52 | 000,035,328 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\psisload.dll
[2011/11/08 10:29:48 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- I:\WINDOWS\System32\dllcache\pscr.sys
[2011/11/08 10:29:46 | 000,017,664 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ppa3.sys
[2011/11/08 10:29:43 | 000,017,792 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ppa.sys
[2011/11/08 10:29:43 | 000,008,832 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\powerfil.sys
[2011/11/08 10:29:40 | 000,007,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\pnrmc.sys
[2011/11/08 10:29:34 | 000,121,344 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\phvfwext.dll
[2011/11/08 10:29:31 | 000,019,840 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philtune.sys
[2011/11/08 10:29:28 | 000,092,416 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\phildec.sys
[2011/11/08 10:29:25 | 000,173,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philcam2.sys
[2011/11/08 10:29:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philcam1.sys
[2011/11/08 10:29:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\philcam1.dll
[2011/11/08 10:29:15 | 000,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm3dd.dll
[2011/11/08 10:29:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\phdsext.ax
[2011/11/08 10:29:14 | 000,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm3.sys
[2011/11/08 10:29:13 | 000,211,584 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm2dll.dll
[2011/11/08 10:29:13 | 000,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- I:\WINDOWS\System32\dllcache\perm2.sys
[2011/11/08 10:29:09 | 000,005,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\perc2hib.sys
[2011/11/08 10:29:06 | 000,027,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\perc2.sys
[2011/11/08 10:29:05 | 000,169,984 | ---- | C] (Cisco Systems) -- I:\WINDOWS\System32\dllcache\pcx500.sys
[2011/11/08 10:29:02 | 000,086,016 | ---- | C] (PCtel, Inc.) -- I:\WINDOWS\System32\dllcache\pctspk.exe
[2011/11/08 10:28:59 | 000,035,328 | ---- | C] (AMD Inc.) -- I:\WINDOWS\System32\dllcache\pcntpci5.sys
[2011/11/08 10:28:57 | 000,029,769 | ---- | C] (AMD Inc.) -- I:\WINDOWS\System32\dllcache\pcntn5m.sys
[2011/11/08 10:28:54 | 000,030,282 | ---- | C] (AMD Inc.) -- I:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2011/11/08 10:28:51 | 000,026,153 | ---- | C] (Linksys) -- I:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/11/08 10:28:50 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- I:\WINDOWS\System32\dllcache\pca200e.sys
[2011/11/08 10:28:47 | 000,030,495 | ---- | C] (Linksys) -- I:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/11/08 10:28:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovui2rc.dll
[2011/11/08 10:28:39 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovui2.dll
[2011/11/08 10:28:36 | 000,025,216 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovsound2.sys
[2011/11/08 10:28:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcoms.exe
[2011/11/08 10:28:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcomc.dll
[2011/11/08 10:28:27 | 000,351,616 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcodek2.sys
[2011/11/08 10:28:25 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcodec2.dll
[2011/11/08 10:28:22 | 000,031,872 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovce.sys
[2011/11/08 10:28:19 | 000,028,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcd.sys
[2011/11/08 10:28:16 | 000,048,000 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovcam2.sys
[2011/11/08 10:28:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ovca.sys
[2011/11/08 10:28:10 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/11/08 10:28:07 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otceth5.sys
[2011/11/08 10:28:04 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- I:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/11/08 10:28:01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- I:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/11/08 10:27:53 | 000,198,144 | ---- | C] (NVIDIA Corporation) -- I:\WINDOWS\System32\dllcache\nv3.sys
[2011/11/08 10:27:50 | 000,123,776 | ---- | C] (NVIDIA Corporation) -- I:\WINDOWS\System32\dllcache\nv3.dll
[2011/11/08 10:27:43 | 000,051,552 | ---- | C] (Kensington Technology Group) -- I:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/11/08 10:27:39 | 000,009,344 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ntapm.sys
[2011/11/08 10:27:37 | 000,007,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\nsmmc.sys
[2011/11/08 10:27:35 | 000,028,672 | ---- | C] (National Semiconductor Corporation) -- I:\WINDOWS\System32\dllcache\nscirda.sys
[2011/11/08 10:27:31 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/11/08 10:27:28 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/11/08 10:27:24 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- I:\WINDOWS\System32\dllcache\ngrpci.sys
[2011/11/08 10:27:23 | 000,132,695 | ---- | C] (802.11b) -- I:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/11/08 10:27:18 | 000,065,278 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\netflx3.sys
[2011/11/08 10:27:15 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/11/08 10:27:12 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- I:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/11/08 10:27:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ne2000.sys
[2011/11/08 10:27:08 | 000,010,880 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ndisip.sys
[2011/11/08 10:27:06 | 000,085,248 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/11/08 10:27:04 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/11/08 10:27:01 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/11/08 10:26:58 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/11/08 10:26:55 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/11/08 10:26:53 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128.sys
[2011/11/08 10:26:50 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- I:\WINDOWS\System32\dllcache\n9i128.dll
[2011/11/08 10:26:47 | 000,128,000 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\n100325.sys
[2011/11/08 10:26:44 | 000,052,255 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\n1000nt5.sys
[2011/11/08 10:26:41 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- I:\WINDOWS\System32\dllcache\mxport.sys
[2011/11/08 10:26:38 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- I:\WINDOWS\System32\dllcache\mxport.dll
[2011/11/08 10:26:36 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- I:\WINDOWS\System32\dllcache\mxnic.sys
[2011/11/08 10:26:33 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- I:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/11/08 10:26:30 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- I:\WINDOWS\System32\dllcache\mxcard.sys
[2011/11/08 10:26:26 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- I:\WINDOWS\System32\dllcache\mtxvideo.sys
[2011/11/08 10:26:15 | 000,005,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mstee.sys
[2011/11/08 10:26:14 | 000,049,024 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mstape.sys
[2011/11/08 10:26:10 | 000,012,416 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msriffwv.sys
[2011/11/08 10:26:04 | 000,002,944 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msmpu401.sys
[2011/11/08 10:26:03 | 000,022,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msircomm.sys
[2011/11/08 10:25:56 | 000,035,200 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msgame.sys
[2011/11/08 10:25:53 | 000,006,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msfsio.sys
[2011/11/08 10:25:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\msdv.sys
[2011/11/08 10:25:44 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- I:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/11/08 10:25:39 | 000,015,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mpe.sys
[2011/11/08 10:25:34 | 000,016,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/11/08 10:25:28 | 000,006,528 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\miniqic.sys
[2011/11/08 10:25:23 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\mgaum.sys
[2011/11/08 10:25:20 | 000,235,648 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\mgaud.dll
[2011/11/08 10:25:19 | 000,026,112 | ---- | C] (Sony Corporation) -- I:\WINDOWS\System32\dllcache\memstpci.sys
[2011/11/08 10:25:16 | 000,047,616 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\memgrp.dll
[2011/11/08 10:25:13 | 000,008,320 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\memcard.sys
[2011/11/08 10:25:09 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- I:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/11/08 10:25:06 | 000,007,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\mammoth.sys
[2011/11/08 10:25:02 | 000,048,768 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\maestro.sys
[2011/11/08 10:24:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\m3092dc.dll
[2011/11/08 10:24:57 | 000,058,368 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\m3091dc.dll
[2011/11/08 10:24:54 | 000,022,848 | ---- | C] (Logitech Inc.) -- I:\WINDOWS\System32\dllcache\lwusbhid.sys
[2011/11/08 10:24:53 | 000,020,864 | ---- | C] (Logitech Inc.) -- I:\WINDOWS\System32\dllcache\lwadihid.sys
[2011/11/08 10:24:50 | 000,797,500 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/11/08 10:24:47 | 000,802,683 | ---- | C] (Lucent Technologies) -- I:\WINDOWS\System32\dllcache\ltsm.sys
[2011/11/08 10:24:47 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ltotape.sys
[2011/11/08 10:24:46 | 000,420,992 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/11/08 10:24:43 | 000,606,684 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/11/08 10:24:43 | 000,576,746 | ---- | C] (LT) -- I:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/11/08 10:24:40 | 000,727,786 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/11/08 10:24:36 | 000,004,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\loop.sys
[2011/11/08 10:24:32 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- I:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/11/08 10:24:29 | 000,020,573 | ---- | C] (The Linksts Group ) -- I:\WINDOWS\System32\dllcache\lne100.sys
[2011/11/08 10:24:27 | 000,025,065 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/11/08 10:24:24 | 000,015,744 | ---- | C] (Litronic Industries) -- I:\WINDOWS\System32\dllcache\lit220p.sys
[2011/11/08 10:24:22 | 000,034,688 | ---- | C] (Toshiba Corp.) -- I:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2011/11/08 10:24:20 | 000,026,442 | ---- | C] (SMSC) -- I:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/11/08 10:24:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/11/08 10:24:17 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- I:\WINDOWS\System32\dllcache\ktc111.sys
[2011/11/08 10:24:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/11/08 10:24:15 | 000,061,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/11/08 10:24:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kousd.dll
[2011/11/08 10:24:11 | 000,253,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kdsusd.dll
[2011/11/08 10:24:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\kdsui.dll
[2011/11/08 10:23:50 | 000,026,624 | ---- | C] (SigmaTel, Inc.) -- I:\WINDOWS\System32\dllcache\irstusb.sys
[2011/11/08 10:23:48 | 000,018,688 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irsir.sys
[2011/11/08 10:23:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irmon.dll
[2011/11/08 10:23:45 | 000,023,552 | ---- | C] (MKNet Corporation) -- I:\WINDOWS\System32\dllcache\irmk7.sys
[2011/11/08 10:23:44 | 000,151,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irftp.exe
[2011/11/08 10:23:43 | 000,088,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\irda.sys
[2011/11/08 10:23:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ipsink.ax
[2011/11/08 10:23:38 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- I:\WINDOWS\System32\dllcache\ip5515.sys
[2011/11/08 10:23:35 | 000,090,200 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\io8ports.dll
[2011/11/08 10:23:33 | 000,038,784 | ---- | C] (Perle Systems Ltd. ) -- I:\WINDOWS\System32\dllcache\io8.sys
[2011/11/08 10:23:32 | 000,005,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\intelide.sys
[2011/11/08 10:23:29 | 000,013,056 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\inport.sys
[2011/11/08 10:23:26 | 000,016,000 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ini910u.sys
[2011/11/08 10:23:05 | 000,372,824 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\iconf32.dll
[2011/11/08 10:23:03 | 000,100,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam5usb.sys
[2011/11/08 10:23:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam5ext.dll
[2011/11/08 10:22:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam5com.dll
[2011/11/08 10:22:55 | 000,154,496 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam4usb.sys
[2011/11/08 10:22:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam4ext.dll
[2011/11/08 10:22:50 | 000,091,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam4com.dll
[2011/11/08 10:22:48 | 000,026,624 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam3ext.dll
[2011/11/08 10:22:46 | 000,141,056 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\icam3.sys
[2011/11/08 10:22:43 | 000,038,528 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ibmvcap.sys
[2011/11/08 10:22:41 | 000,109,085 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\ibmtrp.sys
[2011/11/08 10:22:38 | 000,100,936 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\ibmtok.sys
[2011/11/08 10:22:36 | 000,009,216 | ---- | C] (IBM Corporation) -- I:\WINDOWS\System32\dllcache\ibmsgnet.dll
[2011/11/08 10:22:33 | 000,028,700 | ---- | C] (IBM Corp.) -- I:\WINDOWS\System32\dllcache\ibmexmp.sys
[2011/11/08 10:22:31 | 000,702,845 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\i81xdnt5.dll
[2011/11/08 10:22:31 | 000,161,020 | ---- | C] (Intel® Corporation) -- I:\WINDOWS\System32\dllcache\i81xnt5.sys
[2011/11/08 10:22:28 | 000,058,592 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\i740nt5.sys
[2011/11/08 10:22:26 | 000,353,184 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\i740dnt5.dll
[2011/11/08 10:22:25 | 000,018,560 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\i2omp.sys
[2011/11/08 10:22:23 | 000,008,576 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\i2omgmt.sys
[2011/11/08 10:22:14 | 000,488,383 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_v124.sys
[2011/11/08 10:22:12 | 000,050,751 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_tone.sys
[2011/11/08 10:22:10 | 000,073,279 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_spkp.sys
[2011/11/08 10:22:07 | 000,044,863 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_soar.sys
[2011/11/08 10:22:05 | 000,057,471 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_samp.sys
[2011/11/08 10:22:02 | 000,542,879 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_msft.sys
[2011/11/08 10:22:00 | 000,391,199 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_k56k.sys
[2011/11/08 10:21:58 | 000,009,759 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_inst.dll
[2011/11/08 10:21:55 | 000,115,807 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_fsks.sys
[2011/11/08 10:21:53 | 000,199,711 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_faxx.sys
[2011/11/08 10:21:51 | 000,289,887 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_fall.sys
[2011/11/08 10:21:48 | 000,067,167 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_bsc2.sys
[2011/11/08 10:21:46 | 000,150,239 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hsf_amos.sys
[2011/11/08 10:21:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hr1w.dll
[2011/11/08 10:21:41 | 000,005,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpt4qic.sys
[2011/11/08 10:21:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpsjmcro.dll
[2011/11/08 10:21:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpojwia.dll
[2011/11/08 10:21:34 | 000,025,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpn.sys
[2011/11/08 10:21:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgtmcro.dll
[2011/11/08 10:21:29 | 000,068,608 | ---- | C] (Avisioin) -- I:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/11/08 10:21:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgt42tk.dll
[2011/11/08 10:21:20 | 000,126,976 | ---- | C] (Hewlett Packard) -- I:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/11/08 10:21:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgt33tk.dll
[2011/11/08 10:21:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpgt21tk.dll
[2011/11/08 10:21:07 | 000,119,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hpdigwia.dll
[2011/11/08 10:21:03 | 000,002,688 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/11/08 10:21:01 | 000,008,576 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hidgame.sys
[2011/11/08 10:21:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\hidbatt.sys
[2011/11/08 10:20:57 | 000,907,456 | ---- | C] (Conexant) -- I:\WINDOWS\System32\dllcache\hcf_msft.sys
[2011/11/08 10:20:55 | 000,028,288 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\grserial.sys
[2011/11/08 10:20:53 | 000,082,304 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\grclass.sys
[2011/11/08 10:20:51 | 000,017,408 | ---- | C] (Gemplus) -- I:\WINDOWS\System32\dllcache\gpr400.sys
[2011/11/08 10:20:48 | 000,059,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\gckernel.sys
[2011/11/08 10:20:47 | 000,010,624 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\gameenum.sys
[2011/11/08 10:20:45 | 000,322,432 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g400m.sys
[2011/11/08 10:20:43 | 001,733,120 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g400d.dll
[2011/11/08 10:20:40 | 000,320,384 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g200m.sys
[2011/11/08 10:20:38 | 000,470,144 | ---- | C] (Matrox Graphics Inc.) -- I:\WINDOWS\System32\dllcache\g200d.dll
[2011/11/08 10:20:35 | 000,454,912 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/11/08 10:20:26 | 000,092,160 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\fuusd.dll
[2011/11/08 10:20:23 | 000,455,296 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/11/08 10:20:20 | 000,455,680 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fus2base.sys
[2011/11/08 10:20:15 | 000,442,240 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/11/08 10:20:12 | 000,441,728 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/11/08 10:20:09 | 000,444,416 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/11/08 10:20:07 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- I:\WINDOWS\System32\dllcache\forehe.sys
[2011/11/08 10:20:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\fnfilter.dll
[2011/11/08 10:20:01 | 000,027,165 | ---- | C] (VIA Technologies, Inc. ) -- I:\WINDOWS\System32\dllcache\fetnd5.sys
[2011/11/08 10:19:55 | 000,022,090 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\fem556n5.sys
[2011/11/08 10:19:51 | 000,024,618 | ---- | C] (NETGEAR) -- I:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/11/08 10:19:49 | 000,016,074 | ---- | C] (NETGEAR Corp.) -- I:\WINDOWS\System32\dllcache\fa312nd5.sys
[2011/11/08 10:19:47 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- I:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/11/08 10:19:45 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- I:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/11/08 10:19:43 | 000,007,040 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\exabyte2.sys
[2011/11/08 10:19:41 | 000,016,998 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\ex10.sys
[2011/11/08 10:19:36 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esunib.dll
[2011/11/08 10:19:34 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esuni.dll
[2011/11/08 10:19:31 | 000,034,816 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esuimg.dll
[2011/11/08 10:19:29 | 000,043,008 | ---- | C] (SEIKO EPSON CORP.) -- I:\WINDOWS\System32\dllcache\esucm.dll
[2011/11/08 10:19:28 | 000,137,088 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\essm2e.sys
[2011/11/08 10:19:26 | 000,063,360 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\ess.sys
[2011/11/08 10:19:24 | 000,347,550 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es56tpi.sys
[2011/11/08 10:19:22 | 000,594,238 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es56hpi.sys
[2011/11/08 10:19:19 | 000,595,647 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es56cvmp.sys
[2011/11/08 10:19:17 | 000,174,464 | ---- | C] (ESS Technology, Inc.) -- I:\WINDOWS\System32\dllcache\es198x.sys
[2011/11/08 10:19:16 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- I:\WINDOWS\System32\dllcache\es1969.sys
[2011/11/08 10:19:14 | 000,040,704 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\es1371mp.sys
[2011/11/08 10:19:12 | 000,037,120 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\es1370mp.sys
[2011/11/08 10:19:09 | 000,061,952 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqnloop.exe
[2011/11/08 10:19:07 | 000,051,200 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqnlogr.exe
[2011/11/08 10:19:05 | 000,053,248 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqndiag.exe
[2011/11/08 10:19:03 | 000,629,952 | ---- | C] (Equinox Systems Inc.) -- I:\WINDOWS\System32\dllcache\eqn.sys
[2011/11/08 10:19:01 | 000,114,944 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\epstw2k.sys
[2011/11/08 10:18:59 | 000,018,503 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\epro4.sys
[2011/11/08 10:18:58 | 000,144,896 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\epcfw2k.sys
[2011/11/08 10:18:56 | 000,283,904 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\emu10k1m.sys
[2011/11/08 10:18:51 | 000,019,996 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\em556n4.sys
[2011/11/08 10:18:50 | 000,025,159 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\elnk3.sys
[2011/11/08 10:18:49 | 000,007,296 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\elmsmc.sys
[2011/11/08 10:18:47 | 000,171,520 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el99xn51.sys
[2011/11/08 10:18:46 | 000,070,174 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el98xn5.sys
[2011/11/08 10:18:44 | 000,455,199 | ---- | C] (3Com Corporation.) -- I:\WINDOWS\System32\dllcache\el985n51.sys
[2011/11/08 10:18:43 | 000,153,631 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el90xnd5.sys
[2011/11/08 10:18:41 | 000,066,591 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el90xbc5.sys
[2011/11/08 10:18:40 | 000,241,206 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656se5.sys
[2011/11/08 10:18:38 | 000,077,386 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656nd5.sys
[2011/11/08 10:18:36 | 000,634,134 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656ct5.sys
[2011/11/08 10:18:35 | 000,069,194 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el656cd5.sys
[2011/11/08 10:18:34 | 000,026,141 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el589nd5.sys
[2011/11/08 10:18:32 | 000,069,692 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el575nd5.sys
[2011/11/08 10:18:31 | 000,024,653 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el574nd4.sys
[2011/11/08 10:18:29 | 000,055,999 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el556nd5.sys
[2011/11/08 10:18:28 | 000,044,103 | ---- | C] (3Com Corporation) -- I:\WINDOWS\System32\dllcache\el515.sys
[2011/11/08 10:18:25 | 000,019,594 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\e100isa4.sys
[2011/11/08 10:18:24 | 000,117,760 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\e100b325.sys
[2011/11/08 10:18:23 | 000,050,719 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\e1000nt5.sys
[2011/11/08 10:18:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dshowext.ax
[2011/11/08 10:18:17 | 000,334,208 | ---- | C] (Yamaha Corp.) -- I:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/11/08 10:18:14 | 000,020,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dpti2o.sys
[2011/11/08 10:18:12 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- I:\WINDOWS\System32\dllcache\dp83820.sys
[2011/11/08 10:18:10 | 000,023,808 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4usb.sys
[2011/11/08 10:18:09 | 000,008,704 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4scan.sys
[2011/11/08 10:18:08 | 000,012,928 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4prt.sys
[2011/11/08 10:18:07 | 000,206,976 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dot4.sys
[2011/11/08 10:18:03 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- I:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/11/08 10:18:02 | 000,008,320 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dlttape.sys
[2011/11/08 10:18:00 | 000,026,698 | ---- | C] (D-Link Corporation) -- I:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/11/08 10:17:58 | 000,952,007 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\diwan.sys
[2011/11/08 10:17:53 | 000,236,060 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\ditrace.exe
[2011/11/08 10:17:52 | 000,038,985 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/11/08 10:17:51 | 000,031,305 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/11/08 10:17:50 | 000,006,729 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\disrvci.dll
[2011/11/08 10:17:47 | 000,091,305 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\dimaint.sys
[2011/11/08 10:17:46 | 000,614,429 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiview.exe
[2011/11/08 10:17:45 | 000,042,432 | ---- | C] (Digi International, Inc.) -- I:\WINDOWS\System32\dllcache\digirlpt.sys
[2011/11/08 10:17:43 | 000,110,621 | ---- | C] (Digi International, Inc.) -- I:\WINDOWS\System32\dllcache\digirlpt.dll
[2011/11/08 10:17:42 | 000,021,606 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiisdn.sys
[2011/11/08 10:17:41 | 000,041,046 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiisdn.dll
[2011/11/08 10:17:40 | 000,102,484 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiinf.dll
[2011/11/08 10:17:39 | 000,159,828 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digihlc.dll
[2011/11/08 10:17:37 | 000,229,462 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digifwrk.dll
[2011/11/08 10:17:36 | 000,090,525 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digifep5.sys
[2011/11/08 10:17:35 | 000,103,044 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digidxb.sys
[2011/11/08 10:17:34 | 000,131,156 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digidbp.dll
[2011/11/08 10:17:32 | 000,037,735 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiasyn.sys
[2011/11/08 10:17:31 | 000,065,622 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\digiasyn.dll
[2011/11/08 10:17:29 | 000,419,357 | ---- | C] (Digi International) -- I:\WINDOWS\System32\dllcache\dgconfig.dll
[2011/11/08 10:17:28 | 000,029,531 | ---- | C] (Digi International Inc.) -- I:\WINDOWS\System32\dllcache\dgapci.sys
[2011/11/08 10:17:26 | 000,024,649 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/11/08 10:17:25 | 000,024,648 | ---- | C] (D-Link) -- I:\WINDOWS\System32\dllcache\dfe650.sys
[2011/11/08 10:17:23 | 000,024,064 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\devldr32.exe
[2011/11/08 10:17:22 | 000,256,512 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\devcon32.dll
[2011/11/08 10:17:21 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- I:\WINDOWS\System32\dllcache\defpa.sys
[2011/11/08 10:17:20 | 000,007,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ddsmc.sys
[2011/11/08 10:17:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc260usd.dll
[2011/11/08 10:17:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc240usd.dll
[2011/11/08 10:17:16 | 000,063,208 | ---- | C] (Intel Corporation.) -- I:\WINDOWS\System32\dllcache\dc21x4.sys
[2011/11/08 10:17:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc210usd.dll
[2011/11/08 10:17:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dc210_32.dll
[2011/11/08 10:17:11 | 000,014,720 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\dac960nt.sys
[2011/11/08 10:17:09 | 000,179,584 | ---- | C] (Mylex Corporation) -- I:\WINDOWS\System32\dllcache\dac2w2k.sys
[2011/11/08 10:17:06 | 000,117,760 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\d100ib5.sys
[2011/11/08 10:17:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyzports.dll
[2011/11/08 10:17:04 | 000,049,792 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyzport.sys
[2011/11/08 10:17:03 | 000,027,136 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyzcoins.dll
[2011/11/08 10:17:02 | 000,027,648 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyyports.dll
[2011/11/08 10:17:00 | 000,050,176 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyyport.sys
[2011/11/08 10:16:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyycoins.dll
[2011/11/08 10:16:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyclom-y.sys
[2011/11/08 10:16:57 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/11/08 10:16:57 | 000,017,152 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cyclad-z.sys
[2011/11/08 10:16:56 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/11/08 10:16:55 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/11/08 10:16:54 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/11/08 10:16:52 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/11/08 10:16:51 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/11/08 10:16:50 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- I:\WINDOWS\System32\dllcache\cwbase.sys
[2011/11/08 10:16:49 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- I:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/11/08 10:16:49 | 000,004,096 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\ctwdm32.dll
[2011/11/08 10:16:47 | 000,096,256 | ---- | C] (Copyright © Creative Technology Ltd. 1994-2001) -- I:\WINDOWS\System32\dllcache\ctlsb16.sys
[2011/11/08 10:16:46 | 000,003,712 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\ctljystk.sys
[2011/11/08 10:16:45 | 000,006,912 | ---- | C] (Creative Technology Ltd.) -- I:\WINDOWS\System32\dllcache\ctlfacem.sys
[2011/11/08 10:16:43 | 000,175,104 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\csamsp.dll
[2011/11/08 10:16:42 | 000,042,112 | ---- | C] (Conexant Systems Inc.) -- I:\WINDOWS\System32\dllcache\crtaud.sys
[2011/11/08 10:16:41 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- I:\WINDOWS\System32\dllcache\cpscan.dll
[2011/11/08 10:16:40 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- I:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2011/11/08 10:16:39 | 000,021,533 | ---- | C] (Compaq Computer Corporation) -- I:\WINDOWS\System32\dllcache\cpqndis5.sys
[2011/11/08 10:16:38 | 000,014,976 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cpqarray.sys
[2011/11/08 10:16:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\compbatt.sys
[2011/11/08 10:16:31 | 000,039,936 | ---- | C] (Conexant Systems, Inc.) -- I:\WINDOWS\System32\dllcache\cnxt1803.sys
[2011/11/08 10:16:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cnusd.dll
[2011/11/08 10:16:28 | 000,006,656 | ---- | C] (CMD Technology, Inc.) -- I:\WINDOWS\System32\dllcache\cmdide.sys
[2011/11/08 10:16:27 | 000,020,736 | ---- | C] (OMNIKEY AG) -- I:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/11/08 10:16:27 | 000,013,952 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cmbatt.sys
[2011/11/08 10:16:25 | 000,248,064 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cl546xm.sys
[2011/11/08 10:16:23 | 000,170,880 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cl546x.dll
[2011/11/08 10:16:23 | 000,111,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cl5465.dll
[2011/11/08 10:16:22 | 000,045,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cirrus.sys
[2011/11/08 10:16:21 | 000,091,264 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cirrus.dll
[2011/11/08 10:16:19 | 000,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- I:\WINDOWS\System32\dllcache\cinemclc.sys
[2011/11/08 10:16:18 | 000,980,034 | ---- | C] (Xircom) -- I:\WINDOWS\System32\dllcache\cicap.sys
[2011/11/08 10:16:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\changer.sys
[2011/11/08 10:16:12 | 000,049,182 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/11/08 10:16:12 | 000,022,044 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/11/08 10:16:11 | 000,022,044 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/11/08 10:16:10 | 000,027,164 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/11/08 10:16:10 | 000,021,530 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/11/08 10:16:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2011/11/08 10:16:07 | 000,017,024 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/11/08 10:16:06 | 000,714,698 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/11/08 10:16:06 | 000,046,108 | ---- | C] (Xircom, Inc.) -- I:\WINDOWS\System32\dllcache\cben5.sys
[2011/11/08 10:16:05 | 000,039,680 | ---- | C] (Silicom Ltd.) -- I:\WINDOWS\System32\dllcache\cb325.sys
[2011/11/08 10:16:04 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- I:\WINDOWS\System32\dllcache\cb102.sys
[2011/11/08 10:16:03 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- I:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/11/08 10:16:01 | 000,164,923 | ---- | C] (Eicon Technology) -- I:\WINDOWS\System32\dllcache\diapi2.sys
[2011/11/08 10:16:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext30.dll
[2011/11/08 10:15:59 | 000,116,736 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext30.ax
[2011/11/08 10:15:58 | 000,236,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext20.dll
[2011/11/08 10:15:57 | 000,244,224 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camext20.ax
[2011/11/08 10:15:57 | 000,074,240 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camexo20.dll
[2011/11/08 10:15:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camexo20.ax
[2011/11/08 10:15:55 | 000,171,264 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camdrv30.sys
[2011/11/08 10:15:54 | 000,223,232 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camdrv21.sys
[2011/11/08 10:15:53 | 000,314,752 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\camdro21.sys
[2011/11/08 10:15:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\bulltlp3.sys
[2011/11/08 10:15:25 | 000,031,529 | ---- | C] (BreezeCOM) -- I:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/11/08 10:15:24 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/11/08 10:15:24 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/11/08 10:15:23 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/11/08 10:15:22 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brserif.dll
[2011/11/08 10:15:22 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- I:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/11/08 10:15:21 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/11/08 10:15:20 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brparimg.sys
[2011/11/08 10:15:18 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/11/08 10:15:18 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/11/08 10:15:17 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/11/08 10:15:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\brmfcwia.dll
[2011/11/08 10:15:16 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/11/08 10:15:15 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/11/08 10:15:15 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/11/08 10:15:14 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brfilt.sys
[2011/11/08 10:15:13 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brevif.dll
[2011/11/08 10:15:12 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- I:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/11/08 10:15:12 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- I:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/11/08 10:15:10 | 000,102,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\binlsvc.dll
[2011/11/08 10:15:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\bdaplgin.ax
[2011/11/08 10:15:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\bdasup.sys
[2011/11/08 10:15:08 | 000,871,388 | ---- | C] (BCM) -- I:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/11/08 10:15:08 | 000,026,568 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\bcm4e5.sys
[2011/11/08 10:15:07 | 000,054,271 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2011/11/08 10:15:06 | 000,066,557 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\bcm42u.sys
[2011/11/08 10:15:05 | 000,014,208 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\battc.sys
[2011/11/08 10:15:04 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\banshee.sys
[2011/11/08 10:15:03 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\banshee.dll
[2011/11/08 10:15:03 | 000,096,640 | ---- | C] (Broadcom Corporation) -- I:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/11/08 10:15:02 | 000,089,952 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/11/08 10:15:01 | 000,037,568 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmwan.sys
[2011/11/08 10:15:01 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- I:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/11/08 10:15:00 | 000,144,384 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmenum.dll
[2011/11/08 10:14:59 | 000,087,552 | ---- | C] (AVM GmbH) -- I:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/11/08 10:14:58 | 000,036,096 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\avcaudio.sys
[2011/11/08 10:14:58 | 000,013,696 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\avcstrm.sys
[2011/11/08 10:14:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\avc.sys
[2011/11/08 10:14:49 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atiragem.sys
[2011/11/08 10:14:48 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atiraged.dll
[2011/11/08 10:14:46 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atimtai.sys
[2011/11/08 10:14:45 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atimpab.sys
[2011/11/08 10:14:45 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atimpae.sys
[2011/11/08 10:14:44 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atidvai.dll
[2011/11/08 10:14:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\atievxx.exe
[2011/11/08 10:14:43 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atidrae.dll
[2011/11/08 10:14:42 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- I:\WINDOWS\System32\dllcache\atidrab.dll
[2011/11/08 10:14:38 | 000,096,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\ati.dll
[2011/11/08 10:14:38 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- I:\WINDOWS\System32\dllcache\ati.sys
[2011/11/08 10:14:36 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- I:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/11/08 10:14:35 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- I:\WINDOWS\System32\dllcache\asc3550.sys
[2011/11/08 10:14:34 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- I:\WINDOWS\System32\dllcache\asc.sys
[2011/11/08 10:14:34 | 000,022,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\asc3350p.sys
[2011/11/08 10:14:32 | 000,006,272 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\apmbatt.sys
[2011/11/08 10:14:31 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- I:\WINDOWS\System32\dllcache\an983.sys
[2011/11/08 10:14:30 | 000,012,032 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\amsint.sys
[2011/11/08 10:14:29 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- I:\WINDOWS\System32\dllcache\amb8002.sys
[2011/11/08 10:14:29 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\aliide.sys
[2011/11/08 10:14:28 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\ali5261.sys
[2011/11/08 10:14:28 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\alifir.sys
[2011/11/08 10:14:27 | 000,056,960 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aic78xx.sys
[2011/11/08 10:14:27 | 000,055,168 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aic78u2.sys
[2011/11/08 10:14:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aha154x.sys
[2011/11/08 10:14:23 | 000,024,576 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\agcgauge.ax
[2011/11/08 10:14:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\adpu160m.sys
[2011/11/08 10:14:19 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- I:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/11/08 10:14:18 | 000,010,880 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\admjoy.sys
[2011/11/08 10:14:17 | 000,747,392 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8830.sys
[2011/11/08 10:14:17 | 000,553,984 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8820.sys
[2011/11/08 10:14:16 | 000,584,448 | ---- | C] (Aureal, Inc.) -- I:\WINDOWS\System32\dllcache\adm8810.sys
[2011/11/08 10:14:16 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- I:\WINDOWS\System32\dllcache\adm8511.sys
[2011/11/08 10:14:15 | 000,007,424 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\adicvls.sys
[2011/11/08 10:14:14 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- I:\WINDOWS\System32\dllcache\acerscad.dll
[2011/11/08 10:14:13 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- I:\WINDOWS\System32\dllcache\ac97sis.sys
[2011/11/08 10:14:13 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- I:\WINDOWS\System32\dllcache\ac97via.sys
[2011/11/08 10:14:12 | 000,096,256 | ---- | C] (Intel Corporation) -- I:\WINDOWS\System32\dllcache\ac97intc.sys
[2011/11/08 10:14:11 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- I:\WINDOWS\System32\dllcache\ac97ali.sys
[2011/11/08 10:14:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\abp480n5.sys
[2011/11/08 10:14:10 | 000,462,848 | ---- | C] (Aureal Inc.) -- I:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/11/08 10:14:10 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- I:\WINDOWS\System32\dllcache\a3d.dll
[2011/11/08 10:14:09 | 000,038,400 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\8514a.dll
[2011/11/08 10:14:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\61883.sys
[2011/11/08 10:14:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\4mmdat.sys
[2011/11/08 10:14:05 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/11/08 10:14:04 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- I:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/11/08 10:14:03 | 000,762,780 | ---- | C] (3Com, Inc.) -- I:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/11/08 10:14:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\1394vdbg.sys
[2011/11/08 10:13:45 | 000,066,048 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\s3legacy.dll
[2011/10/31 14:48:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Administrator\Desktop\MACAddressChanger_Exe

========== Files - Modified Within 30 Days ==========

[2011/11/18 14:56:40 | 001,036,344 | ---- | M] (Google Inc.) -- I:\Documents and Settings\Administrator\Desktop\Unconfirmed 86330.crdownload
[2011/11/18 14:56:18 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/11/18 14:56:07 | 000,000,896 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/18 14:55:56 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/11/18 14:53:14 | 000,001,010 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500UA.job
[2011/11/18 14:53:00 | 000,002,344 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2011/11/18 14:53:00 | 000,002,322 | ---- | M] () -- I:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/18 14:49:15 | 000,464,491 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\RootRepeal.zip
[2011/11/18 14:43:10 | 000,000,900 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/18 13:01:11 | 000,302,592 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe
[2011/11/18 12:10:14 | 000,001,945 | ---- | M] () -- I:\WINDOWS\epplauncher.mif
[2011/11/18 12:05:57 | 000,001,689 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/18 12:05:56 | 000,002,625 | ---- | M] () -- I:\WINDOWS\System32\CONFIG.NT
[2011/11/18 12:04:32 | 061,657,064 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\setup_av_free_cnet.exe
[2011/11/18 09:39:08 | 001,916,416 | ---- | M] (AVAST Software) -- I:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/11/18 09:38:43 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- I:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/11/18 09:32:20 | 000,000,098 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/18 08:51:00 | 000,000,958 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1417001333-839522115-500Core.job
[2011/11/17 12:09:35 | 001,036,344 | ---- | M] (Google Inc.) -- I:\Documents and Settings\Administrator\Desktop\chrome.exe
[2011/11/15 14:57:33 | 000,517,725 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Convention .pdf
[2011/11/14 08:04:23 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/10 13:47:14 | 004,289,249 | R--- | M] (Swearware) -- I:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/10 13:39:17 | 000,676,536 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\sreng2.zip
[2011/11/10 13:28:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/11/08 14:40:28 | 100,595,488 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_11_09_01_52.exe
[2011/11/08 12:53:11 | 000,036,548 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\VAN FREE STYLE CLUB - Online Group Purchase Instructions[1].pdf
[2011/11/08 10:47:20 | 000,311,912 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/11/08 10:47:20 | 000,040,108 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/10/31 14:34:31 | 001,324,940 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\netstumblerinstaller_0_4_0.exe
[2011/10/27 12:09:02 | 000,051,596 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\image001.jpg
[2011/10/26 11:52:47 | 000,060,794 | ---- | M] () -- I:\Documents and Settings\Administrator\Desktop\Vancouver Freestyle Programs 2011-12.pdf
[2011/10/20 07:43:48 | 000,000,000 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml

========== Files Created - No Company Name ==========

[2011/11/18 14:49:13 | 000,464,491 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\RootRepeal.zip
[2011/11/18 13:01:11 | 000,302,592 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\fmf7xn83.exe
[2011/11/18 12:05:57 | 000,001,689 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/11/18 12:01:23 | 061,657,064 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\setup_av_free_cnet.exe
[2011/11/15 14:57:32 | 000,517,725 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\Convention .pdf
[2011/11/10 13:50:10 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2011/11/10 13:50:10 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2011/11/10 13:50:10 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2011/11/10 13:50:10 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2011/11/10 13:50:10 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2011/11/10 13:39:15 | 000,676,536 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\sreng2.zip
[2011/11/08 14:34:21 | 100,595,488 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\setup_11.0.0.1245.x01_2011_11_09_01_52.exe
[2011/11/08 12:53:11 | 000,036,548 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\VAN FREE STYLE CLUB - Online Group Purchase Instructions[1].pdf
[2011/11/08 11:02:28 | 000,001,945 | ---- | C] () -- I:\WINDOWS\epplauncher.mif
[2011/11/08 10:40:46 | 000,018,944 | ---- | C] () -- I:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/11/08 10:40:42 | 000,027,648 | ---- | C] () -- I:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/11/08 10:29:55 | 000,033,280 | ---- | C] () -- I:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/11/08 10:29:51 | 000,363,520 | ---- | C] () -- I:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/11/08 10:25:52 | 000,056,832 | ---- | C] () -- I:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/11/08 10:21:27 | 000,165,888 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/11/08 10:21:22 | 000,093,696 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/11/08 10:21:18 | 000,101,376 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/11/08 10:21:13 | 000,089,088 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/11/08 10:21:09 | 000,083,968 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/11/08 10:17:57 | 000,029,768 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divasu.dll
[2011/11/08 10:17:56 | 000,037,962 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divaprop.dll
[2011/11/08 10:17:55 | 000,006,216 | ---- | C] () -- I:\WINDOWS\System32\dllcache\divaci.dll
[2011/11/08 10:14:53 | 000,026,624 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/11/08 10:14:53 | 000,023,552 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atixbar.sys
[2011/11/08 10:14:52 | 000,019,456 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/11/08 10:14:51 | 000,017,152 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/11/08 10:14:51 | 000,009,472 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/11/08 10:14:50 | 000,026,880 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/11/08 10:14:50 | 000,017,152 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atitunep.sys
[2011/11/08 10:14:49 | 000,049,920 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/11/08 10:14:47 | 000,010,240 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/11/08 10:14:41 | 000,046,464 | ---- | C] () -- I:\WINDOWS\System32\dllcache\atibt829.sys
[2011/10/31 14:34:25 | 001,324,940 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\netstumblerinstaller_0_4_0.exe
[2011/10/27 12:09:02 | 000,051,596 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\image001.jpg
[2011/10/26 11:52:48 | 000,060,794 | ---- | C] () -- I:\Documents and Settings\Administrator\Desktop\Vancouver Freestyle Programs 2011-12.pdf
[2010/12/22 12:05:05 | 000,025,620 | -H-- | C] () -- I:\WINDOWS\System32\mlfcache.dat
[2010/11/05 13:44:40 | 000,000,036 | ---- | C] () -- I:\WINDOWS\wwwbatch.ini
[2010/07/08 15:09:49 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\pdfcmnnt.dll
[2010/04/06 14:33:19 | 000,000,022 | ---- | C] () -- I:\WINDOWS\System32\nvModes.dat
[2010/04/06 14:25:53 | 002,183,470 | ---- | C] () -- I:\WINDOWS\System32\nvdata.bin
[2010/04/06 14:25:53 | 000,212,992 | ---- | C] () -- I:\WINDOWS\System32\nvapi.dll
[2010/04/06 10:45:20 | 000,000,036 | ---- | C] () -- I:\WINDOWS\webica.ini
[2009/12/24 10:00:19 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2009/12/22 09:45:43 | 000,008,875 | ---- | C] () -- I:\WINDOWS\cfgall.ini
[2009/12/22 09:40:10 | 000,156,672 | ---- | C] () -- I:\WINDOWS\System32\RTLCPAPI.dll
[2009/12/22 09:40:09 | 000,040,960 | ---- | C] () -- I:\WINDOWS\System32\ChCfg.exe
[2009/12/22 09:14:13 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2009/12/22 09:09:08 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2009/12/22 01:03:14 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2009/12/22 01:02:01 | 000,119,744 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/22 11:22:00 | 001,662,976 | ---- | C] () -- I:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 001,622,016 | ---- | C] () -- I:\WINDOWS\System32\nwiz.exe
[2006/10/22 11:22:00 | 001,470,464 | ---- | C] () -- I:\WINDOWS\System32\nview.dll
[2006/10/22 11:22:00 | 001,339,392 | ---- | C] () -- I:\WINDOWS\System32\nvdspsch.exe
[2006/10/22 11:22:00 | 001,019,904 | ---- | C] () -- I:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 000,581,632 | ---- | C] () -- I:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 000,466,944 | ---- | C] () -- I:\WINDOWS\System32\nvshell.dll
[2006/10/22 11:22:00 | 000,442,368 | ---- | C] () -- I:\WINDOWS\System32\nvappbar.exe
[2006/10/22 11:22:00 | 000,425,984 | ---- | C] () -- I:\WINDOWS\System32\keystone.exe
[2006/10/22 11:22:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2005/03/21 15:48:05 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2005/03/21 15:48:05 | 000,004,627 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2004/08/04 02:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2004/08/04 02:00:00 | 000,311,912 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2004/08/04 02:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2004/08/04 02:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2004/08/04 02:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2004/08/04 02:00:00 | 000,040,108 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2004/08/04 02:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2004/08/04 02:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2004/08/04 02:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\dcache.bin
[2004/08/04 02:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/22 01:01:16 | 000,000,210 | ---- | M] () -- I:\Boot.bak
[2010/09/08 09:32:48 | 000,000,327 | RHS- | M] () -- I:\boot.ini
[2004/08/03 22:00:04 | 000,260,272 | RHS- | M] () -- I:\cmldr
[2011/11/10 13:55:44 | 000,011,459 | ---- | M] () -- I:\ComboFix.txt
[2010/08/12 08:32:15 | 000,000,109 | ---- | M] () -- I:\mbam-error.txt
[2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2009/12/22 09:53:57 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2011/11/18 14:55:50 | 2013,265,920 | -HS- | M] () -- I:\pagefile.sys
[2010/09/08 10:24:10 | 000,034,014 | ---- | M] () -- I:\TDSSKiller.2.4.2.1_08.09.2010_11.22.40_log.txt
[2011/04/11 13:11:47 | 000,036,064 | ---- | M] () -- I:\TDSSKiller.2.4.21.0_11.04.2011_14.11.31_log.txt
[2011/11/18 09:45:46 | 000,044,802 | ---- | M] () -- I:\TDSSKiller.2.6.19.0_18.11.2011_09.45.15_log.txt
[2010/09/10 08:16:06 | 000,012,515 | ---- | M] () -- I:\VEW.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/12/22 09:11:31 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp5r1.DLL
[2010/07/09 07:31:14 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 13:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- I:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/12/22 01:01:16 | 000,094,208 | ---- | M] () -- I:\WINDOWS\System32\config\default.sav
[2009/12/22 01:01:16 | 000,659,456 | ---- | M] () -- I:\WINDOWS\System32\config\software.sav
[2009/12/22 01:01:16 | 000,921,600 | ---- | M] () -- I:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/22 10:00:16 | 000,000,272 | -HS- | M] () -- I:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 10:00:27


< MD5 for: BEEP.SYS >
[2004/08/04 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- I:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- I:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 02:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- I:\WINDOWS\system32\drivers\beep.sys

< MD5 for: MSWSOCK.DLL >
[2004/08/04 02:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- I:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 09:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- I:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 09:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- I:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 09:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- I:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- I:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/14 05:42:02 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- I:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 09:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- I:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2008/04/14 05:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- I:\WINDOWS\ServicePackFiles\i386\netcfgx.dll
[2008/04/14 05:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- I:\WINDOWS\system32\dllcache\netcfgx.dll
[2008/04/14 05:42:02 | 000,622,592 | ---- | M] (Microsoft Corporation) MD5=37A62C6092AADD2EFDE0468DD8818E99 -- I:\WINDOWS\system32\netcfgx.dll
[2004/08/04 02:00:00 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=E3AE8DC04643850D2DFD431443558B28 -- I:\WINDOWS\$NtServicePackUninstall$\netcfgx.dll

< MD5 for: NETMAN.DLL >
[2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- I:\WINDOWS\ERDNT\cache\netman.dll
[2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- I:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- I:\WINDOWS\system32\dllcache\netman.dll
[2008/04/14 05:42:02 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- I:\WINDOWS\system32\netman.dll
[2004/08/04 02:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- I:\WINDOWS\$NtServicePackUninstall$\netman.dll

< MD5 for: NETSHELL.DLL >
[2008/04/14 05:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- I:\WINDOWS\ServicePackFiles\i386\netshell.dll
[2008/04/14 05:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- I:\WINDOWS\system32\dllcache\netshell.dll
[2008/04/14 05:42:04 | 001,703,936 | ---- | M] (Microsoft Corporation) MD5=062F837C1FBDB6A0A75F82EFC2EE8E74 -- I:\WINDOWS\system32\netshell.dll
[2004/08/04 02:00:00 | 001,708,032 | ---- | M] (Microsoft Corporation) MD5=BF52A4D4EB4CFB3109667E429B93E21A -- I:\WINDOWS\$NtServicePackUninstall$\netshell.dll

< MD5 for: WUAUSERV.DLL >
[2004/08/04 02:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- I:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- I:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- I:\WINDOWS\system32\dllcache\wuauserv.dll
[2008/04/14 05:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- I:\WINDOWS\system32\wuauserv.dll

< mdnsNSP.dll >

< End of report >
  • 0

#15
drunkducki

drunkducki

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL Extras logfile created on: 2011/11/18 2:58:04 PM - Run 9
OTL by OldTimer - Version 3.2.31.0 Folder = I:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy/M/d

1.75 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 36.46% Memory free
3.47 Gb Paging File | 2.38 Gb Available in Paging File | 68.51% Paging File free
Paging file location(s): I:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive I: | 298.01 Gb Total Space | 118.15 Gb Free Space | 39.65% Space Free | Partition Type: NTFS

Computer Name: HARBOURSIDEXPS | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- I:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- I:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- I:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- I:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- I:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- I:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- I:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- I:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- I:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- I:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "I:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "I:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "I:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "I:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "I:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe I:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "I:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = I:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF1D5FEC-D67C-43C8-9230-41F5DF350196}" = MetaFrame Presentation Server Client
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Revo Uninstaller" = Revo Uninstaller 1.87
"SystemRequirementsLab" = System Requirements Lab
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 2011/11/18 6:56:16 PM | Computer Name = HARBOURSIDEXPS | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126


< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP