Jump to content

rootkit.agent.h and trojan.agent


cmoney30
 Share

Recommended Posts

Files Infected:

C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> No action taken.

C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> No action taken.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:18:33 PM, on 9/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\eEye Digital Security\Blink\blinksvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

C:\Program Files\eEye Digital Security\Blink\Blink.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')

O4 - Global Startup: Blink.lnk = C:\Program Files\eEye Digital Security\Blink\Blink.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?2992255021828

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?2992255272937

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: eEye Blink Engine (blinksvc) - eEye Digital Security - C:\Program Files\eEye Digital Security\Blink\blinksvc.exe

O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--

End of file - 7107 bytes

Link to post
Share on other sites

ComboFix 09-09-06.03 - Owner 09/06/2009 17:29.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1441 [GMT -7:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: eEye Digital Security Blink Anti-Virus *On-access scanning disabled* (Updated) {C4821238-EFD9-4B79-B2A5-40CE68D50E68}

FW: eEye Digital Security Blink Firewall *disabled* {AC6BB248-92AF-4E26-A70A-6E5FDB75C144}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

.

---- Previous Run -------

.

c:\windows\Installer\1df7de0.msp

c:\windows\Installer\465d57.msp

c:\windows\Installer\465d58.msp

c:\windows\Installer\465d59.msp

c:\windows\Installer\465d5a.msp

c:\windows\Installer\465d5b.msp

c:\windows\Installer\465d5c.msp

c:\windows\Installer\465d5d.msp

c:\windows\Installer\465d5e.msp

c:\windows\Installer\465d5f.msp

c:\windows\Installer\48fb59.msp

c:\windows\Installer\48fb5a.msp

c:\windows\Installer\48fb5b.msp

c:\windows\Installer\48fb5c.msp

c:\windows\Installer\48fb5d.msp

c:\windows\Installer\48fb5e.msp

c:\windows\Installer\48fb5f.msp

c:\windows\Installer\48fb60.msp

c:\windows\Installer\48fb61.msp

c:\windows\Installer\48fb62.msp

c:\windows\Installer\49d2c2.msp

c:\windows\Installer\49d2cd.msp

c:\windows\Installer\49d2d9.msp

c:\windows\Installer\WMEncoder.msi

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

c:\windows\system32\winuid.dll

.

((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2064-10-26 13:46 . 2064-10-26 13:46 -------- d-----w- c:\program files\microsoft frontpage

2064-10-26 13:43 . 2064-10-26 13:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-09-07 00:07 . 2009-09-07 00:07 -------- d-----w- c:\program files\Trend Micro

2009-09-06 23:24 . 2009-09-05 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-06 21:19 . 2009-09-06 21:19 324 ----a-w- c:\program files\gauisqd.txt

2009-09-05 02:40 . 2009-09-05 01:56 -------- d-----w- c:\program files\Panda Security

2009-09-05 02:24 . 2009-09-05 02:24 89520 ----a-w- c:\windows\system32\seccommutil.dll

2009-09-05 02:24 . 2009-09-05 02:24 320912 ----a-w- c:\windows\system32\seccomm.dll

2009-09-05 02:24 . 2009-09-05 02:24 299904 ----a-w- c:\windows\system32\EMSAgent.dll

2009-09-05 02:24 . 2009-09-05 02:24 236984 ----a-w- c:\windows\system32\FileStore.dll

2009-09-05 02:24 . 2009-09-05 02:24 200120 ----a-w- c:\windows\system32\eEyePKI.dll

2009-09-05 02:24 . 2009-09-05 02:24 186784 ----a-w- c:\windows\system32\eevtc.dll

2009-09-05 02:24 . 2009-09-05 02:24 176584 ----a-w- c:\windows\system32\DeploySupport.dll

2009-09-05 02:24 . 2009-09-05 02:24 284016 ----a-w- c:\windows\system32\DebugRpt.dll

2009-09-05 02:24 . 2009-09-05 02:24 252272 ----a-w- c:\windows\system32\LocalStorage.dll

2009-09-05 02:24 . 2009-09-05 02:24 1801168 ----a-w- c:\windows\system32\elic.dll

2009-09-05 02:19 . 2009-09-05 02:18 -------- d-----w- c:\program files\Common Files\eEye Digital Security

2009-09-05 01:40 . 2009-09-05 01:40 -------- d-----w- c:\program files\CCleaner

2009-09-05 01:21 . 2009-09-05 01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-02 04:29 . 2009-02-06 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent

2009-08-28 19:33 . 2009-08-28 19:33 -------- d-----w- c:\program files\Common Files\TSCUninstall

2009-08-16 04:01 . 2009-02-11 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss

2009-08-13 17:18 . 2007-08-12 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-08 00:47 . 2009-03-01 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-05 09:01 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 20:36 . 2009-03-01 17:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 20:36 . 2009-03-01 17:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-31 14:57 . 2009-06-22 00:00 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-17 19:01 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2007-08-03 14:46 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:12 . 2006-06-23 18:33 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2007-08-03 14:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2002-08-29 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2002-08-29 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2002-08-29 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2002-08-29 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2002-08-29 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2002-08-29 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2002-08-29 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 16:19 . 2064-10-26 13:41 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 14:13 . 2002-08-29 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:14 . 2002-08-29 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

------- Sigcheck -------

[-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] C086483E3DBA8C1C0A687EC8D5B3D4C1 [9.0.1.56] c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll

[-] C51B4A5C05A5475708E3C81C7765B71D [11.0.5721.5145] c:\windows\system32\mspmsnsv.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-06_21.55.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-07 00:33 . 2009-09-07 00:33 16384 c:\windows\Temp\Perflib_Perfdata_1d8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-02-09 65024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Blink.lnk - c:\program files\eEye Digital Security\Blink\Blink.exe [2009-3-25 628160]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk

backup=c:\windows\pss\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^dmaupd32.exe]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe

backup=c:\windows\pss\dmaupd32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\eEye Digital Security\\Application Bus\\eeyeevnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 eeyen;eEye NDIS driver;c:\windows\system32\drivers\eeyen.sys [3/25/2009 10:48 AM 52592]

R1 eeyeh;eEye API driver;c:\windows\system32\drivers\eeyeh.sys [3/25/2009 10:48 AM 95600]

R1 eeyet;eEye TDI driver;c:\windows\system32\drivers\eeyet.sys [3/25/2009 10:48 AM 71024]

R1 HwIOctl;HwIOctl;c:\program files\Setup Files\MS-6741 v3.70\HwIOctl.sys [9/4/2009 5:42 PM 8768]

R2 blinksvc;eEye Blink Engine;c:\program files\eEye Digital Security\Blink\blinksvc.exe [3/25/2009 10:48 AM 219512]

R2 ndiskio;eEye DirectDisk Access Driver;c:\windows\system32\drivers\Ndiskio.sys [3/25/2009 10:34 AM 20448]

S0 wijcxckz;wijcxckz; [x]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]

S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/10/2007 4:26 PM 472644]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/1/2009 10:44 AM 38160]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: com.tw\www.msi

Trusted Zone: fender.com\meet

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ddb5ddlv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-06 17:34

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{70C8E441-C7ED-11D1-82FB-00A0C91EEDE9}\ProxyStubC*sid32]

@Class="REG_SZ"

@="{455ACF57-5345-11D2-99CF-00C04F797BC9}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1776)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\progra~1\SPYBOT~1\SDHelper.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\eEye Digital Security\Blink\BLINKRM.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

c:\program files\Common Files\eEye Digital Security\Application Bus\EEYEEVNT.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2009-09-07 17:42 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-07 00:42

Pre-Run: 32,762,896,384 bytes free

Post-Run: 32,695,640,064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

256 --- E O F --- 2009-09-05 10:01

Link to post
Share on other sites

I have tried everything malwarebytes still sees the two files. when i run malwarebytes in safe mode scan is clean but when i boot back to normal and rerun it find the two files still. I search for them to manually delete but the are not there. I have run combofix and posted above. also posted hijackthis log. I would just reimage but cant seem to find my disk. any help is much appreciated.

Link to post
Share on other sites

Hello,

STOP running Combofix on your own. It appears you have run it twice so far.

I do not see an antivirus program installed from these logs. How long has pc been without antivirus?

do this:

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

=

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

Go >> here <<

and download RootRepeal and SAVE to your Desktop.

Doubleclick RootRepeal.exe icon on your Desktop.

Click on the Report tab at bottom of window and then click on Scan button.

A Windows will open asking what to include in the scan. Check all of the below and then click Ok.

Drivers

Files

Processes

SSDT

Hidden Services

Stealth Objects

You will then be asked which drive to scan.

Check C: (or the drive your operating system is installed on if not C) and click Ok again.

The scan will start.

It will take a little while so please be patient. When the scan has finished, click on Save Report.

Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

When you have done this, please copy and paste it in this thread.

=

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Reply with info about antivirus,

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt
  • the contents of Extras.txt
  • the contents of checkup.txt
  • copy of contents of Rootrepeal.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

I am running blink personal anti virus by eeye digital security. I will do the rest of the steps now and post

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2009/09/06 18:27

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: as63lvdx.SYS

Image Path: C:\WINDOWS\System32\Drivers\as63lvdx.SYS

Address: 0xB8E0D000 Size: 421888 File Visible: No Signed: -

Status: -

Name: catchme.sys

Image Path: C:\ComboFix\catchme.sys

Address: 0xBA3E8000 Size: 31744 File Visible: No Signed: -

Status: -

Name: Combo-Fix.sys

Image Path: Combo-Fix.sys

Address: 0xBA108000 Size: 60416 File Visible: No Signed: -

Status: -

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xB76FC000 Size: 98304 File Visible: No Signed: -

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA604000 Size: 8192 File Visible: No Signed: -

Status: -

Name: PCI_NTPNP4558

Image Path: \Driver\PCI_NTPNP4558

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

Name: PROCEXP90.SYS

Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS

Address: 0xB7225000 Size: 6464 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB5F9D000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\WINDOWS\$NtServicePackUninstall$\avc.sys

Status: Locked to the Windows API!

Path: C:\WINDOWS\Temp\HPSLPSVC0000.log

Status: Locked to the Windows API!

Path: C:\WINDOWS\ServicePackFiles\i386\avc.sys

Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\avc.sys

Status: Locked to the Windows API!

SSDT

-------------------

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f06de

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f0be8

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5b34

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f6036

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5fe0

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "sptd.sys" at address 0xb9ec3fb2

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "sptd.sys" at address 0xb9ec4340

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f04d2

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5d08

#: 160 Function Name: NtQueryKey

Status: Hooked by "sptd.sys" at address 0xb9ec4418

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "sptd.sys" at address 0xb9ec4298

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f5e80

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f20b8

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f1d24

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8a8a21e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]

Process: System Address: 0x896f7790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x89eb8790 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_CREATE]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_CLOSE]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_POWER]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: as63lvdxЅఅ瑎獆꽀㟐现, IRP_MJ_PNP]

Process: System Address: 0x89e881e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x89eab1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8a90f1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x89a1a1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x89a1a1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89a1a1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89a1a1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x89a1a1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x89a1a1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x89e941e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x897b11e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_CREATE]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_CLOSE]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_READ]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_SHUTDOWN]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_CLEANUP]

Process: System Address: 0x897ac1e8 Size: 121

Object: Hidden Code [Driver: CdfsЅఐ扏济Root#MS_PSCH, IRP_MJ_PNP]

Process: System Address: 0x897ac1e8 Size: 121

Shadow SSDT

-------------------

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\WINDOWS\system32\Drivers\eeyeh.sys" at address 0xb78f788e

==EOF==

Link to post
Share on other sites

OTL logfile created on: 9/6/2009 6:40:05 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.20% Memory free

3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.06% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 30.42 Gb Free Space | 40.82% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 465.75 Gb Total Space | 168.27 Gb Free Space | 36.13% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MARK

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/03/25 10:48:40 | 00,219,512 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\blinksvc.exe

PRC - [2009/03/25 10:48:32 | 00,549,272 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\BLINKRM.exe

PRC - [2009/03/07 10:48:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe

PRC - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe

PRC - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2004/02/06 23:56:14 | 00,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

PRC - [2005/11/15 12:49:44 | 05,238,272 | ---- | M] (Linksys) -- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

PRC - [2009/09/04 19:24:47 | 00,989,128 | ---- | M] (eEye Digital Security) -- C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe

PRC - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe

PRC - [2004/02/09 01:54:14 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2008/08/20 10:54:08 | 00,150,016 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

PRC - [2009/03/25 10:48:38 | 00,628,160 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\Blink.exe

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/09/06 18:28:12 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4 [On_Demand | Stopped])

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

SRV - [2009/03/25 10:48:40 | 00,219,512 | ---- | M] (eEye Digital Security) -- C:\Program Files\eEye Digital Security\Blink\blinksvc.exe -- (blinksvc [unknown | Running])

SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

SRV - [2009/09/04 19:24:47 | 00,989,128 | ---- | M] (eEye Digital Security) -- C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe -- (eeyeevnt [Auto | Running])

SRV - [2009/04/11 12:28:54 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])

SRV - [2008/10/16 19:23:30 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])

SRV - [2008/10/16 19:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])

SRV - [2008/10/16 19:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running])

SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

SRV - [2009/03/07 10:48:38 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])

SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

SRV - [2007/06/29 00:43:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])

SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])

SRV - [2004/03/13 04:04:16 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])

SRV - File not found -- -- (WMP54Gv4SVC [Auto | Running])

SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])

DRV - [2009/02/06 22:19:15 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])

DRV - [2004/02/18 08:51:08 | 00,610,988 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

DRV - [2005/02/01 19:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped])

DRV - File not found -- -- (catchme [On_Demand | Running])

DRV - [2007/11/21 19:47:05 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running])

DRV - [2009/03/25 10:48:38 | 00,095,600 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\Drivers\eeyeh.sys -- (eeyeh [system | Running])

DRV - [2009/03/25 10:48:38 | 00,052,592 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\system32\Drivers\eeyen.sys -- (eeyen [boot | Running])

DRV - [2009/03/25 10:48:38 | 00,071,024 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\Drivers\eeyet.sys -- (eeyet [system | Running])

DRV - [2009/02/17 10:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [system | Running])

DRV - [2004/12/16 13:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])

DRV - [2001/08/17 05:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

DRV - [2006/01/25 14:14:06 | 00,472,644 | R--- | M] (Hauppauge Computer Works) -- C:\WINDOWS\System32\drivers\HCWBT8XX.sys -- (HCWBT8xx [On_Demand | Stopped])

DRV - [2007/02/06 11:27:02 | 00,185,728 | R--- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\System32\DRIVERS\hcwPP2.sys -- (hcwPP2 [On_Demand | Stopped])

DRV - [2009/09/04 17:42:07 | 00,008,768 | ---- | M] () -- C:\Program Files\Setup Files\MS-6741 v3.70\HwIOctl.sys -- (HwIOctl [system | Running])

DRV - [2009/03/25 10:34:00 | 00,020,448 | ---- | M] (Norman ASA) -- C:\WINDOWS\System32\Drivers\ndiskio.sys -- (ndiskio [Auto | Running])

DRV - [2006/05/18 13:14:24 | 00,018,359 | ---- | M] (Your Corporation) -- C:\WINDOWS\System32\Ntaccess.sys -- (NTACCESS [On_Demand | Stopped])

DRV - [2007/06/29 00:43:00 | 06,807,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])

DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

DRV - [2008/02/06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

DRV - [2005/10/27 16:06:30 | 00,356,096 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\System32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])

DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

DRV - [2007/11/27 00:14:15 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [boot | Running])

DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])

DRV - [2007/11/15 22:38:16 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

DRV - [2003/09/25 23:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/07 10:48:39 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:59:28 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/05 08:39:27 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/05 08:39:25 | 00,000,000 | ---D | M]

[2009/09/05 08:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions

[2009/09/05 08:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/09/06 08:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ddb5ddlv.default\extensions

[2009/09/04 18:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ddb5ddlv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/09/06 08:13:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/09/05 08:39:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/03/07 10:48:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009/07/30 04:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/07/30 04:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/03/07 10:48:39 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2008/11/06 09:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll

[2008/12/10 17:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2009/07/30 04:26:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/04/20 09:55:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/30 00:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/07/30 00:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/07/30 00:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/07/30 00:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/07/30 00:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/07/30 00:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/07/30 00:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Blink.lnk = C:\Program Files\eEye Digital Security\Blink\Blink.exe (eEye Digital Security)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)

O15 - HKCU\..Trusted Domains: fender.com ([meet] https in Trusted sites)

O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?2992255021828 (WUWebControl Class)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?2992255272937 (MUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com (Java Plug-in 1.6.0_12)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab (DinerDash Control)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/11/24 17:36:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========[/color

Link to post
Share on other sites

]

[2 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2064/10/26 06:57:25 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2064/10/26 06:57:25 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll

[2064/10/26 06:57:25 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl

[2064/10/26 06:57:25 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl

[2064/10/26 06:57:25 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll

[2064/10/26 06:57:25 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2064/10/26 06:57:25 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll

[2064/10/26 06:57:25 | 00,031,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui

[2064/10/26 06:57:25 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui

[2064/10/26 06:57:25 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui

[2064/10/26 06:57:24 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2064/10/26 06:57:24 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll

[2064/10/26 06:57:24 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2064/10/26 06:57:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2064/10/26 06:54:44 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2064/10/26 06:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Identities

[2064/10/26 06:54:36 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[2064/10/26 06:54:23 | 00,000,000 | -HSD | C] -- C:\System Volume Information

[2064/10/26 06:54:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Pictures

[2064/10/26 06:54:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Music

[2064/10/26 06:54:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft

[2064/10/26 06:54:15 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Owner\Application Data\Microsoft

[2064/10/26 06:49:47 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2064/10/26 06:48:40 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2064/10/26 06:48:30 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime

[2064/10/26 06:48:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime

[2064/10/26 06:48:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime

[2064/10/26 06:48:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime

[2064/10/26 06:48:29 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime

[2064/10/26 06:48:28 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime

[2064/10/26 06:48:28 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll

[2064/10/26 06:48:28 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys

[2064/10/26 06:48:27 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll

[2064/10/26 06:48:26 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll

[2064/10/26 06:48:26 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll

[2064/10/26 06:48:25 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll

[2064/10/26 06:48:25 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime

[2064/10/26 06:48:24 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime

[2064/10/26 06:48:24 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe

[2064/10/26 06:48:24 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe

[2064/10/26 06:48:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe

[2064/10/26 06:48:24 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll

[2064/10/26 06:48:23 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll

[2064/10/26 06:48:23 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys

[2064/10/26 06:48:23 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys

[2064/10/26 06:48:23 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys

[2064/10/26 06:48:20 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll

[2064/10/26 06:48:20 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll

[2064/10/26 06:48:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll

[2064/10/26 06:48:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2064/10/26 06:48:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpapi.dll

[2064/10/26 06:48:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll

[2064/10/26 06:48:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2064/10/26 06:48:18 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll

[2064/10/26 06:48:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll

[2064/10/26 06:48:18 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll

[2064/10/26 06:48:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll

[2064/10/26 06:48:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll

[2064/10/26 06:48:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll

[2064/10/26 06:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll

[2064/10/26 06:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll

[2064/10/26 06:48:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll

[2064/10/26 06:48:18 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2064/10/26 06:48:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2064/10/26 06:48:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll

[2064/10/26 06:48:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll

[2064/10/26 06:48:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll

[2064/10/26 06:48:17 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll

[2064/10/26 06:48:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll

[2064/10/26 06:48:13 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seo.dll

[2064/10/26 06:48:13 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll

[2064/10/26 06:48:13 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll

[2064/10/26 06:48:12 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll

[2064/10/26 06:48:12 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll

[2064/10/26 06:48:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime

[2064/10/26 06:48:12 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_rwnh.dll

[2064/10/26 06:48:11 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe

[2064/10/26 06:48:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe

[2064/10/26 06:48:09 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime

[2064/10/26 06:48:09 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe

[2064/10/26 06:48:09 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe

[2064/10/26 06:48:08 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll

[2064/10/26 06:48:08 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe

[2064/10/26 06:48:08 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll

[2064/10/26 06:48:08 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll

[2064/10/26 06:48:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll

[2064/10/26 06:48:07 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime

[2064/10/26 06:48:07 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll

[2064/10/26 06:48:07 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime

[2064/10/26 06:48:07 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll

[2064/10/26 06:48:07 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll

[2064/10/26 06:48:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll

[2064/10/26 06:48:07 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll

[2064/10/26 06:48:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll

[2064/10/26 06:48:03 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll

[2064/10/26 06:48:02 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll

[2064/10/26 06:47:58 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex

[2064/10/26 06:47:58 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll

[2064/10/26 06:47:52 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys

[2064/10/26 06:47:52 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll

[2064/10/26 06:47:50 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll

[2064/10/26 06:47:49 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex

[2064/10/26 06:47:49 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll

[2064/10/26 06:47:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll

[2064/10/26 06:47:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll

[2064/10/26 06:47:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll

[2064/10/26 06:47:49 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll

[2064/10/26 06:47:48 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll

[2064/10/26 06:47:48 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll

[2064/10/26 06:47:48 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll

[2064/10/26 06:47:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll

[2064/10/26 06:47:48 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll

[2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll

[2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll

[2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll

[2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll

[2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll

[2064/10/26 06:47:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll

[2064/10/26 06:47:47 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll

[2064/10/26 06:47:47 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll

[2064/10/26 06:47:46 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll

[2064/10/26 06:47:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll

[2064/10/26 06:47:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll

[2064/10/26 06:47:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll

[2064/10/26 06:47:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll

[2064/10/26 06:47:46 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll

[2064/10/26 06:47:46 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll

[2064/10/26 06:47:44 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll

[2064/10/26 06:47:43 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll

[2064/10/26 06:47:43 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll

[2064/10/26 06:47:43 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe

[2064/10/26 06:47:43 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe

[2064/10/26 06:47:43 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe

[2064/10/26 06:47:43 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe

[2064/10/26 06:47:43 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe

[2064/10/26 06:47:43 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll

[2064/10/26 06:47:43 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe

[2064/10/26 06:47:43 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe

[2064/10/26 06:47:43 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe

[2064/10/26 06:47:42 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll

[2064/10/26 06:47:42 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll

[2064/10/26 06:47:42 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll

[2064/10/26 06:47:42 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime

[2064/10/26 06:47:42 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe

[2064/10/26 06:47:42 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe

[2064/10/26 06:47:42 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll

[2064/10/26 06:47:42 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll

[2064/10/26 06:47:42 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe

[2064/10/26 06:47:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe

[2064/10/26 06:47:41 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex

[2064/10/26 06:47:41 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll

[2064/10/26 06:47:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime

[2064/10/26 06:47:41 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll

[2064/10/26 06:47:38 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll

[2064/10/26 06:47:33 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll

[2064/10/26 06:47:30 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll

[2064/10/26 06:47:28 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex

[2064/10/26 06:47:28 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll

[2064/10/26 06:47:27 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll

[2064/10/26 06:47:27 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll

[2064/10/26 06:47:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe

[2064/10/26 06:47:26 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll

[2064/10/26 06:47:26 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll

[2064/10/26 06:47:26 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe

[2064/10/26 06:47:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll

[2064/10/26 06:47:25 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll

[2064/10/26 06:47:25 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll

[2064/10/26 06:47:25 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll

[2064/10/26 06:47:25 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys

[2064/10/26 06:47:23 | 00,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll

[2064/10/26 06:47:19 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime

[2064/10/26 06:47:16 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe

[2064/10/26 06:47:16 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe

[2064/10/26 06:47:15 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe

[2064/10/26 06:47:15 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll

[2064/10/26 06:47:15 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll

[2064/10/26 06:47:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime

[2064/10/26 06:47:14 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll

[2064/10/26 06:47:14 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll

[2064/10/26 06:47:14 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll

[2064/10/26 06:47:14 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll

[2064/10/26 06:47:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe

[2064/10/26 06:47:14 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe

[2064/10/26 06:47:14 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe

[2064/10/26 06:47:14 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe

[2064/10/26 06:47:13 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime

[2064/10/26 06:47:12 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys

[2064/10/26 06:47:11 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll

[2064/10/26 06:47:11 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll

[2064/10/26 06:47:10 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqueue.dll

[2064/10/26 06:47:10 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll

[2064/10/26 06:47:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll

[2064/10/26 06:47:03 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpsnap.dll

[2064/10/26 06:47:03 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpadm.dll

[2064/10/26 06:46:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom

[2064/10/26 06:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\xerox

[2064/10/26 06:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage

[2064/10/26 06:46:38 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT

[2064/10/26 06:46:36 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml

[2064/10/26 06:46:36 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb

[2064/10/26 06:46:36 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb

[2064/10/26 06:46:35 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx

[2064/10/26 06:46:22 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT

[2064/10/26 06:46:19 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll

[2064/10/26 06:45:24 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2064/10/26 06:45:24 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2064/10/26 06:45:24 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2064/10/26 06:45:24 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages

[2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2064/10/26 06:45:01 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex

[2064/10/26 06:44:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX

[2064/10/26 06:44:31 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll

[2064/10/26 06:44:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll

[2064/10/26 06:44:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll

[2064/10/26 06:44:31 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll

[2064/10/26 06:44:30 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe

[2064/10/26 06:44:30 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe

[2064/10/26 06:44:30 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll

[2064/10/26 06:44:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll

[2064/10/26 06:44:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll

[2064/10/26 06:44:30 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll

[2064/10/26 06:44:28 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp

[2064/10/26 06:44:28 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp

[2064/10/26 06:44:23 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe

[2064/10/26 06:44:23 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf

[2064/10/26 06:44:22 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm

[2064/10/26 06:44:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe

[2064/10/26 06:44:22 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll

[2064/10/26 06:44:22 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll

[2064/10/26 06:44:22 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll

[2064/10/26 06:44:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll

[2064/10/26 06:44:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll

[2064/10/26 06:44:21 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe

[2064/10/26 06:44:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe

[2064/10/26 06:44:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe

[2064/10/26 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2064/10/26 06:44:19 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll

[2064/10/26 06:44:16 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll

[2064/10/26 06:44:16 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll

[2064/10/26 06:44:16 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll

[2064/10/26 06:44:16 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll

[2064/10/26 06:44:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll

[2064/10/26 06:44:16 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll

[2064/10/26 06:44:16 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2064/10/26 06:44:15 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe

[2064/10/26 06:44:15 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll

[2064/10/26 06:44:15 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll

[2064/10/26 06:44:15 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe

[2064/10/26 06:44:14 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll

[2064/10/26 06:44:14 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll

[2064/10/26 06:44:14 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll

[2064/10/26 06:44:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap

[2064/10/26 06:44:12 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx

[2064/10/26 06:44:10 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpvis.dll

[2064/10/26 06:44:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed

[2064/10/26 06:44:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst

[2064/10/26 06:44:09 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll

[2064/10/26 06:44:09 | 00,319,542 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmres.dll

[2064/10/26 06:44:09 | 00,163,897 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmutil.dll

[2064/10/26 06:44:09 | 00,110,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmmfilt.dll

[2064/10/26 06:44:08 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker

[2064/10/26 06:44:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth

[2064/10/26 06:44:04 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll

[2064/10/26 06:44:04 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll

[2064/10/26 06:44:04 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv

[2064/10/26 06:44:04 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll

[2064/10/26 06:44:04 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll

[2064/10/26 06:44:04 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys

[2064/10/26 06:44:04 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll

[2064/10/26 06:44:04 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll

[2064/10/26 06:44:04 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll

[2064/10/26 06:44:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore

[2064/10/26 06:44:03 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll

[2064/10/26 06:44:01 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll

[2064/10/26 06:44:01 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll

[2064/10/26 06:44:01 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll

[2064/10/26 06:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting

[2064/10/26 06:44:00 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll

[2064/10/26 06:44:00 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll

[2064/10/26 06:44:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe

[2064/10/26 06:44:00 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2064/10/26 06:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System

[2064/10/26 06:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2064/10/26 06:43:46 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2064/10/26 06:43:29 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2064/10/26 06:43:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration

[2064/10/26 06:42:45 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate

[2064/10/26 06:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player

[2064/10/26 06:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services

[2064/10/26 06:42:37 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger

[2064/10/26 06:42:35 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll

[2064/10/26 06:42:35 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll

[2064/10/26 06:42:35 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll

[2064/10/26 06:42:35 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll

[2064/10/26 06:42:35 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe

[2064/10/26 06:42:35 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe

[2064/10/26 06:42:34 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll

[2064/10/26 06:42:34 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll

[2064/10/26 06:42:34 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll

[2064/10/26 06:42:34 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll

[2064/10/26 06:42:34 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll

[2064/10/26 06:42:34 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe

[2064/10/26 06:42:34 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe

[2064/10/26 06:42:34 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe

[2064/10/26 06:42:34 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll

[2064/10/26 06:42:34 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll

[2064/10/26 06:42:33 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll

[2064/10/26 06:42:33 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll

[2064/10/26 06:42:33 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll

[2064/10/26 06:42:33 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll

[2064/10/26 06:42:33 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll

[2064/10/26 06:42:33 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll

[2064/10/26 06:42:32 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe

[2064/10/26 06:42:32 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll

[2064/10/26 06:42:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe

[2064/10/26 06:42:32 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe

[2064/10/26 06:42:32 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone

[2064/10/26 06:42:24 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe

[2064/10/26 06:42:24 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl

[2064/10/26 06:42:23 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll

[2064/10/26 06:42:23 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll

[2064/10/26 06:42:23 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe

[2064/10/26 06:42:23 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe

[2064/10/26 06:42:23 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe

[2064/10/26 06:42:23 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll

[2064/10/26 06:42:23 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll

[2064/10/26 06:42:23 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll

[2064/10/26 06:42:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll

[2064/10/26 06:42:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll

[2064/10/26 06:42:23 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll

[2064/10/26 06:42:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe

[2064/10/26 06:42:22 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe

[2064/10/26 06:42:18 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp

[2064/10/26 06:42:18 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp

[2064/10/26 06:42:18 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp

[2064/10/26 06:42:18 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp

[2064/10/26 06:42:18 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp

[2064/10/26 06:42:18 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp

[2064/10/26 06:42:18 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp

[2064/10/26 06:42:18 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp

[2064/10/26 06:42:17 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll

[2064/10/26 06:42:17 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll

[2064/10/26 06:42:17 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce

[2064/10/26 06:42:17 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp

[2064/10/26 06:42:17 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce

[2064/10/26 06:42:17 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp

[2064/10/26 06:42:17 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce

[2064/10/26 06:42:17 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce

[2064/10/26 06:42:17 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce

[2064/10/26 06:42:17 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce

[2064/10/26 06:42:17 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp

[2064/10/26 06:42:16 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe

[2064/10/26 06:42:16 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe

[2064/10/26 06:42:16 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe

[2064/10/26 06:42:16 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe

[2064/10/26 06:42:16 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe

[2064/10/26 06:42:16 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe

[2064/10/26 06:42:16 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce

[2064/10/26 06:42:16 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce

[2064/10/26 06:42:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe

[2064/10/26 06:42:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe

[2064/10/26 06:42:15 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe

[2064/10/26 06:42:15 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe

[2064/10/26 06:42:15 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe

[2064/10/26 06:42:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe

[2064/10/26 06:42:15 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe

[2064/10/26 06:42:15 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys

[2064/10/26 06:42:15 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys

[2064/10/26 06:42:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe

[2064/10/26 06:42:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe

[2064/10/26 06:42:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe

[2064/10/26 06:42:14 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe

[2064/10/26 06:42:14 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe

[2064/10/26 06:42:14 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe

[2064/10/26 06:42:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe

[2064/10/26 06:42:14 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe

[2064/10/26 06:42:14 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe

[2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe

[2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe

[2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe

[2064/10/26 06:42:14 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe

[2064/10/26 06:42:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe

[2064/10/26 06:42:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe

[2064/10/26 06:42:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe

[2064/10/26 06:42:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe

[2064/10/26 06:42:14 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe

[2064/10/26 06:42:14 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe

[2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe

[2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe

[2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe

[2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe

[2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe

[2064/10/26 06:42:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe

[2064/10/26 06:42:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll

[2064/10/26 06:42:14 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll

[2064/10/26 06:42:14 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h

[2064/10/26 06:42:14 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd

[2064/10/26 06:42:13 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll

[2064/10/26 06:42:13 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll

[2064/10/26 06:42:13 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll

[2064/10/26 06:42:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll

[2064/10/26 06:42:13 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll

[2064/10/26 06:42:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll

[2064/10/26 06:42:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe

[2064/10/26 06:42:13 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h

[2064/10/26 06:42:12 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll

[2064/10/26 06:42:12 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll

[2064/10/26 06:42:12 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb

[2064/10/26 06:42:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe

[2064/10/26 06:42:12 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll

[2064/10/26 06:42:11 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll

[2064/10/26 06:42:11 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll

[2064/10/26 06:42:11 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll

[2064/10/26 06:42:11 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll

[2064/10/26 06:42:11 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll

[2064/10/26 06:42:11 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll

[2064/10/26 06:42:11 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll

[2064/10/26 06:42:10 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll

[2064/10/26 06:42:07 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll

[2064/10/26 06:42:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll

[2064/10/26 06:42:07 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll

[2064/10/26 06:42:06 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll

[2064/10/26 06:42:06 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll

[2064/10/26 06:42:06 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb

[2064/10/26 06:42:06 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll

[2064/10/26 06:42:06 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb

[2064/10/26 06:42:06 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe

[2064/10/26 06:42:06 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll

[2064/10/26 06:42:06 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe

[2064/10/26 06:42:06 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll

[2064/10/26 06:42:05 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll

[2064/10/26 06:42:05 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll

[2064/10/26 06:42:05 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc

[2064/10/26 06:42:05 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll

[2064/10/26 06:42:05 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll

[2064/10/26 06:42:04 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll

[2064/10/26 06:42:04 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll

[2064/10/26 06:42:04 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll

[2064/10/26 06:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT

[2064/10/26 06:42:00 | 00,000,000 | ---D | C] -- C:\Program Files\MSN

[2064/10/26 06:41:59 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll

[2064/10/26 06:41:59 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll

[2064/10/26 06:41:59 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe

[2064/10/26 06:41:59 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe

[2064/10/26 06:41:59 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe

[2064/10/26 06:41:59 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe

[2064/10/26 06:41:59 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe

[2064/10/26 06:41:59 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe

[2064/10/26 06:41:59 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll

[2064/10/26 06:41:58 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll

[2064/10/26 06:41:58 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe

[2064/10/26 06:41:58 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll

[2064/10/26 06:41:58 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe

[2064/10/26 06:41:58 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys

[2064/10/26 06:41:58 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll

[2064/10/26 06:41:58 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll

[2064/10/26 06:41:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe

[2064/10/26 06:41:57 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll

[2064/10/26 06:41:57 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll

[2064/10/26 06:41:57 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll

[2064/10/26 06:41:57 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe

[2064/10/26 06:41:57 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe

[2064/10/26 06:41:57 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll

[2064/10/26 06:41:57 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll

[2064/10/26 06:41:57 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll

[2064/10/26 06:41:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc

[2064/10/26 06:41:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com

[2064/10/26 06:41:53 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll

[2064/10/26 06:41:50 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys

[2064/10/26 06:41:50 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys

[2064/10/25 22:39:01 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys

[2064/10/25 22:38:20 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys

[2064/10/25 22:37:28 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys

[2064/10/25 22:37:24 | 00,027,165 | ---- | C] (VIA Technologies, Inc. ) -- C:\WINDOWS\System32\drivers\fetnd5.sys

[2064/10/25 22:37:20 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll

[2064/10/25 22:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2064/10/25 22:35:54 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll

[2064/10/25 22:35:54 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll

[2064/10/25 22:35:53 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd

[2064/10/25 22:35:53 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll

[2064/10/25 22:35:53 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa

[2064/10/25 22:35:53 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf

[2064/10/25 22:35:52 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa

[2064/10/25 22:35:52 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe

[2064/10/25 22:35:52 | 00,000,000 | R--D | C] -- C:\Program Files

[2064/10/25 22:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines

[2064/10/25 22:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2064/10/25 22:35:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files

[2064/10/25 22:35:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls

[2064/10/25 22:35:50 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll

[2064/10/25 22:35:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll

[2064/10/25 22:35:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls

[2064/10/25 22:35:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls

[2064/10/25 22:35:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls

[2064/10/25 22:35:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll

[2064/10/25 22:35:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll

[2064/10/25 22:35:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll

[2064/10/25 22:35:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll

[2064/10/25 22:35:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS

[2064/10/25 22:35:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll

[2064/10/25 22:35:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll

[2064/10/25 22:35:48 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll

[2064/10/25 22:35:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls

[2064/10/25 22:35:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls

[2064/10/25 22:35:46 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls

[2064/10/25 22:35:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls

[2064/10/25 22:35:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS

[2064/10/25 22:35:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls

[2064/10/25 22:35:46 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll

[2064/10/25 22:35:46 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll

[2064/10/25 22:35:46 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll

[2064/10/25 22:35:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll

[2064/10/25 22:35:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll

[2064/10/25 22:35:46 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll

[2064/10/25 22:35:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll

[2064/10/25 22:35:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll

[2064/10/25 22:35:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll

[2064/10/25 22:35:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll

[2064/10/25 22:35:46 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll

[2064/10/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll

[2064/10/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll

[2064/10/25 22:35:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll

[2064/10/25 22:35:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls

[2064/10/25 22:35:45 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls

[2064/10/25 22:35:45 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS

[2064/10/25 22:35:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll

[2064/10/25 22:35:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll

[2064/10/25 22:35:45 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll

[2064/10/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll

[2064/10/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll

[2064/10/25 22:35:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll

[2064/10/25 22:35:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll

[2064/10/25 22:35:45 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll

[2064/10/25 22:35:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll

[2064/10/25 22:35:45 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll

[2064/10/25 22:35:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls

[2064/10/25 22:35:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls

[2064/10/25 22:35:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls

[2064/10/25 22:35:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls

[2064/10/25 22:35:43 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll

[2064/10/25 22:35:43 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll

[2064/10/25 22:35:43 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll

[2064/10/25 22:35:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll

[2064/10/25 22:35:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll

[2064/10/25 22:35:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll

[2064/10/25 22:35:43 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll

[2064/10/25 22:35:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll

[2064/10/25 22:35:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll

[2064/10/25 22:35:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll

[2064/10/25 22:35:42 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls

[2064/10/25 22:35:41 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll

[2064/10/25 22:35:41 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll

[2064/10/25 22:35:41 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll

[2064/10/25 22:35:41 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll

[2064/10/25 22:35:41 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll

[2064/10/25 22:35:41 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll

[2064/10/25 22:35:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll

[2064/10/25 22:35:41 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll

[2064/10/25 22:35:41 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wfwnet.drv

[2064/10/25 22:35:41 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV

[2064/10/25 22:35:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll

[2064/10/25 22:35:41 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll

[2064/10/25 22:35:41 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys

[2064/10/25 22:35:41 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ver.dll

[2064/10/25 22:35:41 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL

[2064/10/25 22:35:41 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vga.drv

[2064/10/25 22:35:41 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV

[2064/10/25 22:35:40 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvideo.dll

[2064/10/25 22:35:40 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL

[2064/10/25 22:35:40 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olecli.dll

[2064/10/25 22:35:40 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL

[2064/10/25 22:35:40 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciavi.drv

[2064/10/25 22:35:40 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV

[2064/10/25 22:35:40 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\mmsystem.dll

[2064/10/25 22:35:40 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciwave.drv

[2064/10/25 22:35:40 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV

[2064/10/25 22:35:40 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mciseq.drv

[2064/10/25 22:35:40 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV

[2064/10/25 22:35:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\olesvr.dll

[2064/10/25 22:35:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL

[2064/10/25 22:35:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tapi.dll

[2064/10/25 22:35:40 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL

[2064/10/25 22:35:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell.dll

[2064/10/25 22:35:40 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL

[2064/10/25 22:35:40 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\timer.drv

[2064/10/25 22:35:40 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV

[2064/10/25 22:35:40 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\system.drv

[2064/10/25 22:35:40 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV

[2064/10/25 22:35:40 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouse.drv

[2064/10/25 22:35:40 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV

[2064/10/25 22:35:40 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\keyboard.drv

[2064/10/25 22:35:40 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV

[2064/10/25 22:35:40 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sound.drv

[2064/10/25 22:35:40 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV

[2064/10/25 22:35:40 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmtask.tsk

[2064/10/25 22:35:40 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK

[2064/10/25 22:35:39 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifile.dll

[2064/10/25 22:35:39 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL

[2064/10/25 22:35:39 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avicap.dll

[2064/10/25 22:35:39 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL

[2064/10/25 22:35:39 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[2064/10/25 22:35:39 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\commdlg.dll

[2064/10/25 22:35:39 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL

[2064/10/25 22:35:39 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE

[2064/10/25 22:35:39 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe

[2064/10/25 22:35:39 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lzexpand.dll

[2064/10/25 22:35:39 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL

[2064/10/25 22:35:39 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll

[2064/10/25 22:35:39 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2064/10/25 22:35:38 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv

[2064/10/25 22:35:37 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll

[2064/10/25 22:35:23 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT

[2064/10/25 22:35:23 | 00,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT

[2064/10/25 22:35:23 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT

[2064/10/25 22:35:23 | 00,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT

[2064/10/25 22:35:23 | 00,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT

[2064/10/25 22:35:23 | 00,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT

[2064/10/25 22:35:23 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT

[2064/10/25 22:35:23 | 00,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT

[2064/10/25 22:35:23 | 00,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT

[2064/10/25 22:35:23 | 00,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT

[2064/10/25 22:35:23 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT

[2064/10/25 22:35:23 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT

[2064/10/25 22:35:23 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT

[2064/10/25 22:35:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2

[2064/10/25 22:35:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot

[2064/10/25 22:35:00 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2064/10/25 22:34:19 | 02,237,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2064/10/25 22:34:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings

[2064/10/25 22:33:26 | 00,000,281 | RHS- | C] () -- C:\boot.ini

[2064/10/25 22:33:19 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

[2064/10/25 22:30:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2064/10/25 22:30:19 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2064/10/25 22:30:19 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web

[2064/10/25 22:30:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\system

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\security

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\java

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins

[2064/10/25 22:30:19 | 00,000,000 | ---D | C] -- C:\WINDOWS

[2064/08/03 06:53:51 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft

[2064/08/03 06:53:48 | 06,405,284 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db

[2064/08/03 06:50:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2064/08/03 06:50:11 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/09/06 18:39:29 | 00,014,403 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Download OTL by OldTimer to your desktop.docx

[2009/09/06 18:24:05 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/09/06 18:22:28 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/09/06 18:22:22 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk

[2009/09/06 18:22:22 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk

[2009/09/06 18:22:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2009/09/06 17:27:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/09/06 17:27:40 | 00,260,272 | ---- | C] () -- C:\cmldr

[2009/09/06 17:27:38 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/09/06 17:07:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2009/09/06 17:07:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/09/06 17:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads

[2009/09/06 14:48:09 | 00,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/09/06 14:48:09 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/09/06 14:48:09 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/09/06 14:48:09 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/09/06 14:48:09 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/09/06 14:48:09 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/09/06 14:48:09 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/09/06 14:48:09 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/09/06 14:48:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/09/05 09:02:19 | 00,159,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2009map.gif

[2009/09/05 08:39:27 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/09/05 08:37:55 | 08,050,536 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe

[2009/09/05 07:51:00 | 00,000,767 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090905-075100.backup

[2009/09/04 23:02:17 | 00,069,710 | ---- | C] () -- C:\Retina-5.10.11.1691-20090904-230217-2496-0A00-00000000.dmp

[2009/09/04 20:08:59 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/09/04 19:24:48 | 00,320,912 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\seccomm.dll

[2009/09/04 19:24:48 | 00,299,904 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\EMSAgent.dll

[2009/09/04 19:24:48 | 00,236,984 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\FileStore.dll

[2009/09/04 19:24:48 | 00,089,520 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\seccommutil.dll

[2009/09/04 19:24:47 | 00,200,120 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\eEyePKI.dll

[2009/09/04 19:24:47 | 00,186,784 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\eevtc.dll

[2009/09/04 19:24:47 | 00,176,584 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\DeploySupport.dll

[2009/09/04 19:24:01 | 01,801,168 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\elic.dll

[2009/09/04 19:24:01 | 00,284,016 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\DebugRpt.dll

[2009/09/04 19:24:01 | 00,252,272 | ---- | C] (eEye Digital Security) -- C:\WINDOWS\System32\LocalStorage.dll

[2009/09/04 19:19:20 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Blink.lnk

[2009/09/04 19:18:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eEye Digital Security

[2009/09/04 19:17:34 | 03,199,392 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2009/09/04 19:14:38 | 87,349,616 | ---- | C] (eEye Digital Security) -- C:\Documents and Settings\Owner\Desktop\BlinkConsumerSetup(2).exe

[2009/09/04 18:56:46 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2009/09/04 18:56:39 | 00,175,888 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe

[2009/09/04 18:43:03 | 00,198,204 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20090904_184300.reg

[2009/09/04 18:40:43 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk

[2009/09/04 18:40:42 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/09/04 18:39:55 | 03,293,992 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup223.exe

[2009/09/04 18:18:45 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2009/09/04 18:18:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2009/09/04 18:18:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2009/09/04 18:17:58 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe

[2009/09/04 17:42:16 | 00,005,395 | ---- | C] () -- C:\WINDOWS\System32\work2.info

[2009/08/28 12:33:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TSCUninstall

[2009/08/27 17:26:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Inglorious.Basterds.TS.Mic.XviD-DEViSE.english.subtitlesource

[2009/08/26 13:55:08 | 00,306,886 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\peach cobbler.jpg

[2009/08/25 17:31:07 | 00,023,899 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Inglorious.Basterds.TS.Mic.XviD-DEViSE.english.subtitlesource.zip

[2009/08/23 20:39:06 | 00,008,820 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Book1.xlsx

[2009/08/12 19:42:06 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll

[2009/08/12 19:41:39 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx

[2009/08/10 12:16:20 | 00,034,434 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Ryan's birthday 2009.docx

[2009/06/22 20:11:25 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI

[2009/04/30 23:00:50 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/03/12 16:51:16 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll

[2009/03/12 16:51:16 | 00,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

[2009/02/06 22:18:53 | 00,000,920 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2009/02/06 14:35:06 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2008/11/06 09:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008/11/06 09:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008/11/06 09:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007/11/30 18:54:25 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2007/11/30 18:54:25 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2007/11/30 18:54:25 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2007/11/30 18:54:25 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2007/11/27 00:14:14 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2007/09/27 23:55:59 | 00,066,048 | R--- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

[2007/08/11 01:48:31 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2007/08/11 01:32:53 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2007/08/10 16:31:12 | 00,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini

[2007/08/10 16:29:20 | 00,000,382 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini

[2007/08/10 16:29:00 | 00,030,592 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2007/08/10 16:28:49 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll

[2007/08/10 16:26:29 | 00,007,316 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI

[2007/08/08 01:39:57 | 00,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll

[2007/08/08 01:39:57 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll

[2007/08/08 01:39:57 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll

[2007/08/08 01:39:56 | 00,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL

[2007/08/08 01:39:56 | 00,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

[2007/08/08 01:39:56 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll

[2007/08/03 15:51:37 | 00,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/08/03 12:26:13 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007/08/03 08:36:34 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/06/29 00:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/29 00:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/29 00:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/29 00:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/29 00:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/11/01 16:18:34 | 00,006,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys

[2004/09/17 17:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2002/08/29 05:00:00 | 00,000,661 | ---- | C] () -- C:\WINDOWS\win.ini

[2002/08/29 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2064/10/26 06:54:42 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml

[2064/10/26 06:49:47 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2064/10/26 06:48:40 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2064/10/26 06:46:38 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2064/10/26 06:46:35 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx

[2064/10/26 06:46:19 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2064/10/26 06:45:24 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest

[2064/10/26 06:45:24 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest

[2064/10/26 06:45:18 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest

[2064/10/26 06:43:46 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat

[2064/10/26 06:43:26 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini

[2064/10/26 06:43:26 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini

[2009/09/06 18:39:29 | 00,014,403 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Download OTL by OldTimer to your desktop.docx

[2009/09/06 18:22:28 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2009/09/06 18:22:22 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk

[2009/09/06 18:22:22 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk

[2009/09/06 17:34:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/09/06 17:34:24 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/09/06 17:33:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/09/06 17:33:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/09/06 17:27:44 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/09/06 17:25:59 | 03,199,392 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe

[2009/09/06 17:07:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk

[2009/09/05 23:01:42 | 00,000,028 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2009/09/05 09:02:20 | 00,159,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2009map.gif

[2009/09/05 08:39:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/09/05 08:38:46 | 08,050,536 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe

[2009/09/04 23:02:19 | 00,069,710 | ---- | M] () -- C:\Retina-5.10.11.1691-20090904-230217-2496-0A00-00000000.dmp

[2009/09/04 20:06:22 | 00,005,395 | ---- | M] () -- C:\WINDOWS\System32\work2.info

[2009/09/04 19:39:02 | 00,000,661 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/09/04 19:39:02 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2009/09/04 19:24:48 | 00,320,912 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\seccomm.dll

[2009/09/04 19:24:48 | 00,299,904 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\EMSAgent.dll

[2009/09/04 19:24:48 | 00,236,984 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\FileStore.dll

[2009/09/04 19:24:48 | 00,089,520 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\seccommutil.dll

[2009/09/04 19:24:47 | 00,200,120 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\eEyePKI.dll

[2009/09/04 19:24:47 | 00,186,784 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\eevtc.dll

[2009/09/04 19:24:47 | 00,176,584 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\DeploySupport.dll

[2009/09/04 19:24:01 | 01,801,168 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\elic.dll

[2009/09/04 19:24:01 | 00,284,016 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\DebugRpt.dll

[2009/09/04 19:24:01 | 00,252,272 | ---- | M] (eEye Digital Security) -- C:\WINDOWS\System32\LocalStorage.dll

[2009/09/04 19:21:40 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Blink.lnk

[2009/09/04 19:17:48 | 87,349,616 | ---- | M] (eEye Digital Security) -- C:\Documents and Settings\Owner\Desktop\BlinkConsumerSetup(2).exe

[2009/09/04 18:56:36 | 00,175,888 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\activescan2_en.exe

[2009/09/04 18:43:08 | 00,198,204 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20090904_184300.reg

[2009/09/04 18:40:43 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk

[2009/09/04 18:40:05 | 03,293,992 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner\Desktop\ccsetup223.exe

[2009/09/04 18:18:45 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk

[2009/09/04 18:18:14 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe

[2009/09/04 10:04:06 | 00,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/09/03 22:25:22 | 00,230,912 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/09/03 16:35:56 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/26 13:55:09 | 00,306,886 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\peach cobbler.jpg

[2009/08/25 17:31:07 | 00,023,899 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Inglorious.Basterds.TS.Mic.XviD-DEViSE.english.subtitlesource.zip

[2009/08/23 20:39:06 | 00,008,820 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Book1.xlsx

[2009/08/19 10:50:16 | 00,034,434 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Ryan's birthday 2009.docx

========== LOP Check ==========

[2009/09/04 18:18:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2007/08/03 15:55:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2009/04/11 13:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM

[2009/04/30 16:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2007/08/03 08:37:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2007/12/16 00:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2009/06/22 20:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink

[2009/04/11 13:16:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2007/11/24 17:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/09/27 23:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems

[2009/09/04 17:52:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data

[2009/06/22 20:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead

[2009/08/15 21:01:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss

[2009/06/07 10:16:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImgBurn

[2009/07/07 16:13:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ImTOO Software Studio

[2007/08/10 16:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust

[2009/04/05 08:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks

[2009/03/18 17:45:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish

[2009/03/27 14:54:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer

[2007/10/06 10:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems

[2009/09/01 21:29:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/09/06 17:33:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 9/6/2009 6:40:05 PM - Run 1

OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.20% Memory free

3.85 Gb Paging File | 3.43 Gb Available in Paging File | 89.06% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 30.42 Gb Free Space | 40.82% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 465.75 Gb Total Space | 168.27 Gb Free Space | 36.13% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MARK

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirstRunDisabled" =

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server

"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server

"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:

Link to post
Share on other sites

Results of screen317's Security Check version 0.98.9

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

``````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 12

Out of date Java installed!

Adobe Flash Player 10

``````````````````````````````

Process Check:

objlist.exe by Laurent

``````````````````````````````

DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

Link to post
Share on other sites

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to delete:
    c:\windows\system32\drivers\mrxdavv.sys
    c:\windows\system32\kwave.sys

    Folders to delete:
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • :!: Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

=

If you have an older copy of SDFix, delete it now.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual user account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back in a Reply here.

=

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Trend Micro Damage Cleanup Engine

[*]Make sure you read this document to understand how to use the program.

Trend Micro Sysclean Package README 1st

[*]Basically there are 3 parts that need to be downloaded and SAVED from these links:

[*]Sysclean Package

[*]Virus Pattern Files that will be a LPTxxx.ZIP file

[*]Spyware Pattern Files this is a SSAPIPTNxxx.ZIP

It is the 4th listed file, under title "Detection and Cleanup (Trend Micro Anti-Spyware)

Link to post
Share on other sites

/--------------------------------------------------------------\

| Trend Micro System Cleaner |

| Copyright 2009-2010, Trend Micro, Inc. |

| http://www.trendmicro.com |

\--------------------------------------------------------------/

2009-09-06, 23:52:46, Auto-clean mode specified.

2009-09-06, 23:52:47, Initialized Rootkit Driver version 2.2.0.1004.

2009-09-06, 23:52:47, Running scanner "C:\dce\TSC.BIN"...

2009-09-06, 23:52:55, Scanner "C:\dce\TSC.BIN" has finished running.

2009-09-06, 23:52:55, TSC Log:

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.40

Database version: 2762

Windows 5.1.2600 Service Pack 3

9/8/2009 6:01:03 PM

mbam-log-2009-09-08 (18-00-59).txt

Scan type: Quick Scan

Objects scanned: 91882

Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\drivers\mrxdavv.sys (Rootkit.Agent.H) -> No action taken.

C:\WINDOWS\system32\kwave.sys (Trojan.Agent) -> No action taken.

Link to post
Share on other sites

-------- 2009-09-06 - 14:48:04 -------------

read file error: C:\WINDOWS\system32\drivers\mrxdavv.sys, Not enough quota is available to process this command.

read file error: C:\WINDOWS\system32\kwave.sys, Not enough quota is available to process this command.

-------- 2009-09-06 - 17:25:32 -------------

-------- 2009-09-06 - 17:26:23 -------------

read file error: C:\WINDOWS\system32\drivers\mrxdavv.sys, Not enough quota is available to process this command.

read file error: C:\WINDOWS\system32\kwave.sys, Not enough quota is available to process this command.

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not cmoney30 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Download and run Win32kDiag:

Click on Start button. Select Run, and copy-paste the following command (the bolded text) into the "Open" textbox, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -r

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

mrxdavv

kwave

File::

c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe

c:\windows\pss\dmaupd32.exeStartup

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

c:\windows\system32\mrxdavv.sys

c:\windows\system32\drivers\kwave.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

seems to have worked

Malwarebytes' Anti-Malware 1.40

Database version: 2763

Windows 5.1.2600 Service Pack 3

9/8/2009 10:33:31 PM

mbam-log-2009-09-08 (22-33-31).txt

Scan type: Quick Scan

Objects scanned: 91643

Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ComboFix 09-09-08.05 - Owner 09/08/2009 22:02.3.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1401 [GMT -7:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: eEye Digital Security Blink Anti-Virus *On-access scanning disabled* (Updated) {C4821238-EFD9-4B79-B2A5-40CE68D50E68}

FW: eEye Digital Security Blink Firewall *disabled* {AC6BB248-92AF-4E26-A70A-6E5FDB75C144}

FILE ::

"c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe"

"c:\windows\pss\dmaupd32.exe"

"c:\windows\pss\dmaupd32.exeStartup"

"c:\windows\system32\drivers\kwave.sys"

"c:\windows\system32\drivers\mrxdavv.sys"

"c:\windows\system32\kwave.sys"

"c:\windows\system32\mrxdavv.sys"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\mrxdavv.sys

c:\windows\system32\kwave.sys

c:\windows\system32\sqlite3.dll

.

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))

.

No new files created in this timespan

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2064-10-26 13:46 . 2064-10-26 13:46 -------- d-----w- c:\program files\microsoft frontpage

2064-10-26 13:43 . 2064-10-26 13:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2009-09-09 04:54 . 2007-08-03 19:15 -------- d-----w- c:\program files\Setup Files

2009-09-07 06:58 . 2009-03-07 17:48 -------- d-----w- c:\program files\Java

2009-09-07 06:32 . 2009-09-07 06:32 574 ----a-w- C:\cleanup.bat

2009-09-07 06:32 . 2009-09-07 06:32 376 ----a-w- c:\program files\hiwoowg.txt

2009-09-07 06:32 . 2009-09-07 06:32 135168 ----a-w- C:\zip.exe

2009-09-07 01:22 . 2009-09-07 01:22 -------- d-----w- c:\program files\ERUNT

2009-09-07 00:07 . 2009-09-07 00:07 -------- d-----w- c:\program files\Trend Micro

2009-09-06 23:24 . 2009-09-05 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-06 21:19 . 2009-09-06 21:19 324 ----a-w- c:\program files\gauisqd.txt

2009-09-05 02:24 . 2009-09-05 02:24 89520 ----a-w- c:\windows\system32\seccommutil.dll

2009-09-05 02:24 . 2009-09-05 02:24 320912 ----a-w- c:\windows\system32\seccomm.dll

2009-09-05 02:24 . 2009-09-05 02:24 299904 ----a-w- c:\windows\system32\EMSAgent.dll

2009-09-05 02:24 . 2009-09-05 02:24 236984 ----a-w- c:\windows\system32\FileStore.dll

2009-09-05 02:24 . 2009-09-05 02:24 200120 ----a-w- c:\windows\system32\eEyePKI.dll

2009-09-05 02:24 . 2009-09-05 02:24 186784 ----a-w- c:\windows\system32\eevtc.dll

2009-09-05 02:24 . 2009-09-05 02:24 176584 ----a-w- c:\windows\system32\DeploySupport.dll

2009-09-05 02:24 . 2009-09-05 02:24 284016 ----a-w- c:\windows\system32\DebugRpt.dll

2009-09-05 02:24 . 2009-09-05 02:24 252272 ----a-w- c:\windows\system32\LocalStorage.dll

2009-09-05 02:24 . 2009-09-05 02:24 1801168 ----a-w- c:\windows\system32\elic.dll

2009-09-05 02:19 . 2009-09-05 02:18 -------- d-----w- c:\program files\Common Files\eEye Digital Security

2009-09-05 01:40 . 2009-09-05 01:40 -------- d-----w- c:\program files\CCleaner

2009-09-05 01:21 . 2009-09-05 01:18 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-02 04:29 . 2009-02-06 05:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent

2009-08-28 19:33 . 2009-08-28 19:33 -------- d-----w- c:\program files\Common Files\TSCUninstall

2009-08-16 04:01 . 2009-02-11 01:24 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss

2009-08-13 17:18 . 2007-08-12 06:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-08 00:47 . 2009-03-01 17:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-05 09:01 . 2002-08-29 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 20:36 . 2009-03-01 17:44 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 20:36 . 2009-03-01 17:44 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-31 22:23 . 2009-03-07 17:48 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-31 14:57 . 2009-06-22 00:00 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-17 19:01 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 06:43 . 2007-08-03 14:46 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:12 . 2006-06-23 18:33 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2007-08-03 14:45 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2002-08-29 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2002-08-29 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2002-08-29 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2002-08-29 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2002-08-29 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2002-08-29 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2002-08-29 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

.

------- Sigcheck -------

[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\mspmsnsv.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-09-06_21.55.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-09 05:09 . 2009-09-09 05:09 16384 c:\windows\Temp\Perflib_Perfdata_1d0.dat

+ 2009-09-09 00:10 . 2009-09-09 00:10 60024 c:\windows\system32\drivers\eeyetv64.sys

- 2009-05-02 02:10 . 2009-05-02 02:10 60024 c:\windows\system32\drivers\eeyetv64.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 48248 c:\windows\system32\drivers\eeyetv.sys

- 2009-05-02 02:10 . 2009-05-02 02:10 48248 c:\windows\system32\drivers\eeyetv.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 71536 c:\windows\system32\drivers\eeyet.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 49784 c:\windows\system32\drivers\eeyenv64.sys

- 2009-05-02 02:10 . 2009-05-02 02:10 49784 c:\windows\system32\drivers\eeyenv64.sys

- 2009-05-02 02:10 . 2009-05-02 02:10 42616 c:\windows\system32\drivers\eeyenv.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 42616 c:\windows\system32\drivers\eeyenv.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 76144 c:\windows\system32\drivers\eeyen64.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 57712 c:\windows\system32\drivers\eeyen.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 98424 c:\windows\system32\drivers\eeyehv64.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 79992 c:\windows\system32\drivers\eeyehv.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 95088 c:\windows\system32\drivers\eeyehf64.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 93552 c:\windows\system32\drivers\eeyeh.sys

+ 2009-09-07 06:58 . 2009-07-31 22:23 149280 c:\windows\system32\javaws.exe

+ 2009-09-07 06:58 . 2009-07-31 22:23 145184 c:\windows\system32\javaw.exe

- 2009-03-07 17:48 . 2009-03-07 17:48 144792 c:\windows\system32\java.exe

+ 2009-09-07 06:58 . 2009-03-07 17:48 144792 c:\windows\system32\java.exe

+ 2009-09-09 00:10 . 2009-09-09 00:10 102256 c:\windows\system32\drivers\eeyet64.sys

+ 2009-09-09 00:10 . 2009-09-09 00:10 133744 c:\windows\system32\drivers\eeyehf.sys

+ 2009-09-09 00:29 . 2009-09-09 00:29 578560 c:\windows\system32\dllcache\user32.dll

+ 2009-09-09 00:26 . 2009-09-09 00:26 212992 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2009-09-09 00:26 . 2008-08-07 22:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2009-09-09 00:26 . 2009-09-09 00:26 212992 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2009-09-09 00:26 . 2008-08-07 22:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2009-09-08 20:07 . 2009-09-08 20:07 212992 c:\windows\ERDNT\AutoBackup\9-8-2009\Users\00000002\UsrClass.dat

+ 2009-09-08 20:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-8-2009\ERDNT.EXE

+ 2009-09-07 18:49 . 2009-09-07 18:49 212992 c:\windows\ERDNT\AutoBackup\9-7-2009\Users\00000002\UsrClass.dat

+ 2009-09-07 18:49 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-7-2009\ERDNT.EXE

+ 2009-09-07 06:36 . 2009-09-07 06:36 208896 c:\windows\ERDNT\AutoBackup\9-6-2009\Users\00000002\UsrClass.dat

+ 2009-09-07 06:36 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\9-6-2009\ERDNT.EXE

+ 2009-09-07 01:23 . 2009-09-07 01:23 208896 c:\windows\ERDNT\9-6-2009\Users\00000002\UsrClass.dat

+ 2009-09-07 01:23 . 2005-10-20 19:02 163328 c:\windows\ERDNT\9-6-2009\ERDNT.EXE

+ 2009-09-09 00:26 . 2009-09-09 00:26 8826880 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2009-09-09 00:26 . 2009-09-09 00:26 8826880 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2009-09-08 20:07 . 2009-09-08 20:07 8826880 c:\windows\ERDNT\AutoBackup\9-8-2009\Users\00000001\NTUSER.DAT

+ 2009-09-07 18:49 . 2009-09-07 18:49 8826880 c:\windows\ERDNT\AutoBackup\9-7-2009\Users\00000001\NTUSER.DAT

+ 2009-09-07 06:36 . 2009-09-07 06:36 8826880 c:\windows\ERDNT\AutoBackup\9-6-2009\Users\00000001\NTUSER.DAT

+ 2009-09-07 01:23 . 2009-09-07 01:23 8826880 c:\windows\ERDNT\9-6-2009\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-29 8466432]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2004-02-09 65024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Blink.lnk - c:\program files\eEye Digital Security\Blink\Blink.exe [2009-9-8 693704]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk

backup=c:\windows\pss\CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^dmaupd32.exe]

path=c:\documents and settings\Owner\Start Menu\Programs\Startup\dmaupd32.exe

backup=c:\windows\pss\dmaupd32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\eEye Digital Security\\Application Bus\\eeyeevnt.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 eeyen;eEye NDIS driver;c:\windows\system32\drivers\eeyen.sys [9/8/2009 5:10 PM 57712]

R1 eeyeh;eeyeh;c:\windows\system32\drivers\eeyehf.sys [9/8/2009 5:10 PM 133744]

R1 eeyet;eEye TDI driver;c:\windows\system32\drivers\eeyet.sys [9/8/2009 5:10 PM 71536]

R2 ndiskio;eEye DirectDisk Access Driver;c:\windows\system32\drivers\Ndiskio.sys [3/25/2009 10:34 AM 20448]

S0 qaimfq;qaimfq; [x]

S0 uukb;uukb;c:\windows\system32\drivers\vwzv.sys --> c:\windows\system32\drivers\vwzv.sys [?]

S0 wijcxckz;wijcxckz; [x]

S1 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-6741 v3.70\HwIOctl.sys --> c:\program files\Setup Files\MS-6741 v3.70\HwIOctl.sys [?]

S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/10/2007 4:26 PM 472644]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.yahoo.com

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: com.tw\www.msi

Trusted Zone: fender.com\meet

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ddb5ddlv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-08 22:10

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{70C8E441-C7ED-11D1-82FB-00A0C91EEDE9}\ProxyStubC*sid32]

@Class="REG_SZ"

@="{455ACF57-5345-11D2-99CF-00C04F797BC9}"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3316)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\progra~1\SPYBOT~1\SDHelper.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

c:\program files\Common Files\eEye Digital Security\Application Bus\EEYEEVNT.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-09-09 22:21 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-09 05:21

ComboFix2.txt 2009-09-07 00:42

Pre-Run: 31,854,227,456 bytes free

Post-Run: 31,898,955,776 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

276 --- E O F --- 2009-09-05 10:01

Link to post
Share on other sites

Go to Control Panel and Add-or-Remove programs.

De-install Kaspersky Online scan

Look for it and click the line for it. Select Change/Remove to de-install it.

OK & Exit out of Control Panel

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used; followed by advice on staying safer.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after x and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the command box that opens, type or copy/paste
    combofix /u
    and then click OK.

  • Please double-click OTL.exe otlDesktopIcon.png to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

We are finished here. Best regards.

Link to post
Share on other sites

  • 3 weeks later...

This thread is resolved and is now closed.

The procedures used here were specific to this system and only for this system. Do not apply them to another; doing so will likely damage your system.

If you are a casual observer and having same issues, please follow forum procedures and create your own New topic.

I'm infected - What do I do now?

Procedures to help resolve issues preventing MBAM from running

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.