Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PLEASE HELP! VIRUS!


  • Please log in to reply

#1
DANfour20

DANfour20

    Member

  • Member
  • PipPip
  • 10 posts
Hello All,

Well I recently have become a member as I can find no alternative solution.

I had Windows XP on my computer about 2 years ago and i got rid because it kept playing up for me, I resorted to Linux and although it is a little hard to get to grips with at first I got the hang of it and never went back to windows.

But now i need to use windows again, I formatted and reinstalled windows XP I think i have sp1 on it aswell, and when i went to get the rest of the updates the Microsoft websites will not open nor will any anti-virus sites however everything else is easily accessible Google, yahoo etc..

So i must have a virus???

I got malware bytes from Cnet and scanned, It found one problem which i removed, but still no sites??
I tried rebooting into safe mode and scanning with malware bytes and it didn't find anything, so i rebooted and i still cannot access these sites?

I'm guessing that I must have had this virus for 2 years laying dormant waiting for me to reinstall windows :(.

Well thats all i have to say about this issue for now, any help in removing this once and for all would be so so so greatly appreciated.

Thank you,
Dan.

I just ran OTL and here are the results: -

OTL logfile created on: 07/09/2012 21:49:17 - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 85.77% Memory free
4.84 Gb Paging File | 4.43 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 70.43 Gb Free Space | 94.54% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANFOUR20 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/07 21:30:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\My Documents\Downloads\OTL.exe
PRC - [2012/09/07 21:01:18 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012/09/07 19:08:00 | 000,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/03/24 16:13:24 | 002,334,720 | ---- | M] () -- C:\Program Files\S2 Mobile Modem\S2 Mobile Modem.exe
PRC - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2002/09/03 17:32:50 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 20:54:05 | 009,813,704 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2009/03/24 16:13:24 | 002,334,720 | ---- | M] () -- C:\Program Files\S2 Mobile Modem\S2 Mobile Modem.exe
MOD - [2002/09/03 17:53:27 | 001,142,784 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2002/09/03 17:44:19 | 000,011,264 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2002/09/03 17:30:38 | 000,051,712 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2005/03/08 19:46:12 | 000,061,440 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2002/09/03 17:45:54 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
SRV - [2002/09/03 17:39:08 | 001,269,760 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\xmcrpjq.dll -- (aqyhj)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,020,552 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2008/07/23 15:18:36 | 000,103,680 | R--- | M] (AMOI Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S2usbser.sys -- (S2usbser)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/04/24 15:21:50 | 000,006,025 | R--- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:06:57 | 000,000,000 | ---D | M]

[2012/09/07 19:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2012/09/07 19:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\nncbvyfl.default\extensions
[2012/09/07 19:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/09/03 17:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46D2FEA-8DC9-4F7C-979B-E150380FD988}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/07 15:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/23 15:18:44 | 000,172,032 | R--- | M] () - E:\AutoInstall.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/23 15:18:44 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5267e848-f8fd-11e1-a794-e4560190c7b4}\Shell - "" = AutoRun
O33 - MountPoints2\{5267e848-f8fd-11e1-a794-e4560190c7b4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5267e848-f8fd-11e1-a794-e4560190c7b4}\Shell\AutoRun\command - "" = E:\AutoInstall.exe -- [2008/07/23 15:18:44 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/07 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Opera
[2012/09/07 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Opera
[2012/09/07 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/09/07 20:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Macromedia
[2012/09/07 20:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Adobe
[2012/09/07 19:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2012/09/07 19:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/07 19:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/07 19:56:31 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/07 19:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/07 19:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Downloads
[2012/09/07 19:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla
[2012/09/07 19:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2012/09/07 19:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\PROGRAMS
[2012/09/07 19:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\FileZilla FTP Client
[2012/09/07 19:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/09/07 19:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/09/07 19:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/09/07 19:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012/09/07 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/09/07 19:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Winamp
[2012/09/07 19:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/09/07 19:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\uTorrent
[2012/09/07 19:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/09/07 19:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 18:53:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/09/07 18:48:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/07 18:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory
[2012/09/07 18:47:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/09/07 18:47:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/09/07 18:47:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/09/07 18:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\MSN6
[2012/09/07 18:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2012/09/07 18:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\DRIVERS
[2012/09/07 18:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/09/07 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/09/07 18:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/09/07 18:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/09/07 18:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2012/09/07 18:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/09/07 18:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2012/09/07 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/09/07 18:00:56 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/09/07 17:00:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/07 16:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Downloads
[2012/09/07 16:31:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/09/07 16:23:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\UserData
[2012/09/07 16:10:22 | 000,103,680 | R--- | C] (AMOI Incorporated) -- C:\WINDOWS\System32\drivers\S2usbser.sys
[2012/09/07 16:10:02 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/09/07 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\S2 Modem & PC Suite
[2012/09/07 16:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\S2 Mobile Modem
[2012/09/07 16:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/09/07 16:09:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/09/07 16:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/07 16:04:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/09/07 16:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Identities
[2012/09/07 16:04:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Music
[2012/09/07 16:04:30 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/09/07 16:04:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Pictures
[2012/09/07 16:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft
[2012/09/07 16:04:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Application Data\Microsoft
[2012/09/07 16:04:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Cookies
[2012/09/07 16:04:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\SendTo
[2012/09/07 16:04:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2012/09/07 16:04:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Application Data
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Favorites
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Accessories
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Templates
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\PrintHood
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\NetHood
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Local Settings
[2012/09/07 16:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop
[2012/09/07 16:01:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/07 16:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/09/07 16:01:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/09/07 16:01:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/09/07 16:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/09/07 16:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/09/07 15:58:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/09/07 15:58:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/09/07 15:58:32 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/09/07 15:57:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/09/07 15:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/09/07 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/09/07 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/09/07 15:57:23 | 000,000,000 | ---D | C] -- C:\DELL
[2012/09/07 15:56:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/09/07 15:56:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/09/07 15:56:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/09/07 15:56:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/09/07 15:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/09/07 15:55:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/09/07 15:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/09/07 15:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/09/07 15:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/09/07 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/09/07 15:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2012/09/07 15:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/09/07 15:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/09/07 15:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/09/07 15:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/09/07 15:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/07 15:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/09/07 15:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/09/07 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/09/07 15:54:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/09/07 15:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/09/07 15:53:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/09/07 15:53:46 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/09/07 15:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/09/07 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/09/07 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/09/07 15:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/09/07 15:53:28 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/09/07 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/09/07 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/09/07 15:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/09/07 15:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/09/07 15:52:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/09/07 15:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/09/07 15:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/09/07 15:45:32 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/09/07 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/09/07 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/09/07 15:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/09/07 15:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/09/07 15:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/09/07 15:45:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/09/07 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/09/07 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/09/07 15:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/09/07 15:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/09/07 15:44:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/09/07 15:44:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/09/07 15:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/09/07 15:34:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/09/07 15:34:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/09/07 15:34:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/09/07 15:34:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/07 21:01:21 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/09/07 21:01:21 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/09/07 20:35:27 | 000,000,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/09/07 20:35:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/07 19:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/09/07 19:09:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/07 19:08:00 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/07 19:06:59 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 19:06:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/07 18:48:42 | 000,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/07 18:48:42 | 000,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/07 18:28:21 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 18:04:49 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_OPT_GX620.MRK
[2012/09/07 18:04:49 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_GX620.MRK
[2012/09/07 16:32:01 | 000,091,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/07 16:04:43 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 16:04:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/07 16:04:38 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/07 16:04:37 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/09/07 16:04:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/07 15:59:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/07 15:58:55 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/07 15:57:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/07 15:57:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/09/07 15:57:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/09/07 15:57:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/07 15:57:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/07 15:57:18 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2012/09/07 15:57:10 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/07 15:54:13 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/07 15:51:58 | 000,000,194 | -HS- | M] () -- C:\boot.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/07 21:01:21 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/09/07 21:01:21 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/09/07 21:01:20 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/09/07 19:11:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/09/07 19:09:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/07 19:08:00 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/07 19:06:59 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 19:06:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/07 18:34:39 | 000,000,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/09/07 18:07:59 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/09/07 18:07:59 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/09/07 18:07:59 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/09/07 18:07:59 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/09/07 18:04:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_OPT_GX620.MRK
[2012/09/07 18:04:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_GX620.MRK
[2012/09/07 16:04:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/07 16:04:37 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Outlook Express.lnk
[2012/09/07 16:04:35 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/09/07 16:04:30 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/07 16:04:30 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Internet Explorer.lnk
[2012/09/07 16:04:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Remote Assistance.lnk
[2012/09/07 16:04:28 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Windows Media Player.lnk
[2012/09/07 15:59:51 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/07 15:58:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/07 15:58:28 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/09/07 15:58:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/09/07 15:58:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/09/07 15:58:13 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/09/07 15:58:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/09/07 15:57:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/09/07 15:57:51 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/09/07 15:57:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/09/07 15:57:42 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/09/07 15:57:20 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/07 15:57:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/09/07 15:57:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/09/07 15:57:19 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/09/07 15:57:19 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/07 15:57:19 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/07 15:57:18 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2012/09/07 15:56:22 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/09/07 15:55:31 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/09/07 15:55:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/09/07 15:55:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/09/07 15:55:17 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/09/07 15:54:40 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/09/07 15:54:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/07 15:53:47 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/09/07 15:53:45 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2012/09/07 15:53:11 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/09/07 15:53:11 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/09/07 15:53:11 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/09/07 15:53:11 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/09/07 15:53:11 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/09/07 15:53:10 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/09/07 15:53:10 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/09/07 15:53:10 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/09/07 15:53:10 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/09/07 15:53:10 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/09/07 15:53:10 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/09/07 15:53:06 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/09/07 15:53:05 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/09/07 15:53:03 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/09/07 15:52:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/09/07 15:45:41 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 15:45:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/07 15:45:35 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/09/07 15:45:35 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/09/07 15:45:34 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/09/07 15:45:33 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/09/07 15:45:08 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/09/07 15:45:01 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/09/07 15:45:01 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/09/07 15:45:01 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/09/07 15:45:00 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/09/07 15:45:00 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2012/09/07 15:45:00 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/09/07 15:45:00 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2012/09/07 15:45:00 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2012/09/07 15:45:00 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2012/09/07 15:45:00 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/09/07 15:45:00 | 000,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/09/07 15:45:00 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2012/09/07 15:45:00 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2012/09/07 15:45:00 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2012/09/07 15:45:00 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/09/07 15:45:00 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/09/07 15:45:00 | 000,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/09/07 15:44:59 | 002,049,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/09/07 15:44:59 | 000,342,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/09/07 15:44:14 | 000,091,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/07 15:42:57 | 000,000,194 | -HS- | C] () -- C:\boot.ini
[2012/09/07 15:42:55 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2012/09/07 21:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Opera
[2012/09/07 21:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\uTorrent

========== Purity Check ==========



< End of report >


And the Extras : -

OTL Extras logfile created on: 07/09/2012 21:49:17 - Run 1
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Dan\My Documents\Downloads
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.56 Gb Available Physical Memory | 85.77% Memory free
4.84 Gb Paging File | 4.43 Gb Available in Paging File | 91.50% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 70.43 Gb Free Space | 94.54% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANFOUR20 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058B32E2-6310-4359-B2D4-1988390C3B83}" = Broadcom Advanced Control Suite
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"525B631E25DA7D8F03CAFCB6E66A95DA0F0B57CB" = Windows Driver Package - Amoi Incorporated (S2usbser) Ports (01/01/2007 2.0.5.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EB8470242F68F946AB0A751A9E60217725DCA27F" = Windows Driver Package - Amoi Incorporated (S2usbser) Modem (01/01/2007 2.0.5.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Opera 12.02.1578" = Opera 12.02
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.0.1
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2012 13:48:20 | Computer Name = DANFOUR20 | Source = ASP.NET 1.0.3705.0 | ID = 1031
Description =

Error - 07/09/2012 13:57:59 | Computer Name = DANFOUR20 | Source = Broadcom ASF IP Monitor | ID = 0
Description = !ERROR 53 Refreshing BMAPI data

Error - 07/09/2012 14:51:25 | Computer Name = DANFOUR20 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 07/09/2012 14:51:25 | Computer Name = DANFOUR20 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 07/09/2012 14:51:31 | Computer Name = DANFOUR20 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070006 from line 130 of d:\nt\com\com1x\src\events\tier2\service.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 07/09/2012 15:28:12 | Computer Name = DANFOUR20 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 07/09/2012 15:28:12 | Computer Name = DANFOUR20 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 07/09/2012 15:46:48 | Computer Name = DANFOUR20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a6eb5.

Error - 07/09/2012 15:46:59 | Computer Name = DANFOUR20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a6eb5.

Error - 07/09/2012 15:47:10 | Computer Name = DANFOUR20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a6eb5.

[ System Events ]
Error - 07/09/2012 15:28:35 | Computer Name = DANFOUR20 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/09/2012 15:29:55 | Computer Name = DANFOUR20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips Processor

Error - 07/09/2012 15:34:55 | Computer Name = DANFOUR20 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/09/2012 15:35:27 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 07/09/2012 15:35:27 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 07/09/2012 15:36:23 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 07/09/2012 15:36:23 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 07/09/2012 15:36:23 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 07/09/2012 15:36:23 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 07/09/2012 15:37:12 | Computer Name = DANFOUR20 | Source = Service Control Manager | ID = 7023
Description = The Installer Security service terminated with the following error:
%%1114


< End of report >


Thank you for your time guys.

Edited by DANfour20, 07 September 2012 - 02:56 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
This would appear to be your virus:

SRV - [2002/09/03 17:39:08 | 001,269,760 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\xmcrpjq.dll -- (aqyhj)

Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - [2002/09/03 17:39:08 | 001,269,760 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\xmcrpjq.dll -- (aqyhj)

:files
sc config aqyhj start= disabled /c
sc delete aqyhj /c
C:\WINDOWS\system32\xmcrpjq.dll

:Commands
[EMPTYTEMP]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Now is not the time to have utorrent installed so please uninstall it.

You also have something wrong with your network configuration.

Error - 07/09/2012 15:35:27 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


Why are you trying to use NAT? Turn it off:
http://www.udel.edu/.../roguedhcp.html


Normally what happens when you reinstall windows from an old CD is that it gets infected very quickly as it does not have the latest security patches. The best way to avoid this is to install the free version of Online Armor http://www.online-armor.com/ immediately (preferably a previously downloaded and burnt to a CD version) after installing the operating system. It would also not hurt to install the free Avast anti-virus the same way. http://www.avast.com...virus-download. Then go straight to Microsoft updates and spend the rest of the day downloading service packs and security patches. Note for AMD systems:

If this is an AMD CPU then you need to get KB953356:
http://www.microsoft...ang=en&id=23751
and install it before installing SP3. I would expect they would offer you this before SP3 so this is just in case they don't.


Ron
  • 1

#3
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello Ron,

First of all let me take the time to thank you for helping me out with this, I can't begin to tell you the amount of annoyance that this is causing me.

I am about to do the OTL things after i write this.

I have/had internet connection sharing enabled because i wanted to use my ps3 online (how should i do it, I had ps3 wired to pc via rj45 and the internet shared. I don't have wireless)

as for the network settings i have no idea? any suggestions?

Thank you again Ron.

Daniel.
  • 0

#4
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
All processes killed
========== OTL ==========
Service aqyhj stopped successfully!
Service aqyhj deleted successfully!
File move failed. C:\WINDOWS\system32\xmcrpjq.dll scheduled to be moved on reboot.
========== FILES ==========
< sc config aqyhj start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Dan\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Dan\My Documents\Downloads\cmd.txt deleted successfully.
< sc delete aqyhj /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Documents and Settings\Dan\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Dan\My Documents\Downloads\cmd.txt deleted successfully.
File move failed. C:\WINDOWS\system32\xmcrpjq.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dan
->Temp folder emptied: 78646848 bytes
->Temporary Internet Files folder emptied: 2111139 bytes
->FireFox cache emptied: 47320209 bytes
->Opera cache emptied: 4491619 bytes
->Flash cache emptied: 1358 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1106836 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104829 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 49538 bytes
RecycleBin emptied: 9934 bytes

Total Files Cleaned = 128.00 mb


OTL by OldTimer - Version 3.2.61.1 log created on 09092012_011829

Files\Folders moved on Reboot...
C:\WINDOWS\system32\xmcrpjq.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
First after reboot

OTL logfile created on: 09/09/2012 01:24:50 - Run 2
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Dan\Desktop\PROGRAMS
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 86.10% Memory free
4.84 Gb Paging File | 4.58 Gb Available in Paging File | 94.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.96 Gb Total Space | 21.01 Gb Free Space | 75.14% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANFOUR20 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/08 16:17:07 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
PRC - [2012/09/07 21:30:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\PROGRAMS\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2009/07/15 21:30:39 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/24 16:13:24 | 002,334,720 | ---- | M] () -- C:\Program Files\S2 Mobile Modem\S2 Mobile Modem.exe
PRC - [2002/09/03 17:32:50 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/03 17:29:01 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/08 16:17:07 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
MOD - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
MOD - [2009/03/24 16:13:24 | 002,334,720 | ---- | M] () -- C:\Program Files\S2 Mobile Modem\S2 Mobile Modem.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/08 16:17:07 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2002/09/03 17:45:54 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/08 16:17:08 | 000,027,496 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/07/03 13:46:44 | 000,020,552 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/28 13:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/07/23 15:18:36 | 000,103,680 | R--- | M] (AMOI Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S2usbser.sys -- (S2usbser)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....r=&d=&v=&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 19:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 19:06:57 | 000,000,000 | ---D | M]

[2012/09/07 19:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2012/09/07 19:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\nncbvyfl.default\extensions
[2012/09/07 19:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/08 16:17:05 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2002/09/03 17:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C46D2FEA-8DC9-4F7C-979B-E150380FD988}: NameServer = 217.171.132.1 217.171.132.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll ()
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/07 15:57:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/23 15:18:44 | 000,172,032 | R--- | M] () - E:\AutoInstall.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/23 15:18:44 | 000,000,031 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5267e847-f8fd-11e1-a794-e4560190c7b4}\Shell - "" = AutoRun
O33 - MountPoints2\{5267e847-f8fd-11e1-a794-e4560190c7b4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5267e847-f8fd-11e1-a794-e4560190c7b4}\Shell\AutoRun\command - "" = E:\AutoInstall.exe -- [2008/07/23 15:18:44 | 000,172,032 | R--- | M] ()
O33 - MountPoints2\{e5eb5c5e-fa0e-11e1-80fd-00137291fe88}\Shell - "" = AutoRun
O33 - MountPoints2\{e5eb5c5e-fa0e-11e1-80fd-00137291fe88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e5eb5c5e-fa0e-11e1-80fd-00137291fe88}\Shell\AutoRun\command - "" = E:\AutoInstall.exe -- [2008/07/23 15:18:44 | 000,172,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 01:18:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/08 16:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\WinRAR
[2012/09/08 16:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\WinRAR
[2012/09/08 16:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/09/08 16:18:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/09/08 16:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/09/08 16:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/09/08 16:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/08 16:17:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/08 16:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012/09/08 16:09:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Birdstep Technology
[2012/09/08 16:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Birdstep Technology
[2012/09/08 16:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2012/09/08 16:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\3 Mobile Broadband
[2012/09/08 16:09:06 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys
[2012/09/08 16:09:06 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys
[2012/09/08 16:09:06 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys
[2012/09/08 16:09:06 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\massfilter.sys
[2012/09/08 16:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\ZTE_1.2059.0.8
[2012/09/08 16:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/09/07 22:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Live for Speed
[2012/09/07 22:11:05 | 000,000,000 | ---D | C] -- C:\LFS
[2012/09/07 22:05:26 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2012/09/07 22:05:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2012/09/07 22:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/09/07 22:05:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/09/07 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Opera
[2012/09/07 21:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Opera
[2012/09/07 21:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/09/07 20:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Macromedia
[2012/09/07 20:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Adobe
[2012/09/07 20:54:05 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/07 20:54:05 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/07 19:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2012/09/07 19:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/07 19:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/09/07 19:56:31 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/07 19:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/07 19:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\My Documents\Downloads
[2012/09/07 19:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla
[2012/09/07 19:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Mozilla
[2012/09/07 19:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\PROGRAMS
[2012/09/07 19:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\FileZilla FTP Client
[2012/09/07 19:10:05 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/09/07 19:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/09/07 19:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/09/07 19:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012/09/07 19:08:50 | 001,858,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2012/09/07 19:08:50 | 000,670,192 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2012/09/07 19:08:50 | 000,551,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2012/09/07 19:08:50 | 000,436,720 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2012/09/07 19:08:50 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2012/09/07 19:08:50 | 000,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2012/09/07 19:08:50 | 000,096,752 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2012/09/07 19:08:50 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2012/09/07 19:08:50 | 000,066,544 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2012/09/07 19:08:50 | 000,066,032 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2012/09/07 19:08:50 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2012/09/07 19:08:50 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2012/09/07 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/09/07 19:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Winamp
[2012/09/07 19:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/09/07 19:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 18:53:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012/09/07 18:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory
[2012/09/07 18:47:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/09/07 18:47:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/09/07 18:47:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2012/09/07 18:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\MSN6
[2012/09/07 18:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2012/09/07 18:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\DRIVERS
[2012/09/07 18:08:54 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/09/07 18:07:59 | 002,318,336 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2012/09/07 18:07:59 | 001,503,232 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2012/09/07 18:07:59 | 000,956,026 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdd5.dll
[2012/09/07 18:07:59 | 000,524,288 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2012/09/07 18:07:59 | 000,450,560 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2012/09/07 18:07:59 | 000,238,650 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdev5.dll
[2012/09/07 18:07:59 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2012/09/07 18:07:59 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2012/09/07 18:07:59 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2012/09/07 18:07:59 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2012/09/07 18:07:59 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2012/09/07 18:07:59 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2012/09/07 18:07:59 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2012/09/07 18:07:59 | 000,121,467 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmdnt5.dll
[2012/09/07 18:07:59 | 000,114,688 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmudlg.exe
[2012/09/07 18:07:59 | 000,114,688 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2012/09/07 18:07:59 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2012/09/07 18:07:59 | 000,098,304 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2012/09/07 18:07:59 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2012/09/07 18:07:59 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2012/09/07 18:07:59 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2012/09/07 18:07:59 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2012/09/07 18:07:59 | 000,073,728 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2012/09/07 18:07:59 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2012/09/07 18:07:59 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4543.dll
[2012/09/07 18:07:59 | 000,049,152 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrem.dll
[2012/09/07 18:07:59 | 000,045,694 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmrnt5.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTRK.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuTHA.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuSVE.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuRUS.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTG.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPTB.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuPLK.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNOR.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuNLD.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuKOR.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuJPN.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuITA.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHUN.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuHEB.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRC.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFRA.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuFIN.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuESP.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuENG.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuELL.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDEU.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuDAN.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCSY.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHT.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuCHS.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARB.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\ialmuARA.dll
[2012/09/07 18:07:59 | 000,040,960 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2012/09/07 18:06:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2012/09/07 18:06:17 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2012/09/07 18:05:40 | 000,086,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2012/09/07 18:05:40 | 000,023,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2012/09/07 18:05:40 | 000,023,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciidex.sys
[2012/09/07 18:05:40 | 000,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2012/09/07 18:05:36 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pci.sys
[2012/09/07 18:05:32 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapnp.sys
[2012/09/07 18:05:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/09/07 18:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/09/07 18:05:23 | 000,131,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2012/09/07 18:05:23 | 000,131,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ks.sys
[2012/09/07 18:05:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2012/09/07 18:05:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2012/09/07 18:05:22 | 000,134,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2012/09/07 18:05:22 | 000,134,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2012/09/07 18:05:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2012/09/07 18:05:22 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2012/09/07 18:05:22 | 000,044,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2012/09/07 18:05:22 | 000,044,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stream.sys
[2012/09/07 18:05:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2012/09/07 18:05:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2012/09/07 18:04:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/09/07 18:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2012/09/07 18:04:06 | 000,132,608 | R--- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2012/09/07 18:04:06 | 000,132,608 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2012/09/07 18:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/09/07 18:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2012/09/07 18:02:22 | 002,289,664 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgicd.dll
[2012/09/07 18:02:22 | 000,512,000 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ialmgdev.dll
[2012/09/07 18:02:22 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2012/09/07 18:02:22 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2012/09/07 18:02:22 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2012/09/07 18:02:22 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2012/09/07 18:02:22 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2012/09/07 18:02:22 | 000,143,360 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2012/09/07 18:02:22 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2012/09/07 18:02:22 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2012/09/07 18:02:22 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2012/09/07 18:02:22 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2012/09/07 18:02:22 | 000,139,264 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2012/09/07 18:02:22 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2012/09/07 18:02:22 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2012/09/07 18:02:22 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2012/09/07 18:02:22 | 000,122,880 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2012/09/07 18:02:22 | 000,061,440 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iAlmCoIn_v4299.dll
[2012/09/07 18:01:23 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2012/09/07 18:01:22 | 000,077,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2012/09/07 18:01:22 | 000,050,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2012/09/07 18:01:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2012/09/07 18:01:20 | 000,142,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2012/09/07 18:01:19 | 000,159,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2012/09/07 18:01:19 | 000,002,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2012/09/07 18:01:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2012/09/07 18:01:05 | 000,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2012/09/07 18:01:04 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2012/09/07 18:01:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2012/09/07 18:00:57 | 000,991,232 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\virtear.dll
[2012/09/07 18:00:57 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\Audio3d.dll
[2012/09/07 18:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\VirtualEar
[2012/09/07 18:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/09/07 18:00:56 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2012/09/07 18:00:56 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/09/07 17:07:03 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll
[2012/09/07 17:07:03 | 000,732,928 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\senfilt.sys
[2012/09/07 17:07:03 | 000,311,296 | ---- | C] (Analog Devices Incorporated) -- C:\WINDOWS\System32\Edcrypt.dll
[2012/09/07 17:07:03 | 000,023,040 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\PostProc.dll
[2012/09/07 17:00:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/07 16:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop\Other Downloads
[2012/09/07 16:31:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/09/07 16:23:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\UserData
[2012/09/07 16:10:22 | 000,103,680 | R--- | C] (AMOI Incorporated) -- C:\WINDOWS\System32\drivers\S2usbser.sys
[2012/09/07 16:10:02 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/09/07 16:10:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\S2 Modem & PC Suite
[2012/09/07 16:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\S2 Mobile Modem
[2012/09/07 16:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/09/07 16:09:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/09/07 16:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/07 16:09:37 | 000,021,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012/09/07 16:04:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/09/07 16:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Identities
[2012/09/07 16:04:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Music
[2012/09/07 16:04:30 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/09/07 16:04:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents\My Pictures
[2012/09/07 16:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft
[2012/09/07 16:04:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Application Data\Microsoft
[2012/09/07 16:04:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dan\Cookies
[2012/09/07 16:04:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\SendTo
[2012/09/07 16:04:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Recent
[2012/09/07 16:04:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dan\Application Data
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Startup
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\My Documents
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Favorites
[2012/09/07 16:04:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dan\Start Menu\Programs\Accessories
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Templates
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\PrintHood
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\NetHood
[2012/09/07 16:04:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dan\Local Settings
[2012/09/07 16:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Desktop
[2012/09/07 16:01:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/09/07 16:01:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/09/07 16:01:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/09/07 16:01:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/09/07 16:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/09/07 16:01:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/09/07 15:58:45 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/09/07 15:58:44 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/09/07 15:58:44 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/09/07 15:58:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/09/07 15:58:44 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/09/07 15:58:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/09/07 15:58:43 | 000,086,074 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/09/07 15:58:43 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/09/07 15:58:43 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/09/07 15:58:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/09/07 15:58:42 | 000,426,042 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/09/07 15:58:41 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/09/07 15:58:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/09/07 15:58:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/09/07 15:58:40 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/09/07 15:58:40 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/09/07 15:58:40 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/09/07 15:58:40 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/09/07 15:58:40 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/09/07 15:58:39 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/09/07 15:58:39 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/09/07 15:58:39 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/09/07 15:58:38 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/09/07 15:58:37 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/09/07 15:58:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012/09/07 15:58:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012/09/07 15:58:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/09/07 15:58:36 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012/09/07 15:58:36 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012/09/07 15:58:36 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012/09/07 15:58:36 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012/09/07 15:58:36 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012/09/07 15:58:36 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/09/07 15:58:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012/09/07 15:58:35 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/09/07 15:58:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/09/07 15:58:35 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/09/07 15:58:35 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/09/07 15:58:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/09/07 15:58:35 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/09/07 15:58:35 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/09/07 15:58:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/09/07 15:58:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/09/07 15:58:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/09/07 15:58:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/09/07 15:58:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/09/07 15:58:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/09/07 15:58:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll
[2012/09/07 15:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/09/07 15:58:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/09/07 15:58:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/09/07 15:58:34 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/09/07 15:58:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/09/07 15:58:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/09/07 15:58:33 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll
[2012/09/07 15:58:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/09/07 15:58:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/09/07 15:58:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/09/07 15:58:32 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/09/07 15:58:32 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/09/07 15:58:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/09/07 15:58:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll
[2012/09/07 15:58:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/09/07 15:58:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/09/07 15:58:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/09/07 15:58:30 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/09/07 15:58:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/09/07 15:58:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/09/07 15:58:29 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/09/07 15:58:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/09/07 15:58:29 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/09/07 15:58:29 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/09/07 15:58:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/09/07 15:58:29 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/09/07 15:58:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012/09/07 15:58:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012/09/07 15:58:27 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/09/07 15:58:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/09/07 15:58:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/09/07 15:58:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/09/07 15:58:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/09/07 15:58:25 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/09/07 15:58:25 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/09/07 15:58:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2012/09/07 15:58:23 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/09/07 15:58:23 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/09/07 15:58:21 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/09/07 15:58:21 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/09/07 15:58:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012/09/07 15:58:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/09/07 15:58:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/09/07 15:58:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012/09/07 15:58:20 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012/09/07 15:58:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/09/07 15:58:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/09/07 15:58:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/09/07 15:58:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/09/07 15:58:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/09/07 15:58:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/09/07 15:58:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012/09/07 15:58:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/09/07 15:58:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/09/07 15:58:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012/09/07 15:58:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/09/07 15:58:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/09/07 15:58:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/09/07 15:58:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/09/07 15:58:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/09/07 15:58:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/09/07 15:58:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012/09/07 15:58:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/09/07 15:58:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/09/07 15:58:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/09/07 15:58:16 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/09/07 15:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012/09/07 15:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012/09/07 15:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/09/07 15:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012/09/07 15:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/09/07 15:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/09/07 15:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/09/07 15:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/09/07 15:58:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/09/07 15:58:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/09/07 15:58:15 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/09/07 15:58:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012/09/07 15:58:14 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/09/07 15:58:14 | 000,274,490 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/09/07 15:58:14 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/09/07 15:58:14 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/09/07 15:58:13 | 000,307,258 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/09/07 15:58:13 | 000,262,201 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/09/07 15:58:13 | 000,233,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/09/07 15:58:13 | 000,208,953 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/09/07 15:58:13 | 000,155,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/09/07 15:58:13 | 000,081,977 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/09/07 15:58:13 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/09/07 15:58:13 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/09/07 15:58:12 | 000,827,438 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/09/07 15:58:12 | 000,716,857 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/09/07 15:58:12 | 000,360,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/09/07 15:58:12 | 000,340,013 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/09/07 15:58:11 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/09/07 15:58:11 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/09/07 15:58:11 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/09/07 15:58:11 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/09/07 15:58:11 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/09/07 15:58:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/09/07 15:58:05 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/09/07 15:57:52 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/09/07 15:57:52 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/09/07 15:57:51 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012/09/07 15:57:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012/09/07 15:57:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012/09/07 15:57:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012/09/07 15:57:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/09/07 15:57:50 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012/09/07 15:57:50 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012/09/07 15:57:50 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012/09/07 15:57:50 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012/09/07 15:57:50 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012/09/07 15:57:50 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/09/07 15:57:50 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012/09/07 15:57:50 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012/09/07 15:57:50 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012/09/07 15:57:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/09/07 15:57:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012/09/07 15:57:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012/09/07 15:57:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012/09/07 15:57:50 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/09/07 15:57:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012/09/07 15:57:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012/09/07 15:57:49 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012/09/07 15:57:49 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/09/07 15:57:49 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012/09/07 15:57:49 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012/09/07 15:57:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/09/07 15:57:48 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2012/09/07 15:57:48 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/09/07 15:57:48 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/09/07 15:57:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/09/07 15:57:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/09/07 15:57:48 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/09/07 15:57:48 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/09/07 15:57:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012/09/07 15:57:47 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/09/07 15:57:47 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/09/07 15:57:47 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/09/07 15:57:47 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/09/07 15:57:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/09/07 15:57:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/09/07 15:57:43 | 000,057,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/09/07 15:57:42 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/09/07 15:57:42 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/09/07 15:57:42 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/09/07 15:57:42 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/09/07 15:57:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/09/07 15:57:41 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/09/07 15:57:40 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/09/07 15:57:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/09/07 15:57:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/09/07 15:57:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/09/07 15:57:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/09/07 15:57:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/09/07 15:57:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/09/07 15:57:38 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2012/09/07 15:57:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/09/07 15:57:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/09/07 15:57:37 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll
[2012/09/07 15:57:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/09/07 15:57:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012/09/07 15:57:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012/09/07 15:57:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012/09/07 15:57:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012/09/07 15:57:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012/09/07 15:57:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012/09/07 15:57:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/09/07 15:57:34 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll
[2012/09/07 15:57:34 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012/09/07 15:57:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012/09/07 15:57:33 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll
[2012/09/07 15:57:33 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012/09/07 15:57:32 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012/09/07 15:57:30 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/09/07 15:57:30 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/09/07 15:57:30 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/09/07 15:57:30 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/09/07 15:57:30 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/09/07 15:57:29 | 000,872,557 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/09/07 15:57:29 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/09/07 15:57:29 | 000,127,034 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/09/07 15:57:29 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/09/07 15:57:29 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/09/07 15:57:29 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/09/07 15:57:29 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/09/07 15:57:29 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/09/07 15:57:29 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/09/07 15:57:29 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/09/07 15:57:28 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/09/07 15:57:28 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/09/07 15:57:28 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/09/07 15:57:28 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/09/07 15:57:28 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/09/07 15:57:26 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/09/07 15:57:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/09/07 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/09/07 15:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/09/07 15:57:23 | 000,000,000 | ---D | C] -- C:\DELL
[2012/09/07 15:57:10 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2012/09/07 15:56:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/09/07 15:56:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/09/07 15:56:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/09/07 15:56:24 | 000,106,562 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2012/09/07 15:56:21 | 003,346,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2012/09/07 15:56:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/09/07 15:55:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2012/09/07 15:55:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2012/09/07 15:55:34 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2012/09/07 15:55:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2012/09/07 15:55:32 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2012/09/07 15:55:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2012/09/07 15:55:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2012/09/07 15:55:32 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2012/09/07 15:55:32 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2012/09/07 15:55:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2012/09/07 15:55:32 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2012/09/07 15:55:31 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2012/09/07 15:55:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2012/09/07 15:55:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2012/09/07 15:55:31 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2012/09/07 15:55:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2012/09/07 15:55:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2012/09/07 15:55:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2012/09/07 15:55:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2012/09/07 15:55:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2012/09/07 15:55:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2012/09/07 15:55:15 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2012/09/07 15:55:15 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2012/09/07 15:55:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2012/09/07 15:55:15 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2012/09/07 15:55:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2012/09/07 15:55:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2012/09/07 15:55:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2012/09/07 15:55:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2012/09/07 15:55:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2012/09/07 15:55:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2012/09/07 15:55:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2012/09/07 15:55:11 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/09/07 15:55:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2012/09/07 15:55:11 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2012/09/07 15:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/09/07 15:55:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2012/09/07 15:55:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2012/09/07 15:55:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2012/09/07 15:55:07 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2012/09/07 15:55:06 | 002,479,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2012/09/07 15:55:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2012/09/07 15:55:05 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2012/09/07 15:55:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/09/07 15:55:04 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2012/09/07 15:55:04 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2012/09/07 15:55:04 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2012/09/07 15:55:04 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2012/09/07 15:55:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2012/09/07 15:55:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2012/09/07 15:55:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2012/09/07 15:55:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2012/09/07 15:55:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2012/09/07 15:55:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2012/09/07 15:55:02 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2012/09/07 15:55:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2012/09/07 15:55:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2012/09/07 15:55:02 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2012/09/07 15:55:02 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2012/09/07 15:55:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2012/09/07 15:55:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2012/09/07 15:55:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2012/09/07 15:55:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2012/09/07 15:55:01 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2012/09/07 15:55:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2012/09/07 15:55:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2012/09/07 15:55:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/09/07 15:55:00 | 000,557,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2012/09/07 15:55:00 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2012/09/07 15:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/09/07 15:54:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2012/09/07 15:54:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2012/09/07 15:54:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2012/09/07 15:54:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2012/09/07 15:54:58 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2012/09/07 15:54:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2012/09/07 15:54:58 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2012/09/07 15:54:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2012/09/07 15:54:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2012/09/07 15:54:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2012/09/07 15:54:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2012/09/07 15:54:53 | 000,798,782 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2012/09/07 15:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/09/07 15:54:52 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/09/07 15:54:51 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll
[2012/09/07 15:54:51 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2012/09/07 15:54:51 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2012/09/07 15:54:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/09/07 15:54:50 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2012/09/07 15:54:50 | 000,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll
[2012/09/07 15:54:50 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2012/09/07 15:54:50 | 000,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll
[2012/09/07 15:54:50 | 000,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll
[2012/09/07 15:54:50 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2012/09/07 15:54:50 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2012/09/07 15:54:49 | 000,806,969 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/09/07 15:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/09/07 15:54:48 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2012/09/07 15:54:48 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2012/09/07 15:54:48 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2012/09/07 15:54:46 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2012/09/07 15:54:46 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2012/09/07 15:54:43 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/09/07 15:54:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2012/09/07 15:54:42 | 000,742,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2012/09/07 15:54:42 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2012/09/07 15:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2012/09/07 15:54:41 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2012/09/07 15:54:41 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2012/09/07 15:54:41 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2012/09/07 15:54:41 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2012/09/07 15:54:41 | 000,069,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2012/09/07 15:54:41 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2012/09/07 15:54:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/09/07 15:54:40 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2012/09/07 15:54:40 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2012/09/07 15:54:40 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2012/09/07 15:54:40 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2012/09/07 15:54:40 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2012/09/07 15:54:40 | 000,008,223 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2012/09/07 15:54:39 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2012/09/07 15:54:39 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2012/09/07 15:54:39 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2012/09/07 15:54:39 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2012/09/07 15:54:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2012/09/07 15:54:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2012/09/07 15:54:39 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2012/09/07 15:54:38 | 000,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2012/09/07 15:54:37 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2012/09/07 15:54:37 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2012/09/07 15:54:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2012/09/07 15:54:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2012/09/07 15:54:36 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2012/09/07 15:54:36 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2012/09/07 15:54:36 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2012/09/07 15:54:36 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2012/09/07 15:54:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2012/09/07 15:54:35 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2012/09/07 15:54:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2012/09/07 15:54:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2012/09/07 15:54:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2012/09/07 15:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/09/07 15:54:31 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2012/09/07 15:54:31 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2012/09/07 15:54:31 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2012/09/07 15:54:31 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2012/09/07 15:54:30 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2012/09/07 15:54:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2012/09/07 15:54:28 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2012/09/07 15:54:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2012/09/07 15:54:28 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2012/09/07 15:54:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2012/09/07 15:54:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2012/09/07 15:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/09/07 15:54:22 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2012/09/07 15:54:21 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2012/09/07 15:54:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2012/09/07 15:54:20 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2012/09/07 15:54:20 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2012/09/07 15:54:20 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2012/09/07 15:54:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2012/09/07 15:54:20 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2012/09/07 15:54:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2012/09/07 15:54:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2012/09/07 15:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2012/09/07 15:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2012/09/07 15:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2012/09/07 15:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2012/09/07 15:54:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2012/09/07 15:54:19 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012/09/07 15:54:19 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2012/09/07 15:54:19 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2012/09/07 15:54:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2012/09/07 15:54:19 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2012/09/07 15:54:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2012/09/07 15:54:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2012/09/07 15:54:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2012/09/07 15:54:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2012/09/07 15:54:19 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2012/09/07 15:54:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2012/09/07 15:54:18 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/09/07 15:54:18 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2012/09/07 15:54:18 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2012/09/07 15:54:18 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2012/09/07 15:54:18 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2012/09/07 15:54:18 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2012/09/07 15:54:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2012/09/07 15:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/09/07 15:54:16 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2012/09/07 15:54:16 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2012/09/07 15:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/09/07 15:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/09/07 15:54:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/09/07 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/09/07 15:54:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/09/07 15:54:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/09/07 15:53:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/09/07 15:53:46 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/09/07 15:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/09/07 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/09/07 15:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/09/07 15:53:36 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2012/09/07 15:53:36 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2012/09/07 15:53:35 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2012/09/07 15:53:34 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2012/09/07 15:53:34 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2012/09/07 15:53:34 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2012/09/07 15:53:34 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2012/09/07 15:53:34 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2012/09/07 15:53:34 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2012/09/07 15:53:33 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2012/09/07 15:53:33 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2012/09/07 15:53:33 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2012/09/07 15:53:33 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2012/09/07 15:53:33 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2012/09/07 15:53:33 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2012/09/07 15:53:32 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2012/09/07 15:53:32 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2012/09/07 15:53:32 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2012/09/07 15:53:32 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2012/09/07 15:53:32 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2012/09/07 15:53:31 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2012/09/07 15:53:31 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2012/09/07 15:53:30 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2012/09/07 15:53:30 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2012/09/07 15:53:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2012/09/07 15:53:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2012/09/07 15:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/09/07 15:53:28 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/09/07 15:53:21 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2012/09/07 15:53:21 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2012/09/07 15:53:21 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2012/09/07 15:53:21 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2012/09/07 15:53:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2012/09/07 15:53:20 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2012/09/07 15:53:20 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2012/09/07 15:53:20 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2012/09/07 15:53:19 | 000,489,984 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2012/09/07 15:53:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2012/09/07 15:53:19 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2012/09/07 15:53:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2012/09/07 15:53:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2012/09/07 15:53:19 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2012/09/07 15:53:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2012/09/07 15:53:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2012/09/07 15:53:19 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2012/09/07 15:53:18 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2012/09/07 15:53:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2012/09/07 15:53:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2012/09/07 15:53:08 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2012/09/07 15:53:08 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2012/09/07 15:53:08 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2012/09/07 15:53:08 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2012/09/07 15:53:08 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2012/09/07 15:53:08 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2012/09/07 15:53:07 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2012/09/07 15:53:07 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2012/09/07 15:53:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2012/09/07 15:53:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2012/09/07 15:53:06 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2012/09/07 15:53:06 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2012/09/07 15:53:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2012/09/07 15:53:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2012/09/07 15:53:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2012/09/07 15:53:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2012/09/07 15:53:06 | 000,020,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2012/09/07 15:53:06 | 000,011,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2012/09/07 15:53:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2012/09/07 15:53:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2012/09/07 15:53:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2012/09/07 15:53:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2012/09/07 15:53:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2012/09/07 15:53:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2012/09/07 15:53:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2012/09/07 15:53:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2012/09/07 15:53:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2012/09/07 15:53:05 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2012/09/07 15:53:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2012/09/07 15:53:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2012/09/07 15:53:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2012/09/07 15:53:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2012/09/07 15:53:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2012/09/07 15:53:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2012/09/07 15:53:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2012/09/07 15:53:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2012/09/07 15:53:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2012/09/07 15:53:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2012/09/07 15:53:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2012/09/07 15:53:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2012/09/07 15:53:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2012/09/07 15:53:05 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2012/09/07 15:53:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2012/09/07 15:53:05 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2012/09/07 15:53:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2012/09/07 15:53:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2012/09/07 15:53:04 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2012/09/07 15:53:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2012/09/07 15:53:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2012/09/07 15:53:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2012/09/07 15:53:04 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2012/09/07 15:53:03 | 000,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2012/09/07 15:53:03 | 000,869,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2012/09/07 15:53:03 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2012/09/07 15:53:03 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2012/09/07 15:53:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2012/09/07 15:53:03 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2012/09/07 15:53:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2012/09/07 15:53:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2012/09/07 15:53:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2012/09/07 15:53:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2012/09/07 15:53:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2012/09/07 15:53:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2012/09/07 15:53:00 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2012/09/07 15:53:00 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2012/09/07 15:53:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2012/09/07 15:53:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2012/09/07 15:53:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2012/09/07 15:53:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2012/09/07 15:53:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2012/09/07 15:53:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2012/09/07 15:53:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2012/09/07 15:53:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2012/09/07 15:53:00 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2012/09/07 15:53:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2012/09/07 15:53:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2012/09/07 15:52:59 | 000,495,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2012/09/07 15:52:59 | 000,495,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2012/09/07 15:52:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2012/09/07 15:52:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2012/09/07 15:52:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2012/09/07 15:52:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2012/09/07 15:52:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2012/09/07 15:52:58 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2012/09/07 15:52:58 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2012/09/07 15:52:58 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2012/09/07 15:52:57 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2012/09/07 15:52:52 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2012/09/07 15:52:52 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2012/09/07 15:52:52 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2012/09/07 15:52:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2012/09/07 15:52:52 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2012/09/07 15:52:52 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2012/09/07 15:52:52 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2012/09/07 15:52:52 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2012/09/07 15:52:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2012/09/07 15:52:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2012/09/07 15:52:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2012/09/07 15:52:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2012/09/07 15:52:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2012/09/07 15:52:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2012/09/07 15:52:51 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2012/09/07 15:52:51 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2012/09/07 15:52:51 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2012/09/07 15:52:51 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2012/09/07 15:52:51 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2012/09/07 15:52:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2012/09/07 15:52:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2012/09/07 15:52:51 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2012/09/07 15:52:51 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2012/09/07 15:52:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2012/09/07 15:52:51 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2012/09/07 15:52:50 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2012/09/07 15:52:50 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2012/09/07 15:52:50 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2012/09/07 15:52:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2012/09/07 15:52:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2012/09/07 15:52:49 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2012/09/07 15:52:49 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2012/09/07 15:52:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2012/09/07 15:52:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2012/09/07 15:52:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2012/09/07 15:52:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2012/09/07 15:52:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2012/09/07 15:52:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2012/09/07 15:52:48 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2012/09/07 15:52:48 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2012/09/07 15:52:37 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2012/09/07 15:52:37 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2012/09/07 15:52:37 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2012/09/07 15:52:37 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2012/09/07 15:52:37 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2012/09/07 15:52:37 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2012/09/07 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/09/07 15:52:36 | 000,534,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2012/09/07 15:52:36 | 000,534,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2012/09/07 15:52:36 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/09/07 15:52:36 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/09/07 15:52:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2012/09/07 15:52:35 | 000,115,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/09/07 15:52:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2012/09/07 15:52:35 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2012/09/07 15:52:34 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2012/09/07 15:52:34 | 000,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2012/09/07 15:52:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2012/09/07 15:52:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2012/09/07 15:52:34 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2012/09/07 15:52:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2012/09/07 15:52:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2012/09/07 15:52:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2012/09/07 15:52:33 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2012/09/07 15:52:33 | 000,075,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2012/09/07 15:52:33 | 000,075,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2012/09/07 15:52:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2012/09/07 15:52:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2012/09/07 15:52:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2012/09/07 15:52:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2012/09/07 15:52:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2012/09/07 15:52:33 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2012/09/07 15:52:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2012/09/07 15:52:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2012/09/07 15:52:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2012/09/07 15:52:32 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2012/09/07 15:52:32 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2012/09/07 15:52:32 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2012/09/07 15:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/09/07 15:52:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/09/07 15:52:31 | 000,582,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2012/09/07 15:52:30 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2012/09/07 15:52:29 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2012/09/07 15:52:29 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2012/09/07 15:52:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2012/09/07 15:52:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2012/09/07 15:52:28 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2012/09/07 15:52:28 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2012/09/07 15:52:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2012/09/07 15:52:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2012/09/07 15:52:28 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2012/09/07 15:52:28 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2012/09/07 15:52:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2012/09/07 15:52:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2012/09/07 15:52:27 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2012/09/07 15:52:27 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2012/09/07 15:52:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2012/09/07 15:52:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2012/09/07 15:52:27 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2012/09/07 15:52:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2012/09/07 15:52:25 | 001,267,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2012/09/07 15:52:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2012/09/07 15:52:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2012/09/07 15:52:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/09/07 15:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/09/07 15:45:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2012/09/07 15:45:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2012/09/07 15:45:34 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2012/09/07 15:45:33 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2012/09/07 15:45:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2012/09/07 15:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/09/07 15:45:32 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2012/09/07 15:45:32 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/09/07 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/09/07 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/09/07 15:45:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2012/09/07 15:45:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2012/09/07 15:45:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2012/09/07 15:45:28 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2012/09/07 15:45:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2012/09/07 15:45:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2012/09/07 15:45:28 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2012/09/07 15:45:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2012/09/07 15:45:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2012/09/07 15:45:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2012/09/07 15:45:26 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2012/09/07 15:45:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2012/09/07 15:45:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2012/09/07 15:45:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2012/09/07 15:45:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2012/09/07 15:45:25 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2012/09/07 15:45:25 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2012/09/07 15:45:21 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2012/09/07 15:45:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2012/09/07 15:45:21 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2012/09/07 15:45:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2012/09/07 15:45:21 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2012/09/07 15:45:21 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2012/09/07 15:45:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2012/09/07 15:45:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2012/09/07 15:45:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2012/09/07 15:45:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2012/09/07 15:45:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2012/09/07 15:45:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2012/09/07 15:45:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2012/09/07 15:45:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2012/09/07 15:45:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2012/09/07 15:45:19 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2012/09/07 15:45:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2012/09/07 15:45:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2012/09/07 15:45:18 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2012/09/07 15:45:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2012/09/07 15:45:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2012/09/07 15:45:18 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2012/09/07 15:45:18 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2012/09/07 15:45:18 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2012/09/07 15:45:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2012/09/07 15:45:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2012/09/07 15:45:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2012/09/07 15:45:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2012/09/07 15:45:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2012/09/07 15:45:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2012/09/07 15:45:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2012/09/07 15:45:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2012/09/07 15:45:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2012/09/07 15:45:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2012/09/07 15:45:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2012/09/07 15:45:15 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2012/09/07 15:45:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2012/09/07 15:45:15 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2012/09/07 15:45:15 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2012/09/07 15:45:15 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2012/09/07 15:45:15 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2012/09/07 15:45:15 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2012/09/07 15:45:15 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2012/09/07 15:45:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2012/09/07 15:45:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2012/09/07 15:45:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2012/09/07 15:45:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2012/09/07 15:45:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2012/09/07 15:45:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2012/09/07 15:45:15 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2012/09/07 15:45:15 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2012/09/07 15:45:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2012/09/07 15:45:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2012/09/07 15:45:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/09/07 15:45:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/09/07 15:45:12 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2012/09/07 15:45:12 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2012/09/07 15:45:12 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2012/09/07 15:45:12 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2012/09/07 15:45:12 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2012/09/07 15:45:11 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2012/09/07 15:45:11 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2012/09/07 15:45:11 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/09/07 15:45:11 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/09/07 15:45:11 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv
[2012/09/07 15:45:11 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2012/09/07 15:45:11 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll
[2012/09/07 15:45:11 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2012/09/07 15:45:11 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv
[2012/09/07 15:45:11 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2012/09/07 15:45:11 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv
[2012/09/07 15:45:11 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2012/09/07 15:45:10 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll
[2012/09/07 15:45:10 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2012/09/07 15:45:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll
[2012/09/07 15:45:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2012/09/07 15:45:10 | 000,068,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmsystem.dll
[2012/09/07 15:45:10 | 000,068,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2012/09/07 15:45:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv
[2012/09/07 15:45:10 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2012/09/07 15:45:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll
[2012/09/07 15:45:10 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2012/09/07 15:45:10 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll
[2012/09/07 15:45:10 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2012/09/07 15:45:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll
[2012/09/07 15:45:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2012/09/07 15:45:10 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv
[2012/09/07 15:45:10 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2012/09/07 15:45:10 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv
[2012/09/07 15:45:10 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2012/09/07 15:45:10 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv
[2012/09/07 15:45:10 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2012/09/07 15:45:10 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk
[2012/09/07 15:45:10 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2012/09/07 15:45:09 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll
[2012/09/07 15:45:09 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2012/09/07 15:45:09 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv
[2012/09/07 15:45:09 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2012/09/07 15:45:09 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll
[2012/09/07 15:45:09 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2012/09/07 15:45:09 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll
[2012/09/07 15:45:09 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2012/09/07 15:45:09 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv
[2012/09/07 15:45:09 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2012/09/07 15:45:09 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll
[2012/09/07 15:45:09 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2012/09/07 15:45:09 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv
[2012/09/07 15:45:09 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2012/09/07 15:45:08 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notepad.exe
[2012/09/07 15:45:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2012/09/07 15:45:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2012/09/07 15:45:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2012/09/07 15:45:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2012/09/07 15:45:07 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2012/09/07 15:45:07 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2012/09/07 15:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/09/07 15:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/09/07 15:45:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/09/07 15:45:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/09/07 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/09/07 15:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/09/07 15:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/09/07 15:44:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/09/07 15:44:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/09/07 15:44:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/09/07 15:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/09/07 15:34:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/09/07 15:34:50 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/09/07 15:34:50 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/09/07 15:34:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/09/07 15:34:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2012/09/09 01:19:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/09 01:09:42 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/09/09 00:54:04 | 000,363,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/09/09 00:54:04 | 000,045,408 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/09/08 16:17:08 | 000,027,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/09/08 16:09:10 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2012/09/08 16:09:10 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/09/07 22:12:03 | 000,000,450 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\LFS.lnk
[2012/09/07 21:01:21 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/09/07 21:01:21 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/09/07 20:54:05 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/09/07 20:54:05 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/07 19:11:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2012/09/07 19:09:00 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/07 19:06:59 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 19:06:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/07 18:45:15 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 18:04:49 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_OPT_GX620.MRK
[2012/09/07 18:04:49 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_GX620.MRK
[2012/09/07 16:32:01 | 000,091,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/07 16:04:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/07 16:04:37 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/09/07 16:04:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/07 15:59:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/07 15:58:55 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/09/07 15:57:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/07 15:57:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/09/07 15:57:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/09/07 15:57:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/07 15:57:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/07 15:57:18 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2012/09/07 15:57:10 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/07 15:54:13 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/07 15:51:58 | 000,000,194 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2012/09/08 16:17:08 | 000,027,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2012/09/08 16:09:10 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\3Connect.lnk
[2012/09/08 16:09:10 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/09/08 16:09:04 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2012/09/07 22:12:03 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\LFS.lnk
[2012/09/07 21:01:21 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/09/07 21:01:21 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/09/07 21:01:20 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/09/07 19:11:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2012/09/07 19:09:00 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/09/07 19:06:59 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 19:06:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/09/07 18:34:39 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/09/07 18:07:59 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2012/09/07 18:07:59 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2012/09/07 18:07:59 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2012/09/07 18:07:59 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2012/09/07 18:04:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_OPT_GX620.MRK
[2012/09/07 18:04:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_GX620.MRK
[2012/09/07 16:04:42 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/07 16:04:28 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Dan\Start Menu\Programs\Remote Assistance.lnk
[2012/09/07 15:59:51 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/09/07 15:58:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/07 15:58:28 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/09/07 15:58:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/09/07 15:58:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/09/07 15:58:13 | 000,196,666 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/09/07 15:58:11 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/09/07 15:57:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/09/07 15:57:51 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/09/07 15:57:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/09/07 15:57:42 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/09/07 15:57:20 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/09/07 15:57:20 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/09/07 15:57:20 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/09/07 15:57:20 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/09/07 15:57:19 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2012/09/07 15:57:19 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/09/07 15:57:19 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/09/07 15:57:18 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2012/09/07 15:56:22 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/09/07 15:55:31 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/09/07 15:55:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/09/07 15:55:27 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/09/07 15:55:17 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/09/07 15:54:40 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/09/07 15:54:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/07 15:53:11 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/09/07 15:53:11 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/09/07 15:53:11 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/09/07 15:53:11 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/09/07 15:53:11 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/09/07 15:53:10 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/09/07 15:53:10 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/09/07 15:53:10 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/09/07 15:53:10 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/09/07 15:53:10 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/09/07 15:53:10 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/09/07 15:53:06 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/09/07 15:53:05 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/09/07 15:53:03 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/09/07 15:52:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/09/07 15:45:41 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/09/07 15:45:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/07 15:45:35 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/09/07 15:45:35 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/09/07 15:45:34 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/09/07 15:45:33 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/09/07 15:45:08 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/09/07 15:45:01 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/09/07 15:45:01 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/09/07 15:45:01 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/09/07 15:45:00 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/09/07 15:45:00 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2012/09/07 15:45:00 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/09/07 15:45:00 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2012/09/07 15:45:00 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2012/09/07 15:45:00 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2012/09/07 15:45:00 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/09/07 15:45:00 | 000,031,405 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/09/07 15:45:00 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2012/09/07 15:45:00 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2012/09/07 15:45:00 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2012/09/07 15:45:00 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/09/07 15:45:00 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/09/07 15:45:00 | 000,010,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/09/07 15:44:59 | 002,049,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/09/07 15:44:59 | 000,342,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/09/07 15:44:14 | 000,091,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/07 15:42:57 | 000,000,194 | -HS- | C] () -- C:\boot.ini
[2012/09/07 15:42:55 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

< End of report >


Extras after reboot


OTL Extras logfile created on: 09/09/2012 01:24:50 - Run 2
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\Dan\Desktop\PROGRAMS
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 86.10% Memory free
4.84 Gb Paging File | 4.58 Gb Available in Paging File | 94.61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.96 Gb Total Space | 21.01 Gb Free Space | 75.14% Space Free | Partition Type: NTFS
Drive E: | 7.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANFOUR20 | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{7C977DE7-EC85-46E1-A7D9-52C04EB52AE6}" = S2 Mobile Modem
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"525B631E25DA7D8F03CAFCB6E66A95DA0F0B57CB" = Windows Driver Package - Amoi Incorporated (S2usbser) Ports (01/01/2007 2.0.5.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"EB8470242F68F946AB0A751A9E60217725DCA27F" = Windows Driver Package - Amoi Incorporated (S2usbser) Modem (01/01/2007 2.0.5.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Opera 12.02.1578" = Opera 12.02
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.0.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2012 14:51:31 | Computer Name = DANFOUR20 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070006 from line 130 of d:\nt\com\com1x\src\events\tier2\service.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 07/09/2012 15:28:12 | Computer Name = DANFOUR20 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 07/09/2012 15:28:12 | Computer Name = DANFOUR20 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 07/09/2012 15:46:48 | Computer Name = DANFOUR20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a6eb5.

Error - 07/09/2012 15:46:59 | Computer Name = DANFOUR20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a6eb5.

Error - 07/09/2012 15:47:10 | Computer Name = DANFOUR20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2800.1106, faulting
module mshtml.dll, version 6.0.2800.1106, fault address 0x000a6eb5.

Error - 08/09/2012 11:12:08 | Computer Name = DANFOUR20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 0x2ee7

Error - 08/09/2012 11:12:08 | Computer Name = DANFOUR20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 0x8ca

Error - 08/09/2012 11:24:19 | Computer Name = DANFOUR20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 0x2ee7

Error - 08/09/2012 11:24:19 | Computer Name = DANFOUR20 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: 0x8ca

[ System Events ]
Error - 08/09/2012 19:56:49 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 08/09/2012 19:56:49 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 08/09/2012 19:56:49 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 08/09/2012 19:56:52 | Computer Name = DANFOUR20 | Source = ipnathlp | ID = 31012
Description = The DNS proxy agent encountered an error while obtaining the local
list of name-resolution servers. Some DNS or WINS servers may be inaccessible to
clients on the local network. The data is the error code.

Error - 08/09/2012 19:56:52 | Computer Name = DANFOUR20 | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 08/09/2012 19:58:24 | Computer Name = DANFOUR20 | Source = Service Control Manager | ID = 7023
Description = The Installer Security service terminated with the following error:
%%1114

Error - 08/09/2012 20:10:12 | Computer Name = DANFOUR20 | Source = DCOM | ID = 10010
Description = The server {D6015EC3-FA16-4813-9CA1-DA204574F5DA} did not register
with DCOM within the required timeout.

Error - 08/09/2012 20:18:29 | Computer Name = DANFOUR20 | Source = Service Control Manager | ID = 7034
Description = The BecHelperService service terminated unexpectedly. It has done
this 1 time(s).

Error - 08/09/2012 20:18:29 | Computer Name = DANFOUR20 | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater12.1.3 service terminated unexpectedly. It has
done this 1 time(s).

Error - 08/09/2012 20:18:29 | Computer Name = DANFOUR20 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).


< End of report >


Thank you.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
See if you can download and run any of the following:


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click aswMBR.exe
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Double click on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe and to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron, Thanks again.

I hope i haven't done something wrong! :confused: :whistling:

After I followed your last instructions my web pages are now working wonderfully
:thumbsup:

So I downloaded SP 3 and have updated it all now.

Does this change anything?
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
It's good news anyway. Keep going back to windows update until you don't get any more updates. Seems like often an update will need an update.

Then install Avast and either make sure the windows firewall is working or install Online Armor.
  • 1

#9
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron,

My system is all up to date now, (with sp3, shall i get sp4?)
I have AVG 2013 free installed (should i get rid of it and install avast?)I also have spy ware blaster and malware bytes.

You said there was a problem with my network??

And should i still follow the instructions in your last step? ( I haven't already as I weren't sure if me updating would cause a problem.)

Thank you

Dan.

Edited by DANfour20, 09 September 2012 - 06:42 AM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
There is no SP4, just about 100 security updates.

You can run through the list of scans and we can see if you have anything else hidden.

If you want to keep AVG you can tho I think Avast is better.
  • 0

Advertisements


#11
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Ron, as always thank you for your time and aid.

Well I've finally finished doing all those instructions, The results are as follows : -

FSS

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT


ComboFix

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

TDSS - 2nd log

01:16:52.0312 3592 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
01:16:54.0312 3592 ============================================================
01:16:54.0312 3592 Current date / time: 2012/09/10 01:16:54.0312
01:16:54.0312 3592 SystemInfo:
01:16:54.0312 3592
01:16:54.0312 3592 OS Version: 5.1.2600 ServicePack: 3.0
01:16:54.0312 3592 Product type: Workstation
01:16:54.0312 3592 ComputerName: DANFOUR20
01:16:54.0312 3592 UserName: Dan
01:16:54.0312 3592 Windows directory: C:\WINDOWS
01:16:54.0312 3592 System windows directory: C:\WINDOWS
01:16:54.0312 3592 Processor architecture: Intel x86
01:16:54.0312 3592 Number of processors: 2
01:16:54.0312 3592 Page size: 0x1000
01:16:54.0312 3592 Boot type: Normal boot
01:16:54.0312 3592 ============================================================
01:16:54.0875 3592 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:16:54.0875 3592 ============================================================
01:16:54.0875 3592 \Device\Harddisk0\DR0:
01:16:54.0875 3592 MBR partitions:
01:16:54.0875 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37ECFAB
01:16:54.0906 3592 ============================================================
01:16:54.0953 3592 C: <-> \Device\Harddisk0\DR0\Partition1
01:16:54.0953 3592 ============================================================
01:16:54.0953 3592 Initialize success
01:16:54.0953 3592 ============================================================
01:17:38.0078 3492 ============================================================
01:17:38.0078 3492 Scan started
01:17:38.0078 3492 Mode: Manual; SigCheck; TDLFS;
01:17:38.0078 3492 ============================================================
01:17:39.0281 3492 ================ Scan system memory ========================
01:17:39.0281 3492 System memory - ok
01:17:39.0281 3492 ================ Scan services =============================
01:17:39.0687 3492 Abiosdsk - ok
01:17:39.0687 3492 abp480n5 - ok
01:17:39.0734 3492 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:17:40.0140 3492 ACPI - ok
01:17:40.0171 3492 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
01:17:40.0296 3492 ACPIEC - ok
01:17:40.0312 3492 adpu160m - ok
01:17:40.0328 3492 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
01:17:40.0468 3492 aec - ok
01:17:40.0500 3492 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
01:17:40.0531 3492 AFD - ok
01:17:40.0531 3492 Aha154x - ok
01:17:40.0546 3492 aic78u2 - ok
01:17:40.0546 3492 aic78xx - ok
01:17:40.0562 3492 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
01:17:40.0687 3492 Alerter - ok
01:17:40.0703 3492 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
01:17:40.0843 3492 ALG - ok
01:17:40.0843 3492 AliIde - ok
01:17:40.0843 3492 amsint - ok
01:17:40.0859 3492 AppMgmt - ok
01:17:40.0859 3492 asc - ok
01:17:40.0859 3492 asc3350p - ok
01:17:40.0875 3492 asc3550 - ok
01:17:41.0109 3492 [ A986FCFDAC587E68478DB51547B90800 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
01:17:41.0125 3492 aspnet_state ( UnsignedFile.Multi.Generic ) - warning
01:17:41.0125 3492 aspnet_state - detected UnsignedFile.Multi.Generic (1)
01:17:41.0140 3492 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:17:41.0281 3492 AsyncMac - ok
01:17:41.0296 3492 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
01:17:41.0421 3492 atapi - ok
01:17:41.0437 3492 Atdisk - ok
01:17:41.0453 3492 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:17:41.0578 3492 Atmarpc - ok
01:17:41.0609 3492 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
01:17:41.0734 3492 AudioSrv - ok
01:17:41.0765 3492 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
01:17:41.0890 3492 audstub - ok
01:17:42.0312 3492 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
01:17:42.0531 3492 AVGIDSAgent - ok
01:17:42.0578 3492 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
01:17:42.0640 3492 AVGIDSDriver - ok
01:17:42.0656 3492 [ 2667A345903A2EA0C1D827F86853E417 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
01:17:42.0671 3492 AVGIDSHX - ok
01:17:42.0703 3492 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
01:17:42.0718 3492 AVGIDSShim - ok
01:17:42.0750 3492 [ F0D3E3192F3B05E3A19C87DFDC320B50 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
01:17:42.0765 3492 Avgldx86 - ok
01:17:42.0796 3492 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
01:17:42.0828 3492 Avglogx - ok
01:17:42.0843 3492 [ 3CDFD206BFE274A304D6373CD9E38F44 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
01:17:42.0859 3492 Avgmfx86 - ok
01:17:42.0875 3492 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
01:17:42.0906 3492 Avgrkx86 - ok
01:17:42.0921 3492 [ B303F5E756C42DB96EA416FD0D2FF519 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
01:17:42.0937 3492 Avgtdix - ok
01:17:42.0968 3492 [ DB22E7062FD88CDD1CC8C99CE59E6B2B ] avgtp C:\WINDOWS\System32\drivers\avgtpx86.sys
01:17:43.0000 3492 avgtp - ok
01:17:43.0046 3492 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
01:17:43.0062 3492 avgwd - ok
01:17:43.0093 3492 [ 241474D01380E9ED41D4C07F4F5FD401 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
01:17:43.0140 3492 b57w2k - ok
01:17:43.0234 3492 [ 553E94AE71D233C14A8C8B4AF9286ED0 ] BecHelperService C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
01:17:43.0296 3492 BecHelperService - ok
01:17:43.0328 3492 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:17:43.0453 3492 Beep - ok
01:17:43.0500 3492 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
01:17:43.0640 3492 BITS - ok
01:17:43.0671 3492 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
01:17:43.0718 3492 Browser - ok
01:17:43.0765 3492 catchme - ok
01:17:43.0781 3492 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
01:17:43.0906 3492 cbidf2k - ok
01:17:43.0906 3492 cd20xrnt - ok
01:17:43.0937 3492 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
01:17:44.0062 3492 Cdaudio - ok
01:17:44.0093 3492 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
01:17:44.0218 3492 Cdfs - ok
01:17:44.0234 3492 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:17:44.0359 3492 Cdrom - ok
01:17:44.0359 3492 Changer - ok
01:17:44.0390 3492 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
01:17:44.0515 3492 CiSvc - ok
01:17:44.0515 3492 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
01:17:44.0640 3492 ClipSrv - ok
01:17:44.0812 3492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:17:44.0828 3492 clr_optimization_v4.0.30319_32 - ok
01:17:44.0843 3492 CmdIde - ok
01:17:44.0843 3492 COMSysApp - ok
01:17:44.0859 3492 Cpqarray - ok
01:17:44.0875 3492 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
01:17:45.0015 3492 CryptSvc - ok
01:17:45.0015 3492 dac2w2k - ok
01:17:45.0031 3492 dac960nt - ok
01:17:45.0062 3492 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:17:45.0109 3492 DcomLaunch - ok
01:17:45.0140 3492 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
01:17:45.0281 3492 Dhcp - ok
01:17:45.0296 3492 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
01:17:45.0421 3492 Disk - ok
01:17:45.0421 3492 dmadmin - ok
01:17:45.0484 3492 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
01:17:45.0656 3492 dmboot - ok
01:17:45.0703 3492 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
01:17:45.0828 3492 dmio - ok
01:17:45.0859 3492 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
01:17:45.0984 3492 dmload - ok
01:17:46.0015 3492 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
01:17:46.0125 3492 dmserver - ok
01:17:46.0140 3492 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
01:17:46.0265 3492 DMusic - ok
01:17:46.0296 3492 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:17:46.0312 3492 Dnscache - ok
01:17:46.0343 3492 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
01:17:46.0468 3492 Dot3svc - ok
01:17:46.0484 3492 dpti2o - ok
01:17:46.0500 3492 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
01:17:46.0625 3492 drmkaud - ok
01:17:46.0656 3492 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
01:17:46.0765 3492 EapHost - ok
01:17:46.0796 3492 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
01:17:46.0921 3492 ERSvc - ok
01:17:46.0953 3492 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
01:17:46.0984 3492 Eventlog - ok
01:17:47.0000 3492 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
01:17:47.0031 3492 EventSystem - ok
01:17:47.0078 3492 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
01:17:47.0203 3492 Fastfat - ok
01:17:47.0234 3492 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:17:47.0281 3492 FastUserSwitchingCompatibility - ok
01:17:47.0296 3492 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
01:17:47.0421 3492 Fdc - ok
01:17:47.0437 3492 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
01:17:47.0578 3492 Fips - ok
01:17:47.0593 3492 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
01:17:47.0734 3492 Flpydisk - ok
01:17:47.0765 3492 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:17:47.0890 3492 FltMgr - ok
01:17:47.0906 3492 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:17:48.0031 3492 Fs_Rec - ok
01:17:48.0046 3492 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:17:48.0171 3492 Ftdisk - ok
01:17:48.0203 3492 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:17:48.0328 3492 Gpc - ok
01:17:48.0375 3492 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:17:48.0500 3492 helpsvc - ok
01:17:48.0515 3492 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
01:17:48.0640 3492 HidServ - ok
01:17:48.0656 3492 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:17:48.0796 3492 hidusb - ok
01:17:48.0828 3492 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
01:17:48.0953 3492 hkmsvc - ok
01:17:48.0968 3492 hpn - ok
01:17:49.0000 3492 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
01:17:49.0031 3492 HTTP - ok
01:17:49.0046 3492 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
01:17:49.0187 3492 HTTPFilter - ok
01:17:49.0187 3492 i2omgmt - ok
01:17:49.0187 3492 i2omp - ok
01:17:49.0218 3492 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
01:17:49.0343 3492 i8042prt - ok
01:17:49.0390 3492 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:17:49.0453 3492 ialm - ok
01:17:49.0484 3492 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
01:17:49.0609 3492 Imapi - ok
01:17:49.0640 3492 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
01:17:49.0781 3492 ImapiService - ok
01:17:49.0796 3492 ini910u - ok
01:17:49.0796 3492 IntelIde - ok
01:17:49.0828 3492 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:17:49.0953 3492 intelppm - ok
01:17:49.0968 3492 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
01:17:50.0093 3492 ip6fw - ok
01:17:50.0125 3492 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:17:50.0250 3492 IpFilterDriver - ok
01:17:50.0265 3492 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:17:50.0390 3492 IpInIp - ok
01:17:50.0406 3492 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:17:50.0546 3492 IpNat - ok
01:17:50.0578 3492 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:17:50.0703 3492 IPSec - ok
01:17:50.0718 3492 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
01:17:50.0843 3492 IRENUM - ok
01:17:50.0859 3492 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:17:50.0984 3492 isapnp - ok
01:17:51.0000 3492 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:17:51.0125 3492 Kbdclass - ok
01:17:51.0156 3492 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:17:51.0281 3492 kbdhid - ok
01:17:51.0296 3492 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
01:17:51.0421 3492 kmixer - ok
01:17:51.0453 3492 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
01:17:51.0500 3492 KSecDD - ok
01:17:51.0531 3492 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
01:17:51.0578 3492 lanmanserver - ok
01:17:51.0609 3492 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:17:51.0656 3492 lanmanworkstation - ok
01:17:51.0656 3492 lbrtfdc - ok
01:17:51.0687 3492 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
01:17:51.0812 3492 LmHosts - ok
01:17:51.0843 3492 [ 09721F2C56681A83C93ECDFAB8B102A9 ] massfilter C:\WINDOWS\system32\drivers\massfilter.sys
01:17:51.0890 3492 massfilter - ok
01:17:51.0921 3492 [ 39A98A51CA887E95CEFBC3ACEB5B619D ] MBAMProtector C:\WINDOWS\System32\drivers\mbam.sys
01:17:51.0953 3492 MBAMProtector - ok
01:17:51.0984 3492 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:17:52.0031 3492 MBAMService - ok
01:17:52.0046 3492 [ 4E10E84320A8EC1C12BD0D00973B22AB ] mdvrmng C:\WINDOWS\system32\drivers\mdvrmng.sys
01:17:52.0062 3492 mdvrmng ( UnsignedFile.Multi.Generic ) - warning
01:17:52.0062 3492 mdvrmng - detected UnsignedFile.Multi.Generic (1)
01:17:52.0078 3492 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
01:17:52.0218 3492 Messenger - ok
01:17:52.0234 3492 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
01:17:52.0359 3492 mnmdd - ok
01:17:52.0390 3492 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
01:17:52.0515 3492 mnmsrvc - ok
01:17:52.0531 3492 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
01:17:52.0671 3492 Modem - ok
01:17:52.0687 3492 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:17:52.0812 3492 Mouclass - ok
01:17:52.0812 3492 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:17:52.0953 3492 mouhid - ok
01:17:52.0968 3492 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
01:17:53.0093 3492 MountMgr - ok
01:17:53.0093 3492 mraid35x - ok
01:17:53.0109 3492 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:17:53.0218 3492 MRxDAV - ok
01:17:53.0250 3492 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:17:53.0296 3492 MRxSmb - ok
01:17:53.0328 3492 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
01:17:53.0468 3492 MSDTC - ok
01:17:53.0468 3492 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:17:53.0609 3492 Msfs - ok
01:17:53.0609 3492 MSIServer - ok
01:17:53.0640 3492 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:17:53.0765 3492 MSKSSRV - ok
01:17:53.0781 3492 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:17:53.0906 3492 MSPCLOCK - ok
01:17:53.0921 3492 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
01:17:54.0046 3492 MSPQM - ok
01:17:54.0062 3492 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:17:54.0187 3492 mssmbios - ok
01:17:54.0218 3492 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
01:17:54.0250 3492 Mup - ok
01:17:54.0281 3492 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
01:17:54.0421 3492 napagent - ok
01:17:54.0437 3492 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
01:17:54.0562 3492 NDIS - ok
01:17:54.0593 3492 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:17:54.0640 3492 NdisTapi - ok
01:17:54.0656 3492 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:17:54.0781 3492 Ndisuio - ok
01:17:54.0796 3492 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:17:54.0937 3492 NdisWan - ok
01:17:54.0968 3492 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
01:17:55.0015 3492 NDProxy - ok
01:17:55.0031 3492 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
01:17:55.0171 3492 NetBIOS - ok
01:17:55.0187 3492 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:17:55.0312 3492 NetBT - ok
01:17:55.0343 3492 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
01:17:55.0453 3492 NetDDE - ok
01:17:55.0468 3492 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
01:17:55.0593 3492 NetDDEdsdm - ok
01:17:55.0609 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:17:55.0734 3492 Netlogon - ok
01:17:55.0781 3492 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
01:17:55.0906 3492 Netman - ok
01:17:55.0921 3492 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
01:17:55.0968 3492 Nla - ok
01:17:55.0984 3492 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:17:56.0109 3492 Npfs - ok
01:17:56.0140 3492 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
01:17:56.0281 3492 Ntfs - ok
01:17:56.0296 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
01:17:56.0421 3492 NtLmSsp - ok
01:17:56.0453 3492 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
01:17:56.0578 3492 NtmsSvc - ok
01:17:56.0593 3492 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
01:17:56.0718 3492 Null - ok
01:17:56.0750 3492 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:17:56.0875 3492 NwlnkFlt - ok
01:17:56.0890 3492 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:17:57.0046 3492 NwlnkFwd - ok
01:17:57.0062 3492 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
01:17:57.0203 3492 Parport - ok
01:17:57.0218 3492 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
01:17:57.0359 3492 PartMgr - ok
01:17:57.0390 3492 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
01:17:57.0515 3492 ParVdm - ok
01:17:57.0515 3492 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
01:17:57.0640 3492 PCI - ok
01:17:57.0656 3492 PCIDump - ok
01:17:57.0656 3492 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
01:17:57.0781 3492 PCIIde - ok
01:17:57.0828 3492 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
01:17:57.0953 3492 Pcmcia - ok
01:17:57.0953 3492 PDCOMP - ok
01:17:57.0953 3492 PDFRAME - ok
01:17:57.0968 3492 PDRELI - ok
01:17:57.0968 3492 PDRFRAME - ok
01:17:57.0984 3492 perc2 - ok
01:17:57.0984 3492 perc2hib - ok
01:17:58.0015 3492 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
01:17:58.0031 3492 PlugPlay - ok
01:17:58.0046 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
01:17:58.0171 3492 PolicyAgent - ok
01:17:58.0187 3492 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:17:58.0328 3492 PptpMiniport - ok
01:17:58.0343 3492 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
01:17:58.0468 3492 Processor - ok
01:17:58.0484 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:17:58.0609 3492 ProtectedStorage - ok
01:17:58.0625 3492 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
01:17:58.0750 3492 PSched - ok
01:17:58.0765 3492 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:17:58.0906 3492 Ptilink - ok
01:17:58.0937 3492 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:17:58.0953 3492 PxHelp20 - ok
01:17:58.0968 3492 ql1080 - ok
01:17:58.0968 3492 Ql10wnt - ok
01:17:58.0968 3492 ql12160 - ok
01:17:58.0984 3492 ql1240 - ok
01:17:58.0984 3492 ql1280 - ok
01:17:59.0000 3492 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:17:59.0125 3492 RasAcd - ok
01:17:59.0156 3492 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:17:59.0281 3492 RasAuto - ok
01:17:59.0281 3492 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:17:59.0421 3492 Rasl2tp - ok
01:17:59.0453 3492 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:17:59.0578 3492 RasMan - ok
01:17:59.0593 3492 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:17:59.0718 3492 RasPppoe - ok
01:17:59.0718 3492 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
01:17:59.0843 3492 Raspti - ok
01:17:59.0875 3492 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:18:00.0000 3492 Rdbss - ok
01:18:00.0015 3492 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:18:00.0140 3492 RDPCDD - ok
01:18:00.0171 3492 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
01:18:00.0218 3492 RDPWD - ok
01:18:00.0250 3492 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
01:18:00.0375 3492 RDSessMgr - ok
01:18:00.0390 3492 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
01:18:00.0515 3492 redbook - ok
01:18:00.0546 3492 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:18:00.0671 3492 RemoteAccess - ok
01:18:00.0703 3492 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
01:18:00.0828 3492 RpcLocator - ok
01:18:00.0843 3492 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
01:18:00.0875 3492 RpcSs - ok
01:18:00.0890 3492 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
01:18:01.0015 3492 RSVP - ok
01:18:01.0046 3492 [ 2F0CAEC1079A0C1A153129A696E449F8 ] S2usbser C:\WINDOWS\system32\DRIVERS\S2usbser.sys
01:18:01.0093 3492 S2usbser - ok
01:18:01.0109 3492 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
01:18:01.0218 3492 SamSs - ok
01:18:01.0265 3492 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
01:18:01.0390 3492 SCardSvr - ok
01:18:01.0421 3492 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:18:01.0562 3492 Schedule - ok
01:18:01.0593 3492 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:18:01.0703 3492 Secdrv - ok
01:18:01.0734 3492 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
01:18:01.0859 3492 seclogon - ok
01:18:01.0906 3492 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
01:18:01.0968 3492 senfilt - ok
01:18:02.0000 3492 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
01:18:02.0140 3492 SENS - ok
01:18:02.0171 3492 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
01:18:02.0296 3492 serenum - ok
01:18:02.0296 3492 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
01:18:02.0421 3492 Serial - ok
01:18:02.0453 3492 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
01:18:02.0578 3492 Sfloppy - ok
01:18:02.0609 3492 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:18:02.0750 3492 SharedAccess - ok
01:18:02.0765 3492 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:18:02.0796 3492 ShellHWDetection - ok
01:18:02.0796 3492 Simbad - ok
01:18:02.0843 3492 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
01:18:02.0875 3492 smwdm - ok
01:18:02.0875 3492 Sparrow - ok
01:18:02.0906 3492 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
01:18:03.0031 3492 splitter - ok
01:18:03.0078 3492 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
01:18:03.0093 3492 Spooler - ok
01:18:03.0109 3492 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
01:18:03.0234 3492 sr - ok
01:18:03.0265 3492 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
01:18:03.0390 3492 srservice - ok
01:18:03.0421 3492 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:18:03.0484 3492 Srv - ok
01:18:03.0500 3492 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:18:03.0640 3492 SSDPSRV - ok
01:18:03.0687 3492 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
01:18:03.0843 3492 stisvc - ok
01:18:03.0875 3492 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
01:18:03.0984 3492 swenum - ok
01:18:04.0000 3492 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
01:18:04.0125 3492 swmidi - ok
01:18:04.0125 3492 SwPrv - ok
01:18:04.0140 3492 symc810 - ok
01:18:04.0140 3492 symc8xx - ok
01:18:04.0156 3492 sym_hi - ok
01:18:04.0156 3492 sym_u3 - ok
01:18:04.0171 3492 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
01:18:04.0312 3492 sysaudio - ok
01:18:04.0343 3492 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
01:18:04.0468 3492 SysmonLog - ok
01:18:04.0484 3492 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:18:04.0625 3492 TapiSrv - ok
01:18:04.0656 3492 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:18:04.0687 3492 Tcpip - ok
01:18:04.0718 3492 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
01:18:04.0828 3492 TDPIPE - ok
01:18:04.0859 3492 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
01:18:04.0984 3492 TDTCP - ok
01:18:04.0984 3492 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
01:18:05.0109 3492 TermDD - ok
01:18:05.0140 3492 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
01:18:05.0281 3492 TermService - ok
01:18:05.0296 3492 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
01:18:05.0312 3492 Themes - ok
01:18:05.0328 3492 TosIde - ok
01:18:05.0359 3492 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
01:18:05.0484 3492 TrkWks - ok
01:18:05.0500 3492 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
01:18:05.0640 3492 Udfs - ok
01:18:05.0640 3492 ultra - ok
01:18:05.0687 3492 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
01:18:05.0828 3492 Update - ok
01:18:05.0859 3492 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
01:18:05.0984 3492 upnphost - ok
01:18:06.0000 3492 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
01:18:06.0140 3492 UPS - ok
01:18:06.0156 3492 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:18:06.0281 3492 usbccgp - ok
01:18:06.0296 3492 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:18:06.0421 3492 usbehci - ok
01:18:06.0453 3492 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:18:06.0578 3492 usbhub - ok
01:18:06.0593 3492 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:18:06.0718 3492 USBSTOR - ok
01:18:06.0734 3492 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:18:06.0859 3492 usbuhci - ok
01:18:06.0875 3492 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
01:18:07.0000 3492 VgaSave - ok
01:18:07.0000 3492 ViaIde - ok
01:18:07.0031 3492 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
01:18:07.0156 3492 VolSnap - ok
01:18:07.0218 3492 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
01:18:07.0359 3492 VSS - ok
01:18:07.0406 3492 [ F98A970D02B35870C8013B43736F7904 ] vToolbarUpdater12.1.3 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
01:18:07.0453 3492 vToolbarUpdater12.1.3 - ok
01:18:07.0500 3492 [ 52591834B0FA3293D35FD407FC230F7D ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
01:18:07.0546 3492 vToolbarUpdater12.2.6 - ok
01:18:07.0562 3492 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
01:18:07.0687 3492 W32Time - ok
01:18:07.0718 3492 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:18:07.0859 3492 Wanarp - ok
01:18:07.0859 3492 WDICA - ok
01:18:07.0890 3492 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
01:18:08.0015 3492 wdmaud - ok
01:18:08.0046 3492 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:18:08.0171 3492 WebClient - ok
01:18:08.0234 3492 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:18:08.0359 3492 winmgmt - ok
01:18:08.0390 3492 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
01:18:08.0421 3492 WmdmPmSN - ok
01:18:08.0453 3492 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:18:08.0578 3492 WmiApSrv - ok
01:18:08.0625 3492 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
01:18:08.0687 3492 WMPNetworkSvc - ok
01:18:08.0796 3492 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:18:08.0843 3492 WPFFontCache_v0400 - ok
01:18:08.0875 3492 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:18:09.0000 3492 WS2IFSL - ok
01:18:09.0031 3492 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
01:18:09.0156 3492 wscsvc - ok
01:18:09.0171 3492 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
01:18:09.0296 3492 wuauserv - ok
01:18:09.0343 3492 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:18:09.0375 3492 WudfPf - ok
01:18:09.0390 3492 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:18:09.0421 3492 WudfRd - ok
01:18:09.0437 3492 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
01:18:09.0468 3492 WudfSvc - ok
01:18:09.0515 3492 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
01:18:09.0640 3492 WZCSVC - ok
01:18:09.0687 3492 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
01:18:09.0796 3492 xmlprov - ok
01:18:09.0828 3492 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbmdm6k C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
01:18:09.0859 3492 ZTEusbmdm6k - ok
01:18:09.0890 3492 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbnmea C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
01:18:09.0921 3492 ZTEusbnmea - ok
01:18:09.0937 3492 [ 616B411BFC0E9F535A436759F19B79D8 ] ZTEusbser6k C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
01:18:09.0968 3492 ZTEusbser6k - ok
01:18:09.0968 3492 ================ Scan global ===============================
01:18:10.0000 3492 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:18:10.0031 3492 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:18:10.0031 3492 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
01:18:10.0046 3492 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:18:10.0062 3492 [Global] - ok
01:18:10.0062 3492 ================ Scan MBR ==================================
01:18:10.0078 3492 [ 10AE9EB13951B8E206480773F877A330 ] \Device\Harddisk0\DR0
01:18:10.0171 3492 \Device\Harddisk0\DR0 - ok
01:18:10.0171 3492 ================ Scan VBR ==================================
01:18:10.0171 3492 [ BF326B9E2F27B279E1EF59B71B14301D ] \Device\Harddisk0\DR0\Partition1
01:18:10.0171 3492 \Device\Harddisk0\DR0\Partition1 - ok
01:18:10.0171 3492 ============================================================
01:18:10.0171 3492 Scan finished
01:18:10.0171 3492 ============================================================
01:18:10.0281 3708 Detected object count: 2
01:18:10.0281 3708 Actual detected object count: 2
01:20:26.0062 3708 aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
01:20:26.0062 3708 aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:20:26.0062 3708 mdvrmng ( UnsignedFile.Multi.Generic ) - skipped by user
01:20:26.0062 3708 mdvrmng ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:20:31.0640 1264 Deinitialize success


aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 23:53:20
-----------------------------
23:53:20.640 OS Version: Windows 5.1.2600 Service Pack 3
23:53:20.640 Number of processors: 2 586 0x40A
23:53:20.640 ComputerName: DANFOUR20 UserName: Dan
23:53:21.078 Initialize success
00:05:12.250 AVAST engine defs: 12090901
00:12:13.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:12:13.828 Disk 0 Vendor: ST3808110AS 3.ADH Size: 76293MB BusType: 3
00:12:13.843 Disk 0 MBR read successfully
00:12:13.843 Disk 0 MBR scan
00:12:13.890 Disk 0 unknown MBR code
00:12:13.890 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 28633 MB offset 63
00:12:13.890 Disk 0 Partition - 00 05 Extended 47659 MB offset 58642430
00:12:13.906 Disk 0 Partition 2 00 82 Linux swap 3059 MB offset 149983232
00:12:13.921 Disk 0 Partition - 00 05 Extended 41538 MB offset 58642431
00:12:13.921 Disk 0 scanning sectors +156248064
00:12:13.984 Disk 0 scanning C:\WINDOWS\system32\drivers
00:12:23.140 Service scanning
00:12:35.250 Modules scanning
00:12:41.609 AVAST engine scan C:\WINDOWS
00:12:46.984 AVAST engine scan C:\WINDOWS\system32
00:14:27.062 AVAST engine scan C:\WINDOWS\system32\drivers
00:14:38.265 AVAST engine scan C:\Documents and Settings\Dan
00:15:01.078 AVAST engine scan C:\Documents and Settings\All Users
00:15:06.875 Scan finished successfully
00:24:26.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dan\Desktop\MBR.dat"
00:24:26.609 The log file has been saved successfully to "C:\Documents and Settings\Dan\Desktop\aswMBR.txt"


MBAM log


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dan :: DANFOUR20 [administrator]

Protection: Disabled

10/09/2012 13:55:16
mbam-log-2012-09-10 (13-55-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175752
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


VEW 1st log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 10/09/2012 14:14:46

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/09/2012 14:04:15
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

Log: 'System' Date/Time: 10/09/2012 14:04:15
Type: error Category: 0
Event: 7006 Source: Service Control Manager
The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/09/2012 14:04:27
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.



VEW 2nd log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 10/09/2012 14:16:30

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

So thats them all.

Take care Ron.

Dan.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Do you have the FSS and Combofix logs? What you posted was the Custom Scan for OTL.
  • 0

#13
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Whoops, I dont know how i managed that, i actually deleted the FSS file, so i ran it again with all the boxes checked.

FSS
Farbar Service Scanner Version: 06-08-2012
Ran by Dan (administrator) on 10-09-2012 at 15:47:53
Running from "C:\Documents and Settings\Dan\Desktop\Other Downloads\Anti Virus"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
WAN connected
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Combofix
ComboFix 12-09-09.02 - Dan 10/09/2012 0:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3062.2455 [GMT 1:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr70.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-09 21:49 . 2012-09-09 21:49 -------- d-----w- C:\fc16b2ec46704d09baf4420efa
2012-09-09 04:09 . 2012-09-09 04:09 -------- d-----w- C:\$AVG
2012-09-09 00:18 . 2012-09-09 00:18 -------- d-----w- C:\_OTL
2012-09-07 21:11 . 2012-09-09 12:03 -------- d-----w- C:\LFS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 03:52 . 2012-08-10 03:52 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-10 03:52 . 2012-08-10 03:52 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-08-10 03:52 . 2012-08-10 03:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52 . 2012-08-10 03:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56 . 2012-08-09 12:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-09 12:56 . 2012-08-09 12:56 54112 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-08-09 12:56 . 2012-08-09 12:56 151520 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58 . 2002-09-03 16:28 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-03 13:40 . 2002-09-03 17:11 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-09 04:10 2045536 ----a-w- c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-09 2045536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-09-09 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2006-03-23 118784]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-09 950368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [09/08/2012 13:56 54112]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 13:56 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10/08/2012 04:52 35168]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13/08/2012 16:40 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [10/08/2012 04:52 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [09/08/2012 13:56 151520]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/08/2012 04:52 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [08/09/2012 16:17 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [20/08/2012 04:52 5751928]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [20/08/2012 04:53 184304]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [08/09/2012 16:09 1737464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [07/09/2012 19:56 655944]
R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [08/09/2012 16:17 830048]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [09/09/2012 05:10 722528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [07/09/2012 19:56 20552]
R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [07/09/2012 16:10 103680]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [08/09/2012 16:09 9216]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
aqyhj
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg....r=&d=&v=&sap=hp
TCP: Interfaces\{C46D2FEA-8DC9-4F7C-979B-E150380FD988}: NameServer = 217.171.132.1 217.171.132.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\nncbvyfl.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 01:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-09-10 01:06:27
ComboFix-quarantined-files.txt 2012-09-10 00:06
.
Pre-Run: 10,153,787,392 bytes free
Post-Run: 10,291,400,704 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 10A6201A4F4A4C042F1F381047D3D50D

Thank you again. :thumbsup:
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,800 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

Driver::
aqyhj

NetSvcs::
aqyhj


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


That should be all of it so it's time to clean up:

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

If you have Java: Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml
Then go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
Get the latest Java at:
http://www.java.com/en/
Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/ or simply uninstall it.
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently actually makes things worse.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#15
DANfour20

DANfour20

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix 12-09-09.02 - Dan 10/09/2012 21:50:50.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3062.2592 [GMT 1:00]
Running from: c:\documents and settings\Dan\Desktop\PROGRAMS\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-09 21:49 . 2012-09-09 21:49 -------- d-----w- C:\fc16b2ec46704d09baf4420efa
2012-09-09 04:09 . 2012-09-09 04:09 -------- d-----w- C:\$AVG
2012-09-09 00:18 . 2012-09-09 00:18 -------- d-----w- C:\_OTL
2012-09-07 21:11 . 2012-09-09 12:03 -------- d-----w- C:\LFS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 03:52 . 2012-08-10 03:52 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-10 03:52 . 2012-08-10 03:52 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-08-10 03:52 . 2012-08-10 03:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 03:52 . 2012-08-10 03:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 12:56 . 2012-08-09 12:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-08-09 12:56 . 2012-08-09 12:56 54112 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-08-09 12:56 . 2012-08-09 12:56 151520 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-06 13:58 . 2002-09-03 16:28 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-03 13:40 . 2002-09-03 17:11 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_00.03.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-09 21:49 . 2007-07-27 09:41 16760 c:\windows\system32\spmsg.dll
+ 2012-09-10 12:51 . 2012-07-03 12:46 22344 c:\windows\system32\drivers\mbam.sys
+ 2012-09-09 04:21 . 2012-09-10 14:49 85264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013\update\backup\sc.dat
+ 2012-09-09 02:19 . 2009-04-01 22:02 604160 c:\windows\system32\wmspdmod.dll
+ 2006-10-18 20:47 . 2008-06-24 17:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-18 20:47 . 2006-10-18 20:47 295936 c:\windows\system32\wmpeffects.dll
+ 2012-09-09 02:19 . 2009-07-13 22:43 286208 c:\windows\system32\wmpdxm.dll
+ 2002-09-03 17:13 . 2008-06-18 04:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2002-09-03 17:13 . 2007-10-27 16:40 222720 c:\windows\system32\wmasf.dll
+ 2002-09-03 16:46 . 2006-12-04 15:21 414720 c:\windows\system32\msscp.dll
- 2006-10-18 20:47 . 2006-10-18 20:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-18 20:47 . 2010-03-30 11:24 317440 c:\windows\system32\mp4sdecd.dll
+ 2002-09-03 16:39 . 2008-06-18 00:09 100864 c:\windows\system32\logagent.exe
- 2002-09-03 16:39 . 2006-10-18 19:03 100864 c:\windows\system32\logagent.exe
+ 2012-09-09 02:19 . 2009-04-01 22:02 604160 c:\windows\system32\dllcache\wmspdmod.dll
+ 2012-09-09 02:19 . 2009-07-13 22:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2002-09-03 17:13 . 2008-06-18 04:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2002-09-03 17:13 . 2007-10-27 16:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2002-09-03 17:08 . 2007-06-26 21:10 317440 c:\windows\system32\dllcache\unregmp2.exe
+ 2002-09-03 16:46 . 2006-12-04 15:21 414720 c:\windows\system32\dllcache\msscp.dll
+ 2010-03-30 11:24 . 2010-03-30 11:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll
+ 2002-09-03 16:39 . 2008-06-18 00:09 100864 c:\windows\system32\dllcache\logagent.exe
- 2002-09-03 16:39 . 2006-10-18 19:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2012-09-09 04:21 . 2012-09-09 04:21 170952 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Avg2013\update\backup\sb.dat
+ 2002-09-03 17:08 . 2007-06-26 21:10 317440 c:\windows\inf\unregmp2.exe
+ 2002-09-03 17:14 . 2010-04-06 03:52 2462720 c:\windows\system32\WMVCore.dll
+ 2002-09-03 17:14 . 2010-04-06 03:52 2462720 c:\windows\system32\dllcache\WMVCore.dll
+ 2012-09-09 02:19 . 2010-08-25 22:36 10841088 c:\windows\system32\wmp.dll
+ 2012-09-09 02:19 . 2010-08-25 22:36 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2012-09-10 13:44 . 2012-09-10 13:44 19210240 c:\windows\Installer\25bed7.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-09 04:10 2045536 ----a-w- c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-09 2045536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2012-09-09 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2006-03-23 118784]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-08-29 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-09 950368]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [09/08/2012 13:56 54112]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 13:56 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10/08/2012 04:52 35168]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [13/08/2012 16:40 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [10/08/2012 04:52 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [09/08/2012 13:56 151520]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10/08/2012 04:52 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [08/09/2012 16:17 27496]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [20/08/2012 04:53 184304]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [08/09/2012 16:09 1737464]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/09/2012 13:51 655944]
R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [08/09/2012 16:17 830048]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [09/09/2012 05:10 722528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/09/2012 13:51 22344]
R3 S2usbser;S2 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\S2usbser.sys [07/09/2012 16:10 103680]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [20/08/2012 04:52 5751928]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [08/09/2012 16:09 9216]
.
.
------- Supplementary Scan -------
.
uStart Page = https://isearch.avg....r=&d=&v=&sap=hp
TCP: Interfaces\{C46D2FEA-8DC9-4F7C-979B-E150380FD988}: NameServer = 217.171.132.1 217.171.132.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\nncbvyfl.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-10 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-10 21:57:46
ComboFix-quarantined-files.txt 2012-09-10 20:57
.
Pre-Run: 5,062,070,272 bytes free
Post-Run: 5,051,322,368 bytes free
.
- - End Of File - - 1BEEAD34EE95E607CB14BC0752745A61

I'm all clean now??
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP