Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Worm.win32.netsky, probably others [Solved]

Started by magaggie , Feb 11 2010 04:26 PM

  • This topic is locked This topic is locked

#46
heir
Posted 14 February 2010 - 08:29 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's see if we can bring your computer back so that you can login normally then.


Step 1.
Copy and transfer a file to the infected computer:

Copy the attached Fix.txt and save it to your memory-stick

Attached File  Fix.txt   6.78KB   139 downloads

Login into Safe mode on the infected computer and transfer that file to the desktop.

Step 1.
OTL-fix:

Open open Fix.txt in notepad. Select all text with Ctrl+A and copy it with Ctrl+C


Run OTL.exe
  • Click in the box under the Custom Scans/Fixes at the bottom and paste in the text you copied with Ctrl+V
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot into normal mode when it is done
  • Then post the OTL fixlog

You should be able to login to normal mode now.
If not stop here and let me know.

Step 2.
OTL-scan:


  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath Extra Registry change it to Use Safelist
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    asc3550p.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.
GMER-scan:

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4.
Things I would like to see in your reply:

  • The content of the fixlog from OTL in step 1.
  • The content of OTL.txt and Extras.txt in step 2.
  • The content of the Results.log from GMER in step 3.
  • Information on how your computer is running now.

Edited by heir, 14 February 2010 - 08:31 AM.
typo

  • 0

Advertisements

#47
magaggie
Posted 14 February 2010 - 09:52 AM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OK, I ran the fix in OTL, hit OK to let the system reboot and let it go into normal mode. I'm at the point where I would click my name to login, but I get the winlogon.exe - Application Error. Should I click Cancel to debug?
  • 0

#48
heir
Posted 14 February 2010 - 10:24 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Yes
  • 0

#49
magaggie
Posted 14 February 2010 - 10:33 AM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OK, did that, and it rebooted and now I have another winlog.exe Application Error.
  • 0

#50
heir
Posted 14 February 2010 - 11:26 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I need to have a look at that fixlog.

Reboot into safe mode again and find the fixlog from OTL

The fixlog is located here

C:\_OTL\MovedFiles\

it in the format MMDDYYYY_hhmmss.log (example 02142010_182302.log)

and post it in your reply.
  • 0

#51
magaggie
Posted 14 February 2010 - 01:22 PM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2B5AAB8-2183-4be7-81A6-F11493C45872}\ deleted successfully.
C:\Documents and Settings\Margaret\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pizudobez deleted successfully.
C:\WINDOWS\system32\fopinope.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
C:\WINDOWS\system32\smss32.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AntiVirus Plus deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
File C:\WINDOWS\system32\smss32.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-internetsecurity10.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:gitabiga.dll deleted successfully.
C:\WINDOWS\system32\gitabiga.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fopinope.dll deleted successfully.
File C:\WINDOWS\system32\fopinope.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\jukabama.dll deleted successfully.
C:\WINDOWS\system32\jukabama.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\yowokifo.dll deleted successfully.
C:\WINDOWS\system32\yowokifo.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\winlogon32.exe deleted successfully.
C:\WINDOWS\system32\winlogon32.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hahejaguw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c566477-300d-4792-86d6-82ef3d8c82f0}\ deleted successfully.
File C:\WINDOWS\system32\jukabama.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\kuyehoziy deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98338c5-796b-416e-bb71-f94d08d0a8d5}\ deleted successfully.
File C:\WINDOWS\system32\jukabama.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\lolulahuz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1101d37a-3417-4903-a225-01307271200a}\ deleted successfully.
File C:\WINDOWS\system32\yowokifo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\sujuyayaz deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac779b8-2d77-4c32-807d-06c5dbe4cc78}\ deleted successfully.
File C:\WINDOWS\system32\jukabama.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tahuvagaj deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a83d9a2-6fff-4020-b4b4-f34f378c656b}\ deleted successfully.
File C:\WINDOWS\system32\fopinope.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\veyosahof deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c62d6d12-1456-434e-a02e-fb70d4b73443}\ deleted successfully.
File C:\WINDOWS\system32\yowokifo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\zolufabaf deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7df87de-fb26-4ebd-b9b4-ed24d79d1224}\ deleted successfully.
File C:\WINDOWS\system32\yowokifo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1101d37a-3417-4903-a225-01307271200a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1101d37a-3417-4903-a225-01307271200a}\ not found.
File C:\WINDOWS\system32\yowokifo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{1a83d9a2-6fff-4020-b4b4-f34f378c656b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a83d9a2-6fff-4020-b4b4-f34f378c656b}\ deleted successfully.
File C:\WINDOWS\system32\fopinope.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{2ac779b8-2d77-4c32-807d-06c5dbe4cc78} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ac779b8-2d77-4c32-807d-06c5dbe4cc78}\ not found.
File C:\WINDOWS\system32\jukabama.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{3c566477-300d-4792-86d6-82ef3d8c82f0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c566477-300d-4792-86d6-82ef3d8c82f0}\ not found.
File C:\WINDOWS\system32\jukabama.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{b7df87de-fb26-4ebd-b9b4-ed24d79d1224} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7df87de-fb26-4ebd-b9b4-ed24d79d1224}\ not found.
File C:\WINDOWS\system32\yowokifo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{c62d6d12-1456-434e-a02e-fb70d4b73443} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c62d6d12-1456-434e-a02e-fb70d4b73443}\ not found.
File C:\WINDOWS\system32\yowokifo.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{e98338c5-796b-416e-bb71-f94d08d0a8d5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98338c5-796b-416e-bb71-f94d08d0a8d5}\ not found.
File C:\WINDOWS\system32\jukabama.dll not found.
File C:\WINDOWS\System32\fopinope.dll not found.
File C:\WINDOWS\System32\yowokifo.dll not found.
C:\WINDOWS\system32\daweyege.dll moved successfully.
C:\WINDOWS\system32\vivodiha.dll moved successfully.
C:\WINDOWS\system32\dusayamo.dll moved successfully.
C:\WINDOWS\system32\noyahopi.dll moved successfully.
C:\WINDOWS\system32\jajulaze.dll moved successfully.
File C:\WINDOWS\System32\gitabiga.dll not found.
C:\WINDOWS\system32\dubunide.dll moved successfully.
C:\WINDOWS\system32\hanelaba.exe moved successfully.
C:\WINDOWS\system32\gunojuli.dll moved successfully.
C:\WINDOWS\system32\gehuseda.dll moved successfully.
C:\WINDOWS\system32\fuhubuga.dll moved successfully.
C:\WINDOWS\system32\fiyunegu.dll moved successfully.
C:\WINDOWS\system32\bametusi.dll moved successfully.
C:\WINDOWS\system32\rujabogi moved successfully.
C:\WINDOWS\system32\26569.exe moved successfully.
C:\WINDOWS\system32\4612.exe moved successfully.
C:\WINDOWS\system32\14488.exe moved successfully.
C:\WINDOWS\system32\952.exe moved successfully.
C:\WINDOWS\system32\28393.exe moved successfully.
C:\WINDOWS\system32\3277.exe moved successfully.
C:\WINDOWS\system32\32490.exe moved successfully.
C:\WINDOWS\system32\13667.exe moved successfully.
C:\WINDOWS\system32\41.exe moved successfully.
C:\WINDOWS\tasks\cyqbbwav.job moved successfully.
File C:\WINDOWS\System32\jukabama.dll not found.
C:\WINDOWS\system32\26962.exe moved successfully.
C:\WINDOWS\system32\29358.exe moved successfully.
C:\WINDOWS\system32\11478.exe moved successfully.
C:\WINDOWS\system32\15724.exe moved successfully.
C:\WINDOWS\system32\19169.exe moved successfully.
C:\WINDOWS\system32\26500.exe moved successfully.
C:\WINDOWS\system32\6334.exe moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\WINDOWS\system32\helper32.dll moved successfully.
File C:\WINDOWS\System32\winlogon32.exe not found.
File C:\WINDOWS\System32\smss32.exe not found.
C:\Documents and Settings\Margaret\Application Data\AntiVirus Plus folder moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35062 bytes

User: Margaret
->Temp folder emptied: 57955 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: V_Vhris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4955424 bytes
%systemroot%\System32 .tmp files removed: 53472 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 541720 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 62671 bytes
RecycleBin emptied: 15505806 bytes

Total Files Cleaned = 20.00 mb


OTL by OldTimer - Version 3.1.28.0 log created on 02142010_094612
  • 0

#52
heir
Posted 14 February 2010 - 01:41 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Could you please run a scan with OTL using the content of customscan2.txt and paste it in the custom scanbox.

Attached File  Customscan2.txt   827bytes   128 downloads

Post the content of OTL.txt in your reply.
  • 0

#53
magaggie
Posted 14 February 2010 - 06:02 PM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OTL logfile created on: 2/14/2010 3:32:34 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Margaret\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 713.00 Mb Available Physical Memory | 80.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): c:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 9.15 Gb Free Space | 13.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.73 Gb Total Space | 3.73 Gb Free Space | 99.96% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAGGIE
Current User Name: Margaret
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/13 11:54:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/13 11:54:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2010/01/21 17:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/17 11:49:44 | 000,616,408 | ---- | M] () [Auto | Stopped] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/01/16 14:57:26 | 000,814,728 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2007/01/19 23:52:32 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/01/19 23:52:32 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/11/08 16:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/11/01 22:15:50 | 000,537,480 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device)
SRV - [2006/09/25 15:26:26 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2006/09/23 02:49:08 | 000,401,408 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/08/23 16:13:28 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2005/12/19 15:08:42 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2005/05/04 00:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 21:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/11 20:11:50 | 000,097,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WDICA.sys -- (WDICA)
DRV - [2010/02/11 20:11:46 | 000,097,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDRFRAME.sys -- (PDRFRAME)
DRV - [2010/02/11 20:11:46 | 000,097,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDRELI.sys -- (PDRELI)
DRV - [2010/02/11 20:11:46 | 000,097,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDFRAME.sys -- (PDFRAME)
DRV - [2010/02/11 20:11:46 | 000,097,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDCOMP.sys -- (PDCOMP)
DRV - [2010/02/11 20:11:46 | 000,097,344 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\PCIDump.sys -- (PCIDump)
DRV - [2009/11/09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/17 15:48:14 | 000,009,344 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb)
DRV - [2008/11/26 17:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2008/11/26 17:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2008/11/26 17:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/18 10:24:58 | 000,026,496 | R--- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/12/06 00:02:29 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/12/06 00:02:28 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/12/06 00:02:28 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/11/09 16:04:20 | 000,280,392 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2006/11/09 16:04:20 | 000,073,288 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2006/09/23 02:56:40 | 001,681,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 11:47:52 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/09/22 11:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 13:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/01 07:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 07:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 07:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/02 19:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/10/05 04:57:08 | 000,012,544 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2005/09/12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/14 23:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2004/12/13 15:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/08/10 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 05:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/08/10 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 05:00:00 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/10 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/10 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 05:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2004/08/10 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 05:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/10 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/10 03:39:56 | 000,019,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/09 08:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 12:12:10 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061221
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061221

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061221
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061221
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {4E77EDAD-9566-4089-88D1-C81498CEE770}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/02/16 22:42:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 06:38:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 06:38:32 | 000,000,000 | ---D | M]

[2008/08/26 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Extensions
[2010/02/11 20:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\9c82lxwj.default\extensions
[2010/02/10 07:24:23 | 000,000,000 | ---D | M] (Comcast Toolbar) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\9c82lxwj.default\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
[2008/07/15 06:27:58 | 000,000,000 | ---D | M] (Media Agent plugin 2) -- C:\Documents and Settings\Margaret\Application Data\Mozilla\Firefox\Profiles\9c82lxwj.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}
[2008/08/26 15:49:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/16 16:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 16:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 16:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 07:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 07:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 07:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008/08/16 16:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/12/18 22:13:37 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/12/10 17:40:06 | 006,275,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2008/08/16 16:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2008/12/01 10:50:26 | 000,004,946 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\comcast.xml

O1 HOSTS File: ([2004/08/10 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [pizudobez] C:\WINDOWS\System32\jukabama.DLL File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Adobe Loader] C:\Program Files\adb9_32.exe ()
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [BrandClearStubs] C:\WINDOWS\System32\iedkcs32.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DelayedHscMui] C:\WINDOWS\System32\Cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [DelayedHscUpdate] C:\WINDOWS\System32\Cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\WINDOWS\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [IE - 03] C:\WINDOWS\System32\fixmapi.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [MDAC_InstODBCDrivers] C:\WINDOWS\System32\odbcconf.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\system32\drmstor.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\system32\drmclien.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\system32\drmv2clt.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\system32\blackbox.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\system32\msnetobj.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPMIndex_Install_1] C:\WINDOWS\System32\msisam11.dll File not found
O4 - HKLM..\RunOnce: [OE_WMPMIndex_Install_2] C:\WINDOWS\System32\mindex.dll File not found
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_1] C:\WINDOWS\System32\mswmdm.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_11] C:\WINDOWS\System32\wmaspdtx.dll File not found
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_2] C:\WINDOWS\System32\msscp.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_3] C:\WINDOWS\System32\mspmsp.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_4] C:\WINDOWS\System32\wmdmps.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_5] C:\WINDOWS\System32\wmdmlog.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMDM_Install_6] C:\WINDOWS\System32\cewmdm.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_1] C:\WINDOWS\System32\wmstream.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\System32\wmsdmoe2.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_11] C:\WINDOWS\System32\laprxy.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_12] C:\WINDOWS\System32\logagent.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_13] C:\WINDOWS\System32\wmvcore.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_14] C:\WINDOWS\System32\wmsdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_15] C:\WINDOWS\System32\mpg4dmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_16] C:\WINDOWS\System32\wmspdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_17] C:\WINDOWS\System32\wmspdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_18] C:\WINDOWS\System32\qasf.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_19] C:\WINDOWS\System32\wmvadvd.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\System32\wmnetmgr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\System32\wmvadve.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\System32\mp43dmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\System32\mp4sdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\System32\wmdrmnet.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_25] C:\WINDOWS\System32\wmdrmdev.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\System32\wmidx.ocx File not found
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\System32\wmvdmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\System32\wmvdmoe2.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\System32\wmadmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\System32\wmadmod.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\System32\wmspdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\System32\wmsdmoe.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP6_Install_1] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP6_Install_2] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP6_Install_3] C:\WINDOWS\system32\msdxm.ocx ()
O4 - HKLM..\RunOnce: [OE_WMPWMP6_Install_4] C:\WINDOWS\system32\dxmasf.dll ()
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\system32\wmpencen.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_12] C:\WINDOWS\system32\wmpsrcwp.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_13] C:\Program Files\Windows Media Player\mpvis.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_14] C:\Program Files\Windows Media Player\wmpband.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_19] C:\Program Files\Windows Media Player\WMPEnc.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_21] C:\Program Files\Windows Media Player\migrate.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_3] C:\WINDOWS\system32\drmclien.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_4] C:\WINDOWS\system32\drmstor.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_6] C:\WINDOWS\system32\drmv2clt.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_7] C:\WINDOWS\system32\blackbox.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\system32\wmpasf.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMPCodec_ivf] C:\WINDOWS\System32\ivfsrc.ax (Intel Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMPCodec_msscrnax] C:\WINDOWS\System32\msscds32.ax (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMPCodec_wmv8ax] C:\WINDOWS\System32\wmv8ds32.ax (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWMPCodec_wmv8dmo] C:\WINDOWS\System32\wmv8dmod.dll File not found
O4 - HKLM..\RunOnce: [OE_WMPWMPCodec_wmvax] C:\WINDOWS\System32\wmvds32.ax (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWPD_Install_1] C:\WINDOWS\System32\wpdconns.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWPD_Install_2] C:\WINDOWS\System32\wpdsp.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWPD_Install_3] C:\WINDOWS\System32\wpdmtp.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OE_WMPWPD_Install_4] C:\WINDOWS\System32\wpdmtpus.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [RunOnceEx] C:\WINDOWS\System32\iernonce.DLL (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SchedulingAgent] C:\WINDOWS\System32\mstinit.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SniffpolDLL_Reg] C:\WINDOWS\Help\sniffpol.dll ()
O4 - HKLM..\RunOnce: [SstubDLL_Reg] C:\WINDOWS\Help\sstub.dll ()
O4 - HKLM..\RunOnce: [TshootDLL_Reg] C:\WINDOWS\Help\tshoot.dll ()
O4 - HKLM..\RunOnce: [UnRegisterUploadm] C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {3785F3BF-8770-47EE-AB71-665805C608C3} https://www.scribe.c...es/InetWord.CAB (InetWord.InetDoc)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - AppInit_DLLs: (c:\windows\system32\fopinope.dll c:\windows\system32\yowokifo.dll c:\windows\system32\jukabama.dll) - C:\WINDOWS\System32\fopinope.dll File not found
O20 - AppInit_DLLs: (gitabiga.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: tahuvagaj - {1a83d9a2-6fff-4020-b4b4-f34f378c656b} - C:\WINDOWS\System32\jukabama.dll File not found
O22 - SharedTaskScheduler: {1a83d9a2-6fff-4020-b4b4-f34f378c656b} - tokatiluy - C:\WINDOWS\System32\jukabama.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Margaret\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Margaret\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/13 11:36:28 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{8ce8ba2f-58d7-11de-b080-0015c5ceadb1}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{cf5353f8-e965-11db-a5ea-0015c5ceadb1}\Shell - "" = AutoRun
O33 - MountPoints2\{cf5353f8-e965-11db-a5ea-0015c5ceadb1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf5353f8-e965-11db-a5ea-0015c5ceadb1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/12 05:46:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/02/14 09:46:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/13 12:04:46 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
[2010/02/13 08:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/12 06:24:20 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2010/02/12 06:24:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2010/02/12 06:24:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2010/02/12 06:24:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2010/02/12 06:23:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2010/02/12 06:23:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2010/02/12 06:23:25 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/02/12 06:23:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/02/12 06:23:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/02/12 06:23:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/02/12 06:23:22 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/02/12 06:23:21 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/02/12 06:23:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/02/12 06:23:18 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/02/12 06:23:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/02/12 06:23:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010/02/12 06:23:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010/02/12 06:23:14 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010/02/12 06:23:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010/02/12 06:23:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/02/12 06:23:13 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/02/12 06:23:13 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/02/12 06:23:12 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/02/12 06:23:11 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/02/12 06:23:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/02/12 06:23:05 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/02/12 06:23:04 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010/02/12 06:23:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/02/12 06:23:01 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010/02/12 06:23:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/02/12 06:23:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/02/12 06:23:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/02/12 06:22:59 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/02/12 06:22:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/02/12 06:22:58 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/02/12 06:22:58 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/02/12 06:22:57 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/02/12 06:22:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010/02/12 06:22:52 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010/02/12 06:22:51 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/02/12 06:22:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/02/12 06:22:50 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/02/12 06:22:47 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/02/12 06:22:46 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/02/12 06:22:45 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/02/12 06:22:45 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/02/12 06:22:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/02/12 06:22:45 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/02/12 06:22:44 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/02/12 06:22:44 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/02/12 06:22:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/02/12 06:22:43 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/02/12 06:22:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010/02/12 06:22:42 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/02/12 06:22:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/02/12 06:22:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/02/12 06:22:41 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/02/12 06:22:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/02/12 06:22:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/02/12 06:22:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/02/12 06:22:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/02/12 06:22:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/02/12 06:22:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/02/12 06:22:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/02/12 06:22:38 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/02/12 06:22:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/02/12 06:22:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/02/12 06:22:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/02/12 06:22:37 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/02/12 06:22:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/02/12 06:22:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/02/12 06:22:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/02/12 06:22:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/02/12 06:22:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/02/12 06:22:26 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/12 06:22:25 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/12 06:22:25 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/02/12 06:22:25 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/02/12 06:22:22 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/02/12 06:22:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010/02/12 06:22:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/02/12 06:22:20 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/02/12 06:22:16 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/02/12 06:22:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/02/12 06:22:15 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/02/12 06:22:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/02/12 06:22:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/02/12 06:22:09 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/02/12 06:22:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/02/12 06:22:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/02/12 06:22:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2010/02/12 06:22:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/02/12 06:22:07 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/02/12 06:22:07 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/02/12 06:22:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/02/12 06:22:05 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/02/12 06:22:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010/02/12 06:22:03 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/02/12 06:22:02 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/02/12 06:22:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/02/12 06:22:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/02/12 06:22:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/02/12 06:21:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/02/12 06:21:53 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/02/12 06:21:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010/02/12 06:21:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010/02/12 06:21:46 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/02/12 06:21:45 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/02/12 06:21:38 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/02/12 06:21:37 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/02/12 06:21:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010/02/12 06:21:18 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/02/12 06:21:18 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/02/12 06:21:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010/02/12 06:21:17 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010/02/12 06:21:17 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010/02/12 06:21:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/02/12 06:21:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/02/12 06:21:14 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010/02/12 06:21:13 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/02/12 06:21:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010/02/12 06:21:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/02/12 06:21:09 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/02/12 06:21:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/02/12 06:21:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/02/12 06:21:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/02/12 06:21:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/02/12 06:21:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/02/12 06:21:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/02/12 06:21:06 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/02/12 06:21:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/02/12 06:21:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/02/12 06:21:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/02/12 06:21:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/02/12 06:21:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/02/12 06:21:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/02/12 06:21:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/02/12 06:21:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/02/12 06:21:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/02/12 06:21:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/02/12 06:21:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/02/12 06:21:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/02/12 06:21:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/02/12 06:21:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/02/12 06:21:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/02/12 06:21:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/02/12 06:20:59 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/02/12 06:20:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/02/12 06:20:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/02/12 06:20:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/02/12 06:20:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/02/12 06:20:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/02/12 06:20:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/02/12 06:20:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/02/12 06:20:55 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/02/12 06:20:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/02/12 06:20:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/02/12 06:20:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/02/12 06:20:54 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/02/12 06:20:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/02/12 06:20:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010/02/12 06:20:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010/02/12 06:20:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/02/12 06:20:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010/02/12 06:20:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010/02/12 06:20:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010/02/12 06:20:48 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010/02/12 06:20:48 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/02/12 06:20:47 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/02/12 06:20:46 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/02/12 06:20:46 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/02/12 06:20:45 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/02/12 06:20:45 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/02/12 06:20:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/02/12 06:20:44 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/02/12 06:20:44 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/02/12 06:20:44 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/02/12 06:20:43 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/02/12 06:20:43 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/02/12 06:20:43 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/02/12 06:20:42 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/02/12 06:20:42 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/02/12 06:20:42 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/02/12 06:20:41 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/02/12 06:20:41 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/02/12 06:20:40 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/02/12 06:20:40 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/02/12 06:20:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/02/12 06:20:39 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/02/12 06:20:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/02/12 06:20:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/02/12 06:20:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010/02/12 06:20:37 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010/02/12 06:20:37 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/02/12 06:20:37 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/02/12 06:20:37 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/02/12 06:20:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010/02/12 06:20:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010/02/12 06:20:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/02/12 06:20:28 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/02/12 06:20:14 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/02/12 06:20:13 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/02/12 06:20:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010/02/12 06:20:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/02/12 06:20:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010/02/12 06:20:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/02/12 06:20:09 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010/02/12 06:20:05 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/02/12 06:20:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/02/12 06:20:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/02/12 06:20:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/02/12 06:20:02 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/02/12 06:20:02 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/02/12 06:20:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/02/12 06:20:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/02/12 06:19:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010/02/12 06:19:59 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/02/12 06:19:58 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/02/12 06:19:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010/02/12 06:19:58 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/02/12 06:19:57 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/12 06:19:57 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/02/12 06:19:56 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/12 06:19:56 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/12 06:19:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/02/12 06:19:41 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010/02/12 06:19:38 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/02/12 06:19:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/02/12 06:19:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010/02/12 06:19:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010/02/12 06:19:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010/02/12 06:19:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010/02/12 06:19:32 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/02/12 06:19:32 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/02/12 06:19:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/02/12 06:19:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/02/12 06:19:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/02/12 06:19:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/02/12 06:19:29 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/02/12 06:19:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/02/12 06:19:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/02/12 06:19:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/02/12 06:19:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/02/12 06:19:26 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/02/12 06:19:25 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/12 06:19:24 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/02/12 06:19:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/02/12 06:19:23 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/02/12 06:19:05 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010/02/12 06:19:02 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010/02/12 06:18:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010/02/12 06:18:58 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010/02/12 06:18:57 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010/02/12 06:18:57 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010/02/12 06:18:56 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010/02/12 06:18:56 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/02/12 06:18:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010/02/12 06:18:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010/02/12 06:18:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010/02/12 06:18:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010/02/12 06:18:53 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010/02/12 06:18:53 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010/02/12 06:18:51 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010/02/12 06:18:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/02/12 06:18:50 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010/02/12 06:18:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010/02/12 06:18:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/02/12 06:18:47 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/02/12 06:18:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/02/12 06:18:43 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/02/12 06:18:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/02/12 06:18:42 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/02/12 06:18:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/02/12 06:18:41 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/02/12 06:18:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/02/12 06:18:34 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/02/12 06:18:34 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/02/12 06:18:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/02/12 06:18:33 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/02/12 06:18:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/02/12 06:18:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/02/12 06:18:32 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/02/12 06:18:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/02/12 06:18:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/02/12 06:18:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/02/12 06:18:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/02/12 06:18:31 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/02/12 06:18:30 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/02/12 06:18:30 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/02/12 06:18:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/02/12 06:18:29 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/02/12 06:18:29 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/02/12 06:18:29 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/02/12 06:18:28 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/02/12 06:18:28 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/02/12 06:18:28 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/02/12 06:18:28 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/02/12 06:18:27 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/02/12 06:18:27 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/02/12 06:18:27 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/02/12 06:18:27 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/02/12 06:18:26 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/02/12 06:18:26 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/02/12 06:18:26 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/02/12 06:18:24 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/02/12 06:18:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/02/12 06:18:24 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/02/12 06:18:23 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/02/12 06:18:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/02/12 06:18:22 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/02/12 06:18:22 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/02/12 06:18:21 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/02/12 06:18:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/02/12 06:18:20 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/02/12 06:18:19 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/02/12 05:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010/02/12 00:32:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/02/12 00:32:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/02/12 00:32:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/02/12 00:32:30 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/02/11 21:46:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/02/11 13:42:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2010/02/11 13:42:34 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/02/11 13:42:33 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/02/11 13:42:33 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/02/11 07:04:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/02/10 13:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/10 13:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/10 07:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Application Data\CallingID
[2010/02/10 07:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\scanner
[2010/02/10 07:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/02/10 07:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Application Data\comcasttb
[2010/02/10 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\comcasttb
[2010/02/10 02:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/02/09 22:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010/02/09 21:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Local Settings\Application Data\AntiVirus Plus
[2010/02/09 21:53:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/06 14:11:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Application Data\GARMIN
[2010/02/06 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/02/06 14:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/02/06 13:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2010/01/24 20:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\My Documents\SPC - HUC
[2010/01/23 00:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Local Settings\Application Data\Threat Expert
[2010/01/22 13:39:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/22 13:39:49 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/22 13:39:49 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/01/22 13:39:49 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/22 13:37:41 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/22 13:37:37 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/22 13:37:37 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/22 13:37:32 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/22 13:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/22 13:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/22 13:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/22 13:16:42 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/01/22 00:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Margaret\Local Settings\Application Data\tbwubs
[2008/01/22 20:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/01/08 11:01:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/07 08:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[2005/08/16 04:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/08/16 04:18:29 | 000,137,728 | R--- | C] (olnWoc) -- C:\Documents and Settings\NetworkService\Application Data\sdra64.exe
[2 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/14 13:15:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/14 13:13:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/14 13:12:27 | 937,570,304 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/14 12:20:40 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{40379DF7-DA1A-431E-911E-F4133F2153AE}.job
[2010/02/14 09:49:56 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Margaret\NTUSER.DAT
[2010/02/14 09:49:56 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Margaret\ntuser.ini
[2010/02/14 09:47:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\rujabogi
[2010/02/13 18:21:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6950.exe
[2010/02/13 18:00:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11401.exe
[2010/02/13 17:39:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26300.exe
[2010/02/13 17:18:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25226.exe
[2010/02/13 16:57:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\5998.exe
[2010/02/13 16:36:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8648.exe
[2010/02/13 16:16:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\3345.exe
[2010/02/13 15:56:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23647.exe
[2010/02/13 15:36:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\25039.exe
[2010/02/13 15:16:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\28606.exe
[2010/02/13 14:56:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\26858.exe
[2010/02/13 14:36:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\59.exe
[2010/02/13 13:50:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\19847.exe
[2010/02/13 13:29:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23120.exe
[2010/02/13 13:09:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\23924.exe
[2010/02/13 12:49:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\8654.exe
[2010/02/13 11:54:38 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Margaret\Desktop\OTL.exe
[2010/02/13 08:10:42 | 000,552,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/13 08:10:42 | 000,462,298 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/13 08:10:42 | 000,080,726 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/13 07:53:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/12 06:26:55 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/12 05:45:41 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/12 05:45:34 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/12 05:45:34 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/12 05:45:03 | 000,000,742 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/12 05:34:34 | 000,034,332 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/12 05:33:50 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/02/12 05:32:58 | 000,000,221 | -HS- | M] () -- C:\boot.ini
[2010/02/12 00:36:10 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/02/12 00:32:40 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/11 22:14:37 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/11 22:05:24 | 000,326,359 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/02/11 22:04:08 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/11 22:04:08 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/11 22:04:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/11 20:11:50 | 000,097,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\WDICA.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\PDRFRAME.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\PDRELI.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\PDFRAME.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\PDCOMP.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\PCIDump.sys
[2010/02/11 19:33:52 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 16:11:41 | 000,004,286 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\avp.ico
[2010/02/11 16:11:30 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\Margaret\Desktop\AntiVirus Plus.lnk
[2010/02/11 16:10:57 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/02/11 16:10:49 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/02/11 15:22:43 | 000,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/09 13:39:55 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/09 11:27:12 | 000,051,720 | ---- | M] () -- C:\Program Files\adb9_32.exe
[2010/02/09 00:08:55 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\NPW.doc
[2010/02/09 00:08:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/09 00:04:13 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\TV Stuff.doc
[2010/02/03 21:51:51 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Shoe miles - gel cumulus 11 - plum.doc
[2010/02/03 21:48:09 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Margaret\My Documents\Shoe miles - gel cumulus 11 - paradise pink.doc
[2010/01/22 13:37:36 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/21 17:21:07 | 000,165,840 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/01/21 17:21:07 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/01/21 17:21:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/21 17:21:07 | 000,000,879 | ---- | M] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/21 17:21:06 | 001,652,688 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/01/21 17:21:05 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\rujabogi
[2010/02/14 13:14:49 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\asc3550p.sys
[2010/02/13 18:21:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6950.exe
[2010/02/13 18:00:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11401.exe
[2010/02/13 17:39:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26300.exe
[2010/02/13 17:18:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25226.exe
[2010/02/13 16:57:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5998.exe
[2010/02/13 16:36:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8648.exe
[2010/02/13 16:16:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\3345.exe
[2010/02/13 15:56:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23647.exe
[2010/02/13 15:36:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\25039.exe
[2010/02/13 15:16:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28606.exe
[2010/02/13 14:56:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26858.exe
[2010/02/13 14:36:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\59.exe
[2010/02/13 13:50:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19847.exe
[2010/02/13 13:29:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23120.exe
[2010/02/13 13:09:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23924.exe
[2010/02/13 12:49:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\8654.exe
[2010/02/13 12:04:46 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\gmer.exe
[2010/02/12 06:23:37 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/12 06:22:11 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/12 06:22:10 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/12 06:22:06 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/12 06:21:10 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/12 06:21:09 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/12 06:20:46 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/12 06:20:43 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/12 06:20:38 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/12 06:20:20 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/12 06:20:10 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/12 06:20:03 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/02/12 06:19:31 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/12 06:19:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/12 06:19:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/12 06:19:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/12 06:19:22 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/12 06:19:21 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/12 06:19:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/12 06:19:20 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/12 06:19:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/12 06:19:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/12 06:19:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/12 06:19:19 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/12 06:19:19 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/12 06:19:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/12 06:19:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/12 06:19:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/12 06:19:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/12 06:19:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/12 06:19:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/12 06:19:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/12 06:19:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/12 06:19:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/12 06:19:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/12 06:19:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/12 06:19:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/12 06:19:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/12 06:19:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/12 06:19:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/12 06:19:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/12 06:19:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/12 06:19:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/12 06:19:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/12 06:19:14 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/12 06:19:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/12 06:19:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/12 06:19:13 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/12 06:19:13 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/12 06:19:13 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/12 06:19:12 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/12 06:19:12 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/12 06:19:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/12 06:19:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/12 06:19:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/12 06:19:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/12 06:19:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/12 06:19:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/12 06:19:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/12 06:19:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/12 06:19:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/12 06:19:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/12 06:19:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/12 06:19:08 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/12 06:19:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/12 06:19:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/12 06:19:07 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/12 06:19:07 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/12 06:19:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/12 06:19:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/12 06:19:06 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/12 06:19:05 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/12 06:19:04 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/12 06:18:45 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/02/12 05:45:34 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/12 05:45:26 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/12 00:32:11 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/02/12 00:32:11 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010/02/12 00:32:11 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/02/12 00:32:11 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2010/02/12 00:32:11 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/02/12 00:32:10 | 000,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/02/12 00:32:10 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/02/12 00:32:10 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/12 00:32:10 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/02/12 00:32:10 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/02/12 00:32:10 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/12 00:32:10 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/02/12 00:32:10 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/12 00:32:10 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/12 00:32:10 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/02/12 00:32:09 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/12 00:32:09 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/12 00:32:09 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/02/12 00:32:08 | 002,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/02/12 00:32:08 | 000,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/02/11 20:11:50 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\WDICA.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PDRFRAME.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PDRELI.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PDFRAME.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PDCOMP.sys
[2010/02/11 20:11:46 | 000,097,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCIDump.sys
[2010/02/11 15:25:20 | 000,001,720 | ---- | C] () -- C:\Documents and Settings\Margaret\Desktop\AntiVirus Plus.lnk
[2010/02/11 15:25:17 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/02/11 15:25:13 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Margaret\Start Menu\Programs\Startup\AntiVirus Plus.lnk
[2010/02/11 13:19:11 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/02/11 07:04:31 | 937,570,304 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2010/02/09 21:58:24 | 000,004,286 | ---- | C] () -- C:\Documents and Settings\Margaret\Application Data\avp.ico
[2010/02/09 13:39:55 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/09 11:27:12 | 000,051,720 | ---- | C] () -- C:\Program Files\adb9_32.exe
[2010/01/22 13:39:50 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/01/22 13:39:50 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/22 13:39:50 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/01/22 13:39:50 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/01/22 13:39:50 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/01/22 13:39:49 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/01/22 13:37:41 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/22 13:37:37 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/22 13:37:37 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/22 13:37:36 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/22 13:37:32 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2009/01/17 21:27:20 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/06/28 18:31:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\pccillin.ini
[2007/02/18 22:35:50 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\OutlookFail.20070218.log
[2007/02/16 00:22:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/02 17:29:24 | 000,014,234 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/26 15:27:47 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/26 15:27:47 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0614CBF952.sys
[2006/12/28 01:28:48 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/28 01:03:34 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Margaret\Local Settings\Application Data\fusioncache.dat
[2006/12/21 12:16:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/21 12:07:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/21 12:00:58 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/21 11:47:53 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/12/21 11:23:10 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/21 11:23:06 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/21 11:22:36 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/10/28 10:31:44 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcfcoin.dll
[2006/10/20 13:42:24 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/10/20 13:42:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/10/20 13:41:46 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/10/20 13:37:22 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/10/20 13:37:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/10/20 13:37:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/10/20 13:36:54 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/10/20 13:35:36 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/09/06 05:27:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/04/27 12:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/10 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/09 22:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2002/02/24 00:48:19 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2008/08/23 21:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2006/12/21 11:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/07/19 18:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/01/27 15:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/12/21 11:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2007/12/21 22:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/07/15 06:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2007/12/22 04:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2008/05/20 07:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2006/12/21 12:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GTek
[2008/12/20 12:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2007/02/02 17:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/12/31 08:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/12/20 13:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2006/12/21 12:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/10/14 14:38:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/18 23:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/05/20 07:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/11/02 06:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/22 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2006/12/21 11:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2008/01/27 22:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2008/01/15 07:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2010/02/14 12:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/12/21 11:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2006/12/21 11:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/20 13:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2006/12/28 09:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/01/28 00:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/12/21 12:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/09/29 23:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/09 09:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009/02/04 14:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2009/11/12 17:07:12 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
[2007/11/13 15:46:00 | 000,135,168 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[2006/12/28 09:35:19 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\DellSupportODBK.exe
[2007/12/21 22:59:46 | 000,327,437 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\CIP\TransferAgentSetup.exe
[2006/12/21 12:08:09 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\MakeDesktopShortcut.EXE
[2006/12/28 09:35:19 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\fix\DellSupportODBK.exe
[2007/07/18 16:02:52 | 000,064,512 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\coach\RunGdp.exe
[2006/12/21 12:08:18 | 000,123,138 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\MakeDesktopShortcut.EXE
[2006/12/21 12:08:18 | 000,068,608 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportLauncher.exe
[2006/12/21 12:08:18 | 000,072,704 | ---- | M] (Dell Inc) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\fix\DellSupportODBK.exe
[2009/10/30 06:06:03 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
[2006/08/04 16:13:48 | 000,218,736 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Application Data\Trend Micro\OL_OEM\auhome\patch.exe

< %APPDATA%\*. >
[2008/01/25 12:02:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Adobe
[2008/08/23 21:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\AdobeUM
[2007/02/10 11:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Ahead
[2009/10/30 06:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Amazon
[2009/09/29 23:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Apple Computer
[2006/12/21 11:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\ATI
[2010/02/10 07:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\CallingID
[2010/02/10 07:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\comcasttb
[2007/02/02 18:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Corel
[2010/02/06 14:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\GARMIN
[2008/02/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Google
[2006/12/21 12:08:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Margaret\Application Data\Gtek
[2008/03/01 14:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\gtk-2.0
[2008/03/25 18:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Help
[2007/10/14 15:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\HP
[2009/03/15 19:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\ICAClient
[2005/08/16 04:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Identities
[2009/06/30 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Image Zone Express
[2008/01/15 07:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\InstallShield
[2007/01/10 12:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Leadertech
[2006/12/28 01:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Macromedia
[2008/04/01 21:36:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Margaret\Application Data\Microsoft
[2008/06/12 00:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\mIRC
[2010/02/10 07:21:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Margaret\Application Data\Move Networks
[2008/08/26 15:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Mozilla
[2008/05/20 07:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\NCH Swift Sound
[2009/06/30 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Printer Info Cache
[2008/03/26 21:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Real
[2008/01/22 20:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Roxio
[2008/02/24 00:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Sibelius Software
[2007/01/10 12:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Sonic
[2007/01/03 20:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Sun
[2009/07/29 16:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\U3
[2009/02/22 22:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\uniblue
[2010/02/10 17:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\uTorrent
[2008/01/27 00:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Margaret\Application Data\Winamp

< %APPDATA%\*.exe /s >
[2007/03/25 22:47:51 | 021,277,080 | ---- | M] ( ) -- C:\Documents and Settings\Margaret\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
[2008/08/23 20:53:02 | 019,900,192 | ---- | M] ( ) -- C:\Documents and Settings\Margaret\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
[2007/01/17 00:07:52 | 001,168,157 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2008/01/15 06:51:10 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\DesktopMgr.exe
[2008/01/15 06:51:10 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/01/15 06:51:11 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/01/15 06:51:11 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/01/15 06:51:11 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/01/15 06:51:11 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/01/15 06:51:11 | 000,026,694 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2008/01/15 06:51:11 | 000,006,502 | R--- | M] () -- C:\Documents and Settings\Margaret\Application Data\Microsoft\Installer\{9B449C1A-4F64-4ED4-8C96-31B222E8377F}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2009/06/17 23:00:58 | 001,686,272 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
[2010/02/10 07:21:24 | 000,144,162 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Move Networks\uninstall.exe
[2009/12/17 21:27:04 | 000,097,216 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009/06/02 21:27:51 | 000,390,664 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Margaret\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
[2006/05/23 17:04:56 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Margaret\Application Data\U3\temp\cleanup.exe
[2006/10/04 14:21:22 | 003,072,000 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Margaret\Application Data\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ASC3550P.SYS >
[2004/08/10 05:00:00 | 000,097,344 | ---- | M] () MD5=BE489F040E890AAB24DDC399FFFDDDAD -- C:\WINDOWS\system32\drivers\asc3550p.sys

< MD5 for: ATAPI.SYS >
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/10 05:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/10 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/10 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/10 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 18:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/10 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 12:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/02/11 18:29:09 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/12 00:12:33 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/02/11 18:29:09 | 035,913,728 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/11 18:29:09 | 007,077,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Edited by heir, 15 February 2010 - 01:28 AM.
removed doubleposted log

  • 0

#54
heir
Posted 15 February 2010 - 12:29 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Looks as it's back.
Let's use a more powerful tool.

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

#55
magaggie
Posted 15 February 2010 - 08:03 AM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Sounds good. Should I stay in safe mode or try normal mode?
  • 0

Advertisements

#56
heir
Posted 15 February 2010 - 01:56 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Perform that in safe mode and then transfer the log with the memory-stick.

I need to have a look at it first to decide what to do next.
  • 0

#57
magaggie
Posted 15 February 2010 - 02:22 PM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
OK. I got another winlogone.exe application error. just as I was logging on to safe mode. It let me get to my desktop, but every time I hit "cancel" it just reboots me. Is it OK to just drag it out of my way and ignore it while I do what I need to do?
  • 0

#58
magaggie
Posted 15 February 2010 - 03:39 PM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I got in there in Safe Mode and dragged the Windows setup to Combo fix, I got a message from Combo Fix with a warning about websites that they are not affiliated with (didn't really look like a license agreement yet), clicked on OK, heard a high-pitched beep, and then the computer rebooted. I tried it again, and this time I was reading the combo fix message more carefully, and it beeped and rebooted before I even had the chance to OK it.
  • 0

#59
heir
Posted 15 February 2010 - 06:58 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Did you get a log from ComboFix?

If not just double-click on Combofix.exe to run it. Post the log in your reply.
  • 0

#60
magaggie
Posted 15 February 2010 - 07:26 PM

magaggie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
I tried just double-clicking on combofix.exe instead, and the same thing happened. I got the agreement box, OK'd on that, and then it promptly rebooted.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP