Jump to content

cmoney30

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Everything posted by cmoney30

  1. cmoney30
    ComboFix 09-09-08.05 - Owner 09/08/2009 22:02.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1401 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: eEye Digital Security Blink Anti-Virus *On-access scanning disabled* (Updated) {C4821238-EFD9-4B79-B2A5-40CE68D50E68} FW: eEye Digital Security Blink Firewall *disabled* {AC6BB248-92AF-4E26-A70A-6E5FDB75C144} FILE :: "c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe" "c:\windows\pss\dmaupd32.exe" "c:\windows\pss\dmaupd32.exeStartup" "c:\windows\system32\drivers\kwave.sys" "c:\windows\system32\drivers\mrxdavv.sys" "c:\windows\system32\kwave.sys" "c:\windows\system32\mrxdavv.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys c:\windows\system32\sqlite3.dll . ((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2064-10-26 13:46 . 2064-10-26 13:46 -------- d-----w- c:\program files\microsoft frontpage 2064-10-26 13:43 . 2064-10-26 13:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-09 04:54 . 2007-08-03 19:15 -------- d-----w- c:\program files\Setup Files 2009-09-07 06:58 . 2009-03-07 17:48 -------- d-----w- c:\program files\Java 2009-09-07 06:32 . 2009-09-07 06:32 574 ----a-w- C:\cleanup.bat 2009-09-07 06:32 . 2009-09-07 06:32 376 ----a-w- c:\program files\hiwoowg.txt 2009-09-07 06:32 . 2009-09-07 06:32 135168 ----a-w- C:\zip.exe 2009-09-07 01:22 . 2009-09-07 01:22 -------- d-----w- c:\program files\ERUNT 2009-09-07 00:07 . 2009-09-07 00:07 -------- d-----w- c:\program files\Trend Micro 2009-09-06 23:24 . 2009-09-05 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 21:19 . 2009-09-06 21:19 324 ----a-w- c:\program files\gauisqd.txt 2009-09-05 02:24 . 2009-09-05 02:24 89520 ----a-w- c:\windows\system32\seccommutil.dll 2009-09-05 02:24 . 2009-09-05 02:24 320912 ----a-w- c:\windows\system32\seccomm.dll 2009-09-05 02:24 . 2009-09-05 02:24 299904 ----a-w- c:\windows\system32\EMSAgent.dll 2009-09-05 02:24 . 2009-09-05 02:24 236984 ----a-w- c:\windows\system32\FileStore.dll 2009-09-05 02:24 . 2009-09-05 02:24 200120 ----a-w- c:\windows\system32\eEyePKI.dll 2009-09-05 02:24 . 2009-09-05 02:24 186784 ----a-w- c:\windows\system32\eevtc.dll 2009-09-05 02:24 . 2009-09-05 02:24 176584 ----a-w- c:\windows\system32\DeploySupport.dll 2009-09-05 02:24 . 2009-09-05 02:24 284016 ----a-w- c:\windows\system32\DebugRpt.dll 2009-09-05 02:24 . 2009-09-05 02:24 252272 ----a-w- c:\windows\system32\LocalStorage.dll 2009-09-05 02:24 . 2009-09-05 02:24 1801168 ----a-w- c:\windows\system32\elic.dll 2009-09-05 02:19 . 2009-09-05 02:18 -------- d-----w- c:\program files\Common Files\eEye Digital Security 2009-09-05 01:40 . 2009-09-05 01:40 -------- d-----w- c:\program files\CCleaner 2009-09-05 01:21 . 2009-09-05 01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-02 04:29 . 2009-02-06 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent 2009-08-28 19:33 . 2009-08-28 19:33 -------- d-----w- c:\program files\Common Files\TSCUninstall 2009-08-16 04:01 . 2009-02-11 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss 2009-08-13 17:18 . 2007-08-12 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-08 00:47 . 2009-03-01 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-05 09:01 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 20:36 . 2009-03-01 17:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-03-01 17:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-31 22:23 . 2009-03-07 17:48 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-31 14:57 . 2009-06-22 00:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-17 19:01 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 2007-08-03 14:46 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2006-06-23 18:33 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2007-08-03 14:45 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2002-08-29 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2002-08-29 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2002-08-29 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2002-08-29 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2002-08-29 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2002-08-29 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2002-08-29 12:00 76288 ----a-w- c:\windows\system32\telnet.exe . ------- Sigcheck ------- [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-06_21.55.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-09 05:09 . 2009-09-09 05:09 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat + 2009-09-09 00:10 . 2009-09-09 00:10 60024 c:\windows\system32\drivers\eeyetv64.sys - 2009-05-02 02:10 . 2009-05-02 02:10 60024 c:\windows\system32\drivers\eeyetv64.sys + 2009-09-09 00:10 . 2009-09-09 00:10 48248 c:\windows\system32\drivers\eeyetv.sys - 2009-05-02 02:10 . 2009-05-02 02:10 48248 c:\windows\system32\drivers\eeyetv.sys + 2009-09-09 00:10 . 2009-09-09 00:10 71536 c:\windows\system32\drivers\eeyet.sys + 2009-09-09 00:10 . 2009-09-09 00:10 49784 c:\windows\system32\drivers\eeyenv64.sys - 2009-05-02 02:10 . 2009-05-02 02:10 49784 c:\windows\system32\drivers\eeyenv64.sys - 2009-05-02 02:10 . 2009-05-02 02:10 42616 c:\windows\system32\drivers\eeyenv.sys + 2009-09-09 00:10 . 2009-09-09 00:10 42616 c:\windows\system32\drivers\eeyenv.sys + 2009-09-09 00:10 . 2009-09-09 00:10 76144 c:\windows\system32\drivers\eeyen64.sys + 2009-09-09 00:10 . 2009-09-09 00:10 57712 c:\windows\system32\drivers\eeyen.sys + 2009-09-09 00:10 . 2009-09-09 00:10 98424 c:\windows\system32\drivers\eeyehv64.sys + 2009-09-09 00:10 . 2009-09-09 00:10 79992 c:\windows\system32\drivers\eeyehv.sys + 2009-09-09 00:10 . 2009-09-09 00:10 95088 c:\windows\system32\drivers\eeyehf64.sys + 2009-09-09 00:10 . 2009-09-09 00:10 93552 c:\windows\system32\drivers\eeyeh.sys + 2009-09-07 06:58 . 2009-07-31 22:23 149280 c:\windows\system32\javaws.exe + 2009-09-07 06:58 . 2009-07-31 22:23 145184 c:\windows\system32\javaw.exe - 2009-03-07 17:48 . 2009-03-07 17:48 144792 c:\windows\system32\java.exe + 2009-09-07 06:58 . 2009-03-07 17:48 144792 c:\windows\system32\java.exe + 2009-09-09 00:10 . 2009-09-09 00:10 102256 c:\windows\system32\drivers\eeyet64.sys + 2009-09-09 00:10 . 2009-09-09 00:10 133744 c:\windows\system32\drivers\eeyehf.sys + 2009-09-09 00:29 . 2009-09-09 00:29 578560 c:\windows\system32\dllcache\user32.dll + 2009-09-09 00:26 . 2009-09-09 00:26 212992 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat + 2009-09-09 00:26 . 2008-08-07 22:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-09-09 00:26 . 2009-09-09 00:26 212992 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2009-09-09 00:26 . 2008-08-07 22:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-09-08 20:07 . 2009-09-08 20:07 212992 c:\windows\ERDNT\AutoBackup\9-8-2009\Users\00000002\UsrClass.dat + 2009-09-08 20:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-8-2009\ERDNT.EXE + 2009-09-07 18:49 . 2009-09-07 18:49 212992 c:\windows\ERDNT\AutoBackup\9-7-2009\Users\00000002\UsrClass.dat + 2009-09-07 18:49 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-7-2009\ERDNT.EXE + 2009-09-07 06:36 . 2009-09-07 06:36 208896 c:\windows\ERDNT\AutoBackup\9-6-2009\Users\00000002\UsrClass.dat + 2009-09-07 06:36 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-6-2009\ERDNT.EXE + 2009-09-07 01:23 . 2009-09-07 01:23 208896 c:\windows\ERDNT\9-6-2009\Users\00000002\UsrClass.dat + 2009-09-07 01:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\9-6-2009\ERDNT.EXE + 2009-09-09 00:26 . 2009-09-09 00:26 8826880 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2009-09-09 00:26 . 2009-09-09 00:26 8826880 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2009-09-08 20:07 . 2009-09-08 20:07 8826880 c:\windows\ERDNT\AutoBackup\9-8-2009\Users\00000001\NTUSER.DAT + 2009-09-07 18:49 . 2009-09-07 18:49 8826880 c:\windows\ERDNT\AutoBackup\9-7-2009\Users\00000001\NTUSER.DAT + 2009-09-07 06:36 . 2009-09-07 06:36 8826880 c:\windows\ERDNT\AutoBackup\9-6-2009\Users\00000001\NTUSER.DAT + 2009-09-07 01:23 . 2009-09-07 01:23 8826880 c:\windows\ERDNT\9-6-2009\Users\00000001\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-02-09 65024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376] c:\documents and settings\Owner\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Blink.lnk - c:\program files\eEye Digital Security\Blink\Blink.exe [2009-9-8 693704] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk backup=c:\windows\pss\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^dmaupd32.exe] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe backup=c:\windows\pss\dmaupd32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Common Files\\eEye Digital Security\\Application Bus\\eeyeevnt.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R0 eeyen;eEye NDIS driver;c:\windows\system32\drivers\eeyen.sys [9/8/2009 5:10 PM 57712] R1 eeyeh;eeyeh;c:\windows\system32\drivers\eeyehf.sys [9/8/2009 5:10 PM 133744] R1 eeyet;eEye TDI driver;c:\windows\system32\drivers\eeyet.sys [9/8/2009 5:10 PM 71536] R2 ndiskio;eEye DirectDisk Access Driver;c:\windows\system32\drivers\Ndiskio.sys [3/25/2009 10:34 AM 20448] S0 qaimfq;qaimfq; [x] S0 uukb;uukb;c:\windows\system32\drivers\vwzv.sys --> c:\windows\system32\drivers\vwzv.sys [?] S0 wijcxckz;wijcxckz; [x] S1 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-6741 v3.70\HwIOctl.sys --> c:\program files\Setup Files\MS-6741 v3.70\HwIOctl.sys [?] S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/10/2007 4:26 PM 472644] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: com.tw\www.msi Trusted Zone: fender.com\meet DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ddb5ddlv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-08 22:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{70C8E441-C7ED-11D1-82FB-00A0C91EEDE9}\ProxyStubC*sid32] @Class="REG_SZ" @="{455ACF57-5345-11D2-99CF-00C04F797BC9}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(3316) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\progra~1\SPYBOT~1\SDHelper.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\Common Files\eEye Digital Security\Application Bus\EEYEEVNT.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-09 22:21 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-09 05:21 ComboFix2.txt 2009-09-07 00:42 Pre-Run: 31,854,227,456 bytes free Post-Run: 31,898,955,776 bytes free Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 276 --- E O F --- 2009-09-05 10:01
  2. cmoney30
    seems to have worked Malwarebytes' Anti-Malware 1.40 Database version: 2763 Windows 5.1.2600 Service Pack 3 9/8/2009 10:33:31 PM mbam-log-2009-09-08 (22-33-31).txt Scan type: Quick Scan Objects scanned: 91643 Time elapsed: 3 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. cmoney30
    -------- 2009-09-06 - 14:48:04 ------------- read file error: C:\WINDOWS\system32\drivers\mrxdavv.sys, Not enough quota is available to process this command. read file error: C:\WINDOWS\system32\kwave.sys, Not enough quota is available to process this command. -------- 2009-09-06 - 17:25:32 ------------- -------- 2009-09-06 - 17:26:23 ------------- read file error: C:\WINDOWS\system32\drivers\mrxdavv.sys, Not enough quota is available to process this command. read file error: C:\WINDOWS\system32\kwave.sys, Not enough quota is available to process this command.
  4. cmoney30
    Malwarebytes' Anti-Malware 1.40 Database version: 2762 Windows 5.1.2600 Service Pack 3 9/8/2009 6:01:03 PM mbam-log-2009-09-08 (18-00-59).txt Scan type: Quick Scan Objects scanned: 91882 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> No action taken.
  5. cmoney30
    /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2009-09-06, 23:52:46, Auto-clean mode specified. 2009-09-06, 23:52:47, Initialized Rootkit Driver version 2.2.0.1004. 2009-09-06, 23:52:47, Running scanner "C:\dce\TSC.BIN"... 2009-09-06, 23:52:55, Scanner "C:\dce\TSC.BIN" has finished running. 2009-09-06, 23:52:55, TSC Log:
  6. cmoney30
    Malware still finds it. and Firefox doesnt work right now. I will post the file requested when i get home.
  7. cmoney30
    Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! `````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner (remove only) Java 6 Update 12 Out of date Java installed! Adobe Flash Player 10 `````````````````````````````` Process Check: objlist.exe by Laurent `````````````````````````````` DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. `````````End of Log```````````
  8. cmoney30
    OTL Extras logfile created on: 9/6/2009 6:40:05 PM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.20% Memory free 3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.06% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 30.42 Gb Free Space | 40.82% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 465.75 Gb Total Space | 168.27 Gb Free Space | 36.13% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARK Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FirstRunDisabled" = "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 "3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server "3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server "51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server "51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server "427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP "427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks) "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation) "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:
  9. cmoney30
    ] [2 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2064/10/26 06:57:25 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll [2064/10/26 06:57:25 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll [2064/10/26 06:57:25 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl [2064/10/26 06:57:25 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl [2064/10/26 06:57:25 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll [2064/10/26 06:57:25 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll [2064/10/26 06:57:25 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll [2064/10/26 06:57:25 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui [2064/10/26 06:57:25 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui [2064/10/26 06:57:25 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui [2064/10/26 06:57:24 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll [2064/10/26 06:57:24 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll [2064/10/26 06:57:24 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2064/10/26 06:57:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2064/10/26 06:54:44 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer [2064/10/26 06:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities [2064/10/26 06:54:36 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information [2064/10/26 06:54:23 | 00,000,000 | -HSD | C] -- C:\System Volume Information [2064/10/26 06:54:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures [2064/10/26 06:54:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music [2064/10/26 06:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft [2064/10/26 06:54:15 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft [2064/10/26 06:49:47 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2064/10/26 06:48:40 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2064/10/26 06:48:30 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime [2064/10/26 06:48:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime [2064/10/26 06:48:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime [2064/10/26 06:48:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime [2064/10/26 06:48:29 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime [2064/10/26 06:48:28 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime [2064/10/26 06:48:28 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2064/10/26 06:48:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2064/10/26 06:48:27 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2064/10/26 06:48:26 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll [2064/10/26 06:48:26 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll [2064/10/26 06:48:25 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll [2064/10/26 06:48:25 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime [2064/10/26 06:48:24 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime [2064/10/26 06:48:24 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe [2064/10/26 06:48:24 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe [2064/10/26 06:48:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2064/10/26 06:48:24 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll [2064/10/26 06:48:23 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2064/10/26 06:48:23 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2064/10/26 06:48:23 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2064/10/26 06:48:23 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2064/10/26 06:48:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2064/10/26 06:48:20 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2064/10/26 06:48:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2064/10/26 06:48:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2064/10/26 06:48:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll [2064/10/26 06:48:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2064/10/26 06:48:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2064/10/26 06:48:18 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2064/10/26 06:48:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2064/10/26 06:48:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2064/10/26 06:48:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2064/10/26 06:48:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2064/10/26 06:48:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2064/10/26 06:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2064/10/26 06:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2064/10/26 06:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2064/10/26 06:48:18 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2064/10/26 06:48:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2064/10/26 06:48:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2064/10/26 06:48:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2064/10/26 06:48:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2064/10/26 06:48:17 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2064/10/26 06:48:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll [2064/10/26 06:48:13 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll [2064/10/26 06:48:13 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2064/10/26 06:48:13 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2064/10/26 06:48:12 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2064/10/26 06:48:12 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2064/10/26 06:48:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime [2064/10/26 06:48:12 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll [2064/10/26 06:48:11 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2064/10/26 06:48:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2064/10/26 06:48:09 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime [2064/10/26 06:48:09 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2064/10/26 06:48:09 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2064/10/26 06:48:08 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2064/10/26 06:48:08 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2064/10/26 06:48:08 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2064/10/26 06:48:08 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2064/10/26 06:48:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2064/10/26 06:48:07 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2064/10/26 06:48:07 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll [2064/10/26 06:48:07 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime [2064/10/26 06:48:07 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll [2064/10/26 06:48:07 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2064/10/26 06:48:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll [2064/10/26 06:48:07 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll [2064/10/26 06:48:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2064/10/26 06:48:03 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2064/10/26 06:48:02 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2064/10/26 06:47:58 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2064/10/26 06:47:58 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2064/10/26 06:47:52 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2064/10/26 06:47:52 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2064/10/26 06:47:50 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2064/10/26 06:47:49 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2064/10/26 06:47:49 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2064/10/26 06:47:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2064/10/26 06:47:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2064/10/26 06:47:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2064/10/26 06:47:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2064/10/26 06:47:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2064/10/26 06:47:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2064/10/26 06:47:48 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2064/10/26 06:47:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2064/10/26 06:47:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2064/10/26 06:47:47 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2064/10/26 06:47:46 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2064/10/26 06:47:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2064/10/26 06:47:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2064/10/26 06:47:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2064/10/26 06:47:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2064/10/26 06:47:46 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2064/10/26 06:47:46 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2064/10/26 06:47:44 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll [2064/10/26 06:47:43 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2064/10/26 06:47:43 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll [2064/10/26 06:47:43 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe [2064/10/26 06:47:43 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe [2064/10/26 06:47:43 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe [2064/10/26 06:47:43 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe [2064/10/26 06:47:43 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe [2064/10/26 06:47:43 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll [2064/10/26 06:47:43 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2064/10/26 06:47:43 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2064/10/26 06:47:43 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2064/10/26 06:47:42 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll [2064/10/26 06:47:42 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll [2064/10/26 06:47:42 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll [2064/10/26 06:47:42 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime [2064/10/26 06:47:42 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2064/10/26 06:47:42 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe [2064/10/26 06:47:42 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2064/10/26 06:47:42 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll [2064/10/26 06:47:42 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2064/10/26 06:47:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2064/10/26 06:47:41 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2064/10/26 06:47:41 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll [2064/10/26 06:47:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime [2064/10/26 06:47:41 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll [2064/10/26 06:47:38 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2064/10/26 06:47:33 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll [2064/10/26 06:47:30 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2064/10/26 06:47:28 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2064/10/26 06:47:28 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2064/10/26 06:47:27 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll [2064/10/26 06:47:27 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll [2064/10/26 06:47:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe [2064/10/26 06:47:26 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll [2064/10/26 06:47:26 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2064/10/26 06:47:26 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2064/10/26 06:47:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2064/10/26 06:47:25 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2064/10/26 06:47:25 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2064/10/26 06:47:25 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2064/10/26 06:47:25 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2064/10/26 06:47:23 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll [2064/10/26 06:47:19 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime [2064/10/26 06:47:16 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe [2064/10/26 06:47:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2064/10/26 06:47:15 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe [2064/10/26 06:47:15 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll [2064/10/26 06:47:15 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll [2064/10/26 06:47:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime [2064/10/26 06:47:14 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2064/10/26 06:47:14 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2064/10/26 06:47:14 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll [2064/10/26 06:47:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll [2064/10/26 06:47:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2064/10/26 06:47:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2064/10/26 06:47:14 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2064/10/26 06:47:14 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2064/10/26 06:47:13 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime [2064/10/26 06:47:12 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2064/10/26 06:47:11 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2064/10/26 06:47:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2064/10/26 06:47:10 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll [2064/10/26 06:47:10 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2064/10/26 06:47:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2064/10/26 06:47:03 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll [2064/10/26 06:47:03 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll [2064/10/26 06:46:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom [2064/10/26 06:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\xerox [2064/10/26 06:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage [2064/10/26 06:46:38 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT [2064/10/26 06:46:36 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml [2064/10/26 06:46:36 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb [2064/10/26 06:46:36 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb [2064/10/26 06:46:35 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx [2064/10/26 06:46:22 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT [2064/10/26 06:46:19 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll [2064/10/26 06:45:24 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2064/10/26 06:45:24 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2064/10/26 06:45:24 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files [2064/10/26 06:45:24 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages [2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2064/10/26 06:45:01 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2064/10/26 06:44:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX [2064/10/26 06:44:31 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll [2064/10/26 06:44:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll [2064/10/26 06:44:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll [2064/10/26 06:44:31 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll [2064/10/26 06:44:30 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe [2064/10/26 06:44:30 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe [2064/10/26 06:44:30 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll [2064/10/26 06:44:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll [2064/10/26 06:44:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll [2064/10/26 06:44:30 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll [2064/10/26 06:44:28 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp [2064/10/26 06:44:28 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp [2064/10/26 06:44:23 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe [2064/10/26 06:44:23 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2064/10/26 06:44:22 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm [2064/10/26 06:44:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe [2064/10/26 06:44:22 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll [2064/10/26 06:44:22 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll [2064/10/26 06:44:22 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll [2064/10/26 06:44:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll [2064/10/26 06:44:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll [2064/10/26 06:44:21 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe [2064/10/26 06:44:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe [2064/10/26 06:44:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe [2064/10/26 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services [2064/10/26 06:44:19 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll [2064/10/26 06:44:16 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll [2064/10/26 06:44:16 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll [2064/10/26 06:44:16 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll [2064/10/26 06:44:16 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll [2064/10/26 06:44:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll [2064/10/26 06:44:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll [2064/10/26 06:44:16 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks [2064/10/26 06:44:15 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe [2064/10/26 06:44:15 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll [2064/10/26 06:44:15 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll [2064/10/26 06:44:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2064/10/26 06:44:14 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll [2064/10/26 06:44:14 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll [2064/10/26 06:44:14 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll [2064/10/26 06:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap [2064/10/26 06:44:12 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx [2064/10/26 06:44:10 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll [2064/10/26 06:44:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed [2064/10/26 06:44:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst [2064/10/26 06:44:09 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll [2064/10/26 06:44:09 | 00,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll [2064/10/26 06:44:09 | 00,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll [2064/10/26 06:44:09 | 00,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll [2064/10/26 06:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker [2064/10/26 06:44:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth [2064/10/26 06:44:04 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll [2064/10/26 06:44:04 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll [2064/10/26 06:44:04 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv [2064/10/26 06:44:04 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll [2064/10/26 06:44:04 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll [2064/10/26 06:44:04 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys [2064/10/26 06:44:04 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll [2064/10/26 06:44:04 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll [2064/10/26 06:44:04 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll [2064/10/26 06:44:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore [2064/10/26 06:44:03 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll [2064/10/26 06:44:01 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll [2064/10/26 06:44:01 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll [2064/10/26 06:44:01 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll [2064/10/26 06:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting [2064/10/26 06:44:00 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll [2064/10/26 06:44:00 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll [2064/10/26 06:44:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe [2064/10/26 06:44:00 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express [2064/10/26 06:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System [2064/10/26 06:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer [2064/10/26 06:43:46 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2064/10/26 06:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2064/10/26 06:43:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration [2064/10/26 06:42:45 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate [2064/10/26 06:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player [2064/10/26 06:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services [2064/10/26 06:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger [2064/10/26 06:42:35 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll [2064/10/26 06:42:35 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll [2064/10/26 06:42:35 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll [2064/10/26 06:42:35 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll [2064/10/26 06:42:35 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe [2064/10/26 06:42:35 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe [2064/10/26 06:42:34 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll [2064/10/26 06:42:34 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll [2064/10/26 06:42:34 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll [2064/10/26 06:42:34 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll [2064/10/26 06:42:34 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll [2064/10/26 06:42:34 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe [2064/10/26 06:42:34 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe [2064/10/26 06:42:34 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe [2064/10/26 06:42:34 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll [2064/10/26 06:42:34 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll [2064/10/26 06:42:33 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll [2064/10/26 06:42:33 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll [2064/10/26 06:42:33 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll [2064/10/26 06:42:33 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll [2064/10/26 06:42:33 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll [2064/10/26 06:42:33 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll [2064/10/26 06:42:32 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe [2064/10/26 06:42:32 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll [2064/10/26 06:42:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe [2064/10/26 06:42:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe [2064/10/26 06:42:32 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone [2064/10/26 06:42:24 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe [2064/10/26 06:42:24 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl [2064/10/26 06:42:23 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll [2064/10/26 06:42:23 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll [2064/10/26 06:42:23 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2064/10/26 06:42:23 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe [2064/10/26 06:42:23 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe [2064/10/26 06:42:23 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll [2064/10/26 06:42:23 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll [2064/10/26 06:42:23 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll [2064/10/26 06:42:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll [2064/10/26 06:42:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll [2064/10/26 06:42:23 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll [2064/10/26 06:42:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe [2064/10/26 06:42:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe [2064/10/26 06:42:18 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp [2064/10/26 06:42:18 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp [2064/10/26 06:42:18 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp [2064/10/26 06:42:18 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp [2064/10/26 06:42:18 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2064/10/26 06:42:18 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp [2064/10/26 06:42:18 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp [2064/10/26 06:42:18 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp [2064/10/26 06:42:17 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll [2064/10/26 06:42:17 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll [2064/10/26 06:42:17 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce [2064/10/26 06:42:17 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp [2064/10/26 06:42:17 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce [2064/10/26 06:42:17 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp [2064/10/26 06:42:17 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce [2064/10/26 06:42:17 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce [2064/10/26 06:42:17 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce [2064/10/26 06:42:17 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce [2064/10/26 06:42:17 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp [2064/10/26 06:42:16 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe [2064/10/26 06:42:16 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe [2064/10/26 06:42:16 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe [2064/10/26 06:42:16 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe [2064/10/26 06:42:16 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe [2064/10/26 06:42:16 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe [2064/10/26 06:42:16 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce [2064/10/26 06:42:16 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce [2064/10/26 06:42:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe [2064/10/26 06:42:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe [2064/10/26 06:42:15 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe [2064/10/26 06:42:15 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe [2064/10/26 06:42:15 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe [2064/10/26 06:42:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe [2064/10/26 06:42:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe [2064/10/26 06:42:15 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys [2064/10/26 06:42:15 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys [2064/10/26 06:42:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe [2064/10/26 06:42:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe [2064/10/26 06:42:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe [2064/10/26 06:42:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe [2064/10/26 06:42:14 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe [2064/10/26 06:42:14 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe [2064/10/26 06:42:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe [2064/10/26 06:42:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe [2064/10/26 06:42:14 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe [2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe [2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe [2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe [2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe [2064/10/26 06:42:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe [2064/10/26 06:42:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe [2064/10/26 06:42:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe [2064/10/26 06:42:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe [2064/10/26 06:42:14 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe [2064/10/26 06:42:14 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe [2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe [2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe [2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe [2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe [2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe [2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe [2064/10/26 06:42:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll [2064/10/26 06:42:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll [2064/10/26 06:42:14 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h [2064/10/26 06:42:14 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd [2064/10/26 06:42:13 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll [2064/10/26 06:42:13 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll [2064/10/26 06:42:13 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll [2064/10/26 06:42:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll [2064/10/26 06:42:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll [2064/10/26 06:42:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll [2064/10/26 06:42:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe [2064/10/26 06:42:13 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h [2064/10/26 06:42:12 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll [2064/10/26 06:42:12 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll [2064/10/26 06:42:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb [2064/10/26 06:42:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe [2064/10/26 06:42:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll [2064/10/26 06:42:11 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll [2064/10/26 06:42:11 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll [2064/10/26 06:42:11 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll [2064/10/26 06:42:11 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll [2064/10/26 06:42:11 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll [2064/10/26 06:42:11 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll [2064/10/26 06:42:11 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll [2064/10/26 06:42:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll [2064/10/26 06:42:07 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll [2064/10/26 06:42:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll [2064/10/26 06:42:07 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll [2064/10/26 06:42:06 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll [2064/10/26 06:42:06 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll [2064/10/26 06:42:06 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb [2064/10/26 06:42:06 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll [2064/10/26 06:42:06 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb [2064/10/26 06:42:06 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe [2064/10/26 06:42:06 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll [2064/10/26 06:42:06 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe [2064/10/26 06:42:06 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll [2064/10/26 06:42:05 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll [2064/10/26 06:42:05 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll [2064/10/26 06:42:05 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc [2064/10/26 06:42:05 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll [2064/10/26 06:42:05 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll [2064/10/26 06:42:04 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll [2064/10/26 06:42:04 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll [2064/10/26 06:42:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll [2064/10/26 06:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT [2064/10/26 06:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\MSN [2064/10/26 06:41:59 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll [2064/10/26 06:41:59 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll [2064/10/26 06:41:59 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe [2064/10/26 06:41:59 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe [2064/10/26 06:41:59 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe [2064/10/26 06:41:59 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe [2064/10/26 06:41:59 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe [2064/10/26 06:41:59 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe [2064/10/26 06:41:59 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll [2064/10/26 06:41:58 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll [2064/10/26 06:41:58 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe [2064/10/26 06:41:58 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll [2064/10/26 06:41:58 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe [2064/10/26 06:41:58 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys [2064/10/26 06:41:58 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll [2064/10/26 06:41:58 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll [2064/10/26 06:41:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe [2064/10/26 06:41:57 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll [2064/10/26 06:41:57 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll [2064/10/26 06:41:57 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll [2064/10/26 06:41:57 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe [2064/10/26 06:41:57 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe [2064/10/26 06:41:57 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll [2064/10/26 06:41:57 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll [2064/10/26 06:41:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll [2064/10/26 06:41:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc [2064/10/26 06:41:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com [2064/10/26 06:41:53 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll [2064/10/26 06:41:50 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys [2064/10/26 06:41:50 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys [2064/10/25 22:39:01 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys [2064/10/25 22:38:20 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys [2064/10/25 22:37:28 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys [2064/10/25 22:37:24 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\drivers\fetnd5.sys [2064/10/25 22:37:20 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll [2064/10/25 22:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC [2064/10/25 22:35:54 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll [2064/10/25 22:35:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll [2064/10/25 22:35:53 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd [2064/10/25 22:35:53 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll [2064/10/25 22:35:53 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2064/10/25 22:35:53 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2064/10/25 22:35:52 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2064/10/25 22:35:52 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe [2064/10/25 22:35:52 | 00,000,000 | R--D | C] -- C:\Program Files [2064/10/25 22:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines [2064/10/25 22:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared [2064/10/25 22:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files [2064/10/25 22:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls [2064/10/25 22:35:50 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll [2064/10/25 22:35:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll [2064/10/25 22:35:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls [2064/10/25 22:35:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls [2064/10/25 22:35:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls [2064/10/25 22:35:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll [2064/10/25 22:35:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll [2064/10/25 22:35:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll [2064/10/25 22:35:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll [2064/10/25 22:35:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS [2064/10/25 22:35:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll [2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll [2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll [2064/10/25 22:35:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls [2064/10/25 22:35:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls [2064/10/25 22:35:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls [2064/10/25 22:35:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls [2064/10/25 22:35:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS [2064/10/25 22:35:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls [2064/10/25 22:35:46 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll [2064/10/25 22:35:46 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll [2064/10/25 22:35:46 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll [2064/10/25 22:35:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll [2064/10/25 22:35:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll [2064/10/25 22:35:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll [2064/10/25 22:35:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll [2064/10/25 22:35:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll [2064/10/25 22:35:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll [2064/10/25 22:35:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll [2064/10/25 22:35:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll [2064/10/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll [2064/10/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll [2064/10/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll [2064/10/25 22:35:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls [2064/10/25 22:35:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls [2064/10/25 22:35:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS [2064/10/25 22:35:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll [2064/10/25 22:35:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll [2064/10/25 22:35:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll [2064/10/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll [2064/10/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll [2064/10/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll [2064/10/25 22:35:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll [2064/10/25 22:35:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll [2064/10/25 22:35:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll [2064/10/25 22:35:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll [2064/10/25 22:35:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls [2064/10/25 22:35:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls [2064/10/25 22:35:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls [2064/10/25 22:35:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls [2064/10/25 22:35:43 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll [2064/10/25 22:35:43 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll [2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll [2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll [2064/10/25 22:35:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll [2064/10/25 22:35:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll [2064/10/25 22:35:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll [2064/10/25 22:35:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll [2064/10/25 22:35:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll [2064/10/25 22:35:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll [2064/10/25 22:35:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls [2064/10/25 22:35:41 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll [2064/10/25 22:35:41 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll [2064/10/25 22:35:41 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll [2064/10/25 22:35:41 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll [2064/10/25 22:35:41 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll [2064/10/25 22:35:41 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll [2064/10/25 22:35:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2064/10/25 22:35:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2064/10/25 22:35:41 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv [2064/10/25 22:35:41 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV [2064/10/25 22:35:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2064/10/25 22:35:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2064/10/25 22:35:41 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys [2064/10/25 22:35:41 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll [2064/10/25 22:35:41 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL [2064/10/25 22:35:41 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv [2064/10/25 22:35:41 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV [2064/10/25 22:35:40 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll [2064/10/25 22:35:40 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL [2064/10/25 22:35:40 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll [2064/10/25 22:35:40 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL [2064/10/25 22:35:40 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv [2064/10/25 22:35:40 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV [2064/10/25 22:35:40 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll [2064/10/25 22:35:40 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv [2064/10/25 22:35:40 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV [2064/10/25 22:35:40 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv [2064/10/25 22:35:40 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV [2064/10/25 22:35:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll [2064/10/25 22:35:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL [2064/10/25 22:35:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll [2064/10/25 22:35:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL [2064/10/25 22:35:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll [2064/10/25 22:35:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL [2064/10/25 22:35:40 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv [2064/10/25 22:35:40 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV [2064/10/25 22:35:40 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv [2064/10/25 22:35:40 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV [2064/10/25 22:35:40 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv [2064/10/25 22:35:40 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV [2064/10/25 22:35:40 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv [2064/10/25 22:35:40 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV [2064/10/25 22:35:40 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv [2064/10/25 22:35:40 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV [2064/10/25 22:35:40 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk [2064/10/25 22:35:40 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK [2064/10/25 22:35:39 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll [2064/10/25 22:35:39 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL [2064/10/25 22:35:39 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll [2064/10/25 22:35:39 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL [2064/10/25 22:35:39 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe [2064/10/25 22:35:39 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll [2064/10/25 22:35:39 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL [2064/10/25 22:35:39 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE [2064/10/25 22:35:39 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe [2064/10/25 22:35:39 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll [2064/10/25 22:35:39 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL [2064/10/25 22:35:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll [2064/10/25 22:35:39 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT [2064/10/25 22:35:38 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv [2064/10/25 22:35:37 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll [2064/10/25 22:35:23 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2064/10/25 22:35:23 | 00,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT [2064/10/25 22:35:23 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2064/10/25 22:35:23 | 00,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT [2064/10/25 22:35:23 | 00,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT [2064/10/25 22:35:23 | 00,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT [2064/10/25 22:35:23 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2064/10/25 22:35:23 | 00,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT [2064/10/25 22:35:23 | 00,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT [2064/10/25 22:35:23 | 00,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT [2064/10/25 22:35:23 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2064/10/25 22:35:23 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2064/10/25 22:35:23 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2064/10/25 22:35:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2064/10/25 22:35:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot [2064/10/25 22:35:00 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2064/10/25 22:34:19 | 02,237,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2064/10/25 22:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings [2064/10/25 22:33:26 | 00,000,281 | RHS- | C] () -- C:\boot.ini [2064/10/25 22:33:19 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf [2064/10/25 22:30:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts [2064/10/25 22:30:19 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache [2064/10/25 22:30:19 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web [2064/10/25 22:30:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32 [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\system [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\security [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\java [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins [2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS [2064/08/03 06:53:51 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft [2064/08/03 06:53:48 | 06,405,284 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db [2064/08/03 06:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! [2064/08/03 06:50:11 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2009/09/06 18:39:29 | 00,014,403 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Download OTL by OldTimer to your desktop.docx [2009/09/06 18:24:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/09/06 18:22:28 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/09/06 18:22:22 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk [2009/09/06 18:22:22 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk [2009/09/06 18:22:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/09/06 17:27:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/09/06 17:27:40 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/09/06 17:27:38 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/09/06 17:07:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/09/06 17:07:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/09/06 17:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads [2009/09/06 14:48:09 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/09/06 14:48:09 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/09/06 14:48:09 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/09/06 14:48:09 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/09/06 14:48:09 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/09/06 14:48:09 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/09/06 14:48:09 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/09/06 14:48:09 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/09/06 14:48:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/09/05 09:02:19 | 00,159,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2009map.gif [2009/09/05 08:39:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/09/05 08:37:55 | 08,050,536 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe [2009/09/05 07:51:00 | 00,000,767 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090905-075100.backup [2009/09/04 23:02:17 | 00,069,710 | ---- | C] () -- C:\Retina-5.10.11.1691-20090904-230217-2496-0A00-00000000.dmp [2009/09/04 20:08:59 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/09/04 19:24:48 | 00,320,912 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\seccomm.dll [2009/09/04 19:24:48 | 00,299,904 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\EMSAgent.dll [2009/09/04 19:24:48 | 00,236,984 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\FileStore.dll [2009/09/04 19:24:48 | 00,089,520 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\seccommutil.dll [2009/09/04 19:24:47 | 00,200,120 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\eEyePKI.dll [2009/09/04 19:24:47 | 00,186,784 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\eevtc.dll [2009/09/04 19:24:47 | 00,176,584 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\DeploySupport.dll [2009/09/04 19:24:01 | 01,801,168 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\elic.dll [2009/09/04 19:24:01 | 00,284,016 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\DebugRpt.dll [2009/09/04 19:24:01 | 00,252,272 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\LocalStorage.dll [2009/09/04 19:19:20 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Blink.lnk [2009/09/04 19:18:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eEye Digital Security [2009/09/04 19:17:34 | 03,199,392 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2009/09/04 19:14:38 | 87,349,616 | ---- | C] (eEye Digital Security) -- C:\Documents and Settings\Owner\Desktop\BlinkConsumerSetup(2).exe [2009/09/04 18:56:46 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009/09/04 18:56:39 | 00,175,888 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe [2009/09/04 18:43:03 | 00,198,204 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090904_184300.reg [2009/09/04 18:40:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [2009/09/04 18:40:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2009/09/04 18:39:55 | 03,293,992 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup223.exe [2009/09/04 18:18:45 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk [2009/09/04 18:18:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2009/09/04 18:18:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2009/09/04 18:17:58 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe [2009/09/04 17:42:16 | 00,005,395 | ---- | C] () -- C:\WINDOWS\System32\work2.info [2009/08/28 12:33:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TSCUninstall [2009/08/27 17:26:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Inglorious.Basterds.TS.Mic.XviD-DEViSE.english.subtitlesource [2009/08/26 13:55:08 | 00,306,886 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\peach cobbler.jpg [2009/08/25 17:31:07 | 00,023,899 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inglorious.Basterds.TS.Mic.XviD-DEViSE.english.subtitlesource.zip [2009/08/23 20:39:06 | 00,008,820 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Book1.xlsx [2009/08/12 19:42:06 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll [2009/08/12 19:41:39 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx [2009/08/10 12:16:20 | 00,034,434 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ryan's birthday 2009.docx [2009/06/22 20:11:25 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2009/04/30 23:00:50 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/03/12 16:51:16 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll [2009/03/12 16:51:16 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll [2009/02/06 22:18:53 | 00,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI [2009/02/06 14:35:06 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2008/11/06 09:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/11/06 09:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/11/30 18:54:25 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2007/11/30 18:54:25 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2007/11/30 18:54:25 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2007/11/30 18:54:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2007/11/27 00:14:14 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007/09/27 23:55:59 | 00,066,048 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2007/08/11 01:48:31 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2007/08/11 01:32:53 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2007/08/10 16:31:12 | 00,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini [2007/08/10 16:29:20 | 00,000,382 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini [2007/08/10 16:29:00 | 00,030,592 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2007/08/10 16:28:49 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2007/08/10 16:26:29 | 00,007,316 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2007/08/08 01:39:57 | 00,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll [2007/08/08 01:39:57 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll [2007/08/08 01:39:57 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll [2007/08/08 01:39:56 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [2007/08/08 01:39:56 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL [2007/08/08 01:39:56 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll [2007/08/03 15:51:37 | 00,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/08/03 12:26:13 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2007/08/03 08:36:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2007/06/29 00:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007/06/29 00:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007/06/29 00:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007/06/29 00:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007/06/29 00:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/11/01 16:18:34 | 00,006,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys [2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2002/08/29 05:00:00 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini [2002/08/29 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini ========== Files - Modified Within 30 Days ========== [2 C:\WINDOWS\System32\*.tmp files] [5 C:\WINDOWS\*.tmp files] [2064/10/26 06:54:42 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml [2064/10/26 06:49:47 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [2064/10/26 06:48:40 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2064/10/26 06:46:38 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2064/10/26 06:46:35 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx [2064/10/26 06:46:19 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2064/10/26 06:45:24 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2064/10/26 06:45:24 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2064/10/26 06:43:46 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2064/10/26 06:43:26 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini [2064/10/26 06:43:26 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini [2009/09/06 18:39:29 | 00,014,403 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Download OTL by OldTimer to your desktop.docx [2009/09/06 18:22:28 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/09/06 18:22:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk [2009/09/06 18:22:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk [2009/09/06 17:34:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/09/06 17:34:24 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/09/06 17:33:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/09/06 17:33:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/09/06 17:27:44 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/09/06 17:25:59 | 03,199,392 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe [2009/09/06 17:07:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk [2009/09/05 23:01:42 | 00,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI [2009/09/05 09:02:20 | 00,159,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2009map.gif [2009/09/05 08:39:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/09/05 08:38:46 | 08,050,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe [2009/09/04 23:02:19 | 00,069,710 | ---- | M] () -- C:\Retina-5.10.11.1691-20090904-230217-2496-0A00-00000000.dmp [2009/09/04 20:06:22 | 00,005,395 | ---- | M] () -- C:\WINDOWS\System32\work2.info [2009/09/04 19:39:02 | 00,000,661 | ---- | M] () -- C:\WINDOWS\win.ini [2009/09/04 19:39:02 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009/09/04 19:24:48 | 00,320,912 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\seccomm.dll [2009/09/04 19:24:48 | 00,299,904 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\EMSAgent.dll [2009/09/04 19:24:48 | 00,236,984 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\FileStore.dll [2009/09/04 19:24:48 | 00,089,520 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\seccommutil.dll [2009/09/04 19:24:47 | 00,200,120 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\eEyePKI.dll [2009/09/04 19:24:47 | 00,186,784 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\eevtc.dll [2009/09/04 19:24:47 | 00,176,584 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\DeploySupport.dll [2009/09/04 19:24:01 | 01,801,168 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\elic.dll [2009/09/04 19:24:01 | 00,284,016 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\DebugRpt.dll [2009/09/04 19:24:01 | 00,252,272 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\LocalStorage.dll [2009/09/04 19:21:40 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Blink.lnk [2009/09/04 19:17:48 | 87,349,616 | ---- | M] (eEye Digital Security) -- C:\Documents and Settings\Owner\Desktop\BlinkConsumerSetup(2).exe [2009/09/04 18:56:36 | 00,175,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe [2009/09/04 18:43:08 | 00,198,204 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090904_184300.reg [2009/09/04 18:40:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk [2009/09/04 18:40:05 | 03,293,992 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup223.exe [2009/09/04 18:18:45 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk [2009/09/04 18:18:14 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe [2009/09/04 10:04:06 | 00,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/09/03 16:35:56 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/26 13:55:09 | 00,306,886 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\peach cobbler.jpg [2009/08/25 17:31:07 | 00,023,899 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inglorious.Basterds.TS.Mic.XviD-DEViSE.english.subtitlesource.zip [2009/08/23 20:39:06 | 00,008,820 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Book1.xlsx [2009/08/19 10:50:16 | 00,034,434 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ryan's birthday 2009.docx ========== LOP Check ========== [2009/09/04 18:18:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2007/08/03 15:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead [2009/04/11 13:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM [2009/04/30 16:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2007/08/03 08:37:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA [2007/12/16 00:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2009/06/22 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink [2009/04/11 13:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2007/11/24 17:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/09/27 23:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2009/09/04 17:52:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data [2009/06/22 20:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead [2009/08/15 21:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss [2009/06/07 10:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn [2009/07/07 16:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio [2007/08/10 16:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust [2009/04/05 08:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks [2009/03/18 17:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish [2009/03/27 14:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer [2007/10/06 10:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems [2009/09/01 21:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent [2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009/09/06 17:33:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== < End of report >
  10. cmoney30
    OTL logfile created on: 9/6/2009 6:40:05 PM - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.20% Memory free 3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.06% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 30.42 Gb Free Space | 40.82% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 465.75 Gb Total Space | 168.27 Gb Free Space | 36.13% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARK Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/03/25 10:48:40 | 00,219,512 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\blinksvc.exe PRC - [2009/03/25 10:48:32 | 00,549,272 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\BLINKRM.exe PRC - [2009/03/07 10:48:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2004/02/06 23:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe PRC - [2005/11/15 12:49:44 | 05,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe PRC - [2009/09/04 19:24:47 | 00,989,128 | ---- | M] (eEye Digital Security) -- C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe PRC - [2004/02/09 01:54:14 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2008/08/20 10:54:08 | 00,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe PRC - [2009/03/25 10:48:38 | 00,628,160 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\Blink.exe PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/09/06 18:28:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped]) SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009/03/25 10:48:40 | 00,219,512 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\blinksvc.exe -- (blinksvc [unknown | Running]) SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2009/09/04 19:24:47 | 00,989,128 | ---- | M] (eEye Digital Security) -- C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe -- (eeyeevnt [Auto | Running]) SRV - [2009/04/11 12:28:54 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped]) SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2008/10/16 19:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running]) SRV - [2008/10/16 19:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running]) SRV - [2008/10/16 19:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running]) SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009/03/07 10:48:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running]) SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running]) SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running]) SRV - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running]) SRV - File not found -- -- (WMP54Gv4SVC [Auto | Running]) SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running]) ========== Driver Services (SafeList) ========== DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running]) DRV - [2009/02/06 22:19:15 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running]) DRV - [2004/02/18 08:51:08 | 00,610,988 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running]) DRV - [2005/02/01 19:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped]) DRV - File not found -- -- (catchme [On_Demand | Running]) DRV - [2007/11/21 19:47:05 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running]) DRV - [2009/03/25 10:48:38 | 00,095,600 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\Drivers\eeyeh.sys -- (eeyeh [system | Running]) DRV - [2009/03/25 10:48:38 | 00,052,592 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\system32\Drivers\eeyen.sys -- (eeyen [boot | Running]) DRV - [2009/03/25 10:48:38 | 00,071,024 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\Drivers\eeyet.sys -- (eeyet [system | Running]) DRV - [2009/02/17 10:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [system | Running]) DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running]) DRV - [2001/08/17 05:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped]) DRV - [2006/01/25 14:14:06 | 00,472,644 | R--- | M] (Hauppauge Computer Works) -- C:\WINDOWS\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx [On_Demand | Stopped]) DRV - [2007/02/06 11:27:02 | 00,185,728 | R--- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Stopped]) DRV - [2009/09/04 17:42:07 | 00,008,768 | ---- | M] () -- C:\Program Files\Setup Files\MS-6741 v3.70\HwIOctl.sys -- (HwIOctl [system | Running]) DRV - [2009/03/25 10:34:00 | 00,020,448 | ---- | M] (Norman ASA) -- C:\WINDOWS\System32\Drivers\ndiskio.sys -- (ndiskio [Auto | Running]) DRV - [2006/05/18 13:14:24 | 00,018,359 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Ntaccess.sys -- (NTACCESS [On_Demand | Stopped]) DRV - [2007/06/29 00:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running]) DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2008/02/06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running]) DRV - [2005/10/27 16:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running]) DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2007/11/27 00:14:15 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running]) DRV - [2007/11/15 22:38:16 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running]) DRV - [2003/09/25 23:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/07 10:48:39 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:59:28 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/05 08:39:27 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/05 08:39:25 | 00,000,000 | ---D | M] [2009/09/05 08:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions [2009/09/05 08:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/09/06 08:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ddb5ddlv.default\extensions [2009/09/04 18:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ddb5ddlv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/09/06 08:13:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/09/05 08:39:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/03/07 10:48:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009/07/30 04:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/07/30 04:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/03/07 10:48:39 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2008/11/06 09:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2008/12/10 17:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/07/30 04:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/07/30 00:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Blink.lnk = C:\Program Files\eEye Digital Security\Blink\Blink.exe (eEye Digital Security) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites) O15 - HKCU\..Trusted Domains: fender.com ([meet] https in Trusted sites) O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?2992255021828 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?2992255272937 (MUWebControl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/11/24 17:36:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ==========[/color
  11. cmoney30
    I am running blink personal anti virus by eeye digital security. I will do the rest of the steps now and post ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/06 18:27 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: as63lvdx.SYS Image Path: C:\WINDOWS\System32\Drivers\as63lvdx.SYS Address: 0xB8E0D000 Size: 421888 File Visible: No Signed: - Status: - Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xBA3E8000 Size: 31744 File Visible: No Signed: - Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xBA108000 Size: 60416 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB76FC000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA604000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_NTPNP4558 Image Path: \Driver\PCI_NTPNP4558 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xB7225000 Size: 6464 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5F9D000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\WINDOWS\$NtServicePackUninstall$\avc.sys Status: Locked to the Windows API! Path: C:\WINDOWS\Temp\HPSLPSVC0000.log Status: Locked to the Windows API! Path: C:\WINDOWS\ServicePackFiles\i386\avc.sys Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\avc.sys Status: Locked to the Windows API! SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f06de #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f0be8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5b34 #: 063 Function Name: NtDeleteKey Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f6036 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5fe0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xb9ec3fb2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xb9ec4340 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f04d2 #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5d08 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xb9ec4418 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xb9ec4298 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5e80 #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f20b8 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f1d24 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8a8a21e8 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x896f7790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x89eb8790 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_CREATE] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_CLOSE] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_POWER] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_PNP] Process: System Address: 0x89e881e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x89eab1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8a90f1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89a1a1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89a1a1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89a1a1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89a1a1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89a1a1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89a1a1e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x89e941e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x897b11e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_CREATE] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_CLOSE] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_READ] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_SET_INFORMATION] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_SHUTDOWN] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_CLEANUP] Process: System Address: 0x897ac1e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_PNP] Process: System Address: 0x897ac1e8 Size: 121 Shadow SSDT ------------------- #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f788e ==EOF==
  12. cmoney30
    I have tried everything malwarebytes still sees the two files. when i run malwarebytes in safe mode scan is clean but when i boot back to normal and rerun it find the two files still. I search for them to manually delete but the are not there. I have run combofix and posted above. also posted hijackthis log. I would just reimage but cant seem to find my disk. any help is much appreciated.
  13. cmoney30
    ComboFix 09-09-06.03 - Owner 09/06/2009 17:29.2.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1441 [GMT -7:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: eEye Digital Security Blink Anti-Virus *On-access scanning disabled* (Updated) {C4821238-EFD9-4B79-B2A5-40CE68D50E68} FW: eEye Digital Security Blink Firewall *disabled* {AC6BB248-92AF-4E26-A70A-6E5FDB75C144} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys . ---- Previous Run ------- . c:\windows\Installer\1df7de0.msp c:\windows\Installer\465d57.msp c:\windows\Installer\465d58.msp c:\windows\Installer\465d59.msp c:\windows\Installer\465d5a.msp c:\windows\Installer\465d5b.msp c:\windows\Installer\465d5c.msp c:\windows\Installer\465d5d.msp c:\windows\Installer\465d5e.msp c:\windows\Installer\465d5f.msp c:\windows\Installer\48fb59.msp c:\windows\Installer\48fb5a.msp c:\windows\Installer\48fb5b.msp c:\windows\Installer\48fb5c.msp c:\windows\Installer\48fb5d.msp c:\windows\Installer\48fb5e.msp c:\windows\Installer\48fb5f.msp c:\windows\Installer\48fb60.msp c:\windows\Installer\48fb61.msp c:\windows\Installer\48fb62.msp c:\windows\Installer\49d2c2.msp c:\windows\Installer\49d2cd.msp c:\windows\Installer\49d2d9.msp c:\windows\Installer\WMEncoder.msi c:\windows\system32\drivers\mrxdavv.sys c:\windows\system32\kwave.sys c:\windows\system32\winuid.dll . ((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2064-10-26 13:46 . 2064-10-26 13:46 -------- d-----w- c:\program files\microsoft frontpage 2064-10-26 13:43 . 2064-10-26 13:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-09-07 00:07 . 2009-09-07 00:07 -------- d-----w- c:\program files\Trend Micro 2009-09-06 23:24 . 2009-09-05 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-06 21:19 . 2009-09-06 21:19 324 ----a-w- c:\program files\gauisqd.txt 2009-09-05 02:40 . 2009-09-05 01:56 -------- d-----w- c:\program files\Panda Security 2009-09-05 02:24 . 2009-09-05 02:24 89520 ----a-w- c:\windows\system32\seccommutil.dll 2009-09-05 02:24 . 2009-09-05 02:24 320912 ----a-w- c:\windows\system32\seccomm.dll 2009-09-05 02:24 . 2009-09-05 02:24 299904 ----a-w- c:\windows\system32\EMSAgent.dll 2009-09-05 02:24 . 2009-09-05 02:24 236984 ----a-w- c:\windows\system32\FileStore.dll 2009-09-05 02:24 . 2009-09-05 02:24 200120 ----a-w- c:\windows\system32\eEyePKI.dll 2009-09-05 02:24 . 2009-09-05 02:24 186784 ----a-w- c:\windows\system32\eevtc.dll 2009-09-05 02:24 . 2009-09-05 02:24 176584 ----a-w- c:\windows\system32\DeploySupport.dll 2009-09-05 02:24 . 2009-09-05 02:24 284016 ----a-w- c:\windows\system32\DebugRpt.dll 2009-09-05 02:24 . 2009-09-05 02:24 252272 ----a-w- c:\windows\system32\LocalStorage.dll 2009-09-05 02:24 . 2009-09-05 02:24 1801168 ----a-w- c:\windows\system32\elic.dll 2009-09-05 02:19 . 2009-09-05 02:18 -------- d-----w- c:\program files\Common Files\eEye Digital Security 2009-09-05 01:40 . 2009-09-05 01:40 -------- d-----w- c:\program files\CCleaner 2009-09-05 01:21 . 2009-09-05 01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-02 04:29 . 2009-02-06 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent 2009-08-28 19:33 . 2009-08-28 19:33 -------- d-----w- c:\program files\Common Files\TSCUninstall 2009-08-16 04:01 . 2009-02-11 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss 2009-08-13 17:18 . 2007-08-12 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-08 00:47 . 2009-03-01 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-05 09:01 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-03 20:36 . 2009-03-01 17:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 20:36 . 2009-03-01 17:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-31 14:57 . 2009-06-22 00:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-17 19:01 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 06:43 . 2007-08-03 14:46 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2006-06-23 18:33 827392 ------w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2007-08-03 14:45 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2002-08-29 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2002-08-29 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2002-08-29 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2002-08-29 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2002-08-29 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2002-08-29 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2002-08-29 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:19 . 2064-10-26 13:41 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2002-08-29 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2002-08-29 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll . ------- Sigcheck ------- [-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\ServicePackFiles\i386\mspmsnsv.dll [-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll [-] C51B4A5C05A5475708E3C81C7765B71D [11.0.5721.5145] c:\windows\system32\mspmsnsv.dll . ((((((((((((((((((((((((((((( SnapShot@2009-09-06_21.55.54 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-07 00:33 . 2009-09-07 00:33 16384 c:\windows\Temp\Perflib_Perfdata_1d8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-02-09 65024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Blink.lnk - c:\program files\eEye Digital Security\Blink\Blink.exe [2009-3-25 628160] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk backup=c:\windows\pss\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^dmaupd32.exe] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe backup=c:\windows\pss\dmaupd32.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Common Files\\eEye Digital Security\\Application Bus\\eeyeevnt.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R0 eeyen;eEye NDIS driver;c:\windows\system32\drivers\eeyen.sys [3/25/2009 10:48 AM 52592] R1 eeyeh;eEye API driver;c:\windows\system32\drivers\eeyeh.sys [3/25/2009 10:48 AM 95600] R1 eeyet;eEye TDI driver;c:\windows\system32\drivers\eeyet.sys [3/25/2009 10:48 AM 71024] R1 HwIOctl;HwIOctl;c:\program files\Setup Files\MS-6741 v3.70\HwIOctl.sys [9/4/2009 5:42 PM 8768] R2 blinksvc;eEye Blink Engine;c:\program files\eEye Digital Security\Blink\blinksvc.exe [3/25/2009 10:48 AM 219512] R2 ndiskio;eEye DirectDisk Access Driver;c:\windows\system32\drivers\Ndiskio.sys [3/25/2009 10:34 AM 20448] S0 wijcxckz;wijcxckz; [x] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016] S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/10/2007 4:26 PM 472644] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/1/2009 10:44 AM 38160] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: com.tw\www.msi Trusted Zone: fender.com\meet DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ddb5ddlv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-06 17:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\Interface\{70C8E441-C7ED-11D1-82FB-00A0C91EEDE9}\ProxyStubC*sid32] @Class="REG_SZ" @="{455ACF57-5345-11D2-99CF-00C04F797BC9}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll - - - - - - - > 'explorer.exe'(1776) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\progra~1\SPYBOT~1\SDHelper.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\eEye Digital Security\Blink\BLINKRM.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\Common Files\eEye Digital Security\Application Bus\EEYEEVNT.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2009-09-07 17:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-07 00:42 Pre-Run: 32,762,896,384 bytes free Post-Run: 32,695,640,064 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 256 --- E O F --- 2009-09-05 10:01
  14. cmoney30
    Files Infected: C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> No action taken. C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> No action taken. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:18:33 PM, on 9/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\eEye Digital Security\Blink\blinksvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\eEye Digital Security\Blink\Blink.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Global Startup: Blink.lnk = C:\Program Files\eEye Digital Security\Blink\Blink.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?2992255021828 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?2992255272937 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: eEye Blink Engine (blinksvc) - eEye Digital Security - C:\Program Files\eEye Digital Security\Blink\blinksvc.exe O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -- End of file - 7107 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.