File changed into .exe & .dll due to virus [Solved/Closed]

vikas651 - Mar 6, 2010 at 12:04 AM - Latest reply: Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen
- Mar 10, 2010 at 10:07 AM
Hello,
I'm on a bad problem, when I took data from memory card, then that partition of the folder's properties changed into .exe & some other into .dll . That part is not open any folder(open as like 'dos') the folder size 24 KB is visible. Partition size while ago looks like,after restart my pc then all folders hid to the another partition of the disk.What I will be able to find my data again ? Please help me,I'll be your forever grateful.thanks.specify all possibility about recover my data.thanks again.
your sincerely
Mr. Vikas Mehta (Patna,India)
See more 

15 replies

Best answer
Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen - Mar 6, 2010 at 06:00 AM
1
Thank you
Hello Vikas,

This is more complex situation than any other virus. In order to help you I really need to identify the virus which could be a USB type virus.

To help me identify the virus ans prescribe the proper remedy, please download, install and run Hyjackthis. From Hyjackthis' main page request a scan and save log. When the scan is over a log will automatically open. PLease copy the log and paste it here.

Hyjackthis gives a picture of the processes that are running as well as of the registry entries susceptible of hiding a virus.

Here is the link to Hyjackthis:

http://free.antivirus.com/hijackthis/

Best regards

Ambucias
Shawinigan, Quebec

Thank you, Ambucias 1

Something to say? Add comment

CCM has helped 1671 users this month

vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 6, 2010 at 08:26 AM
i paste below the hijackthis log file.i am very happy about ur kind work.For this noble cause you I will thank you wholeheartedly, I hope that you my solution to this serious problem must Lengen. I'm waiting to your trust, certainly now that you are trying I will get rid of this crisis.thanks,
your faithfully
Vikas Kumar Mehta



Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:28:46 PM, on 3/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Micromax\MMX300G\WirelessCard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MyWirelessCard] C:\Program Files\Micromax\MMX300G\WirelessCard.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EA4F85F-375B-4A09-890F-36ECE30BC7E5}: NameServer = 218.248.255.161 218.248.240.180
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 6, 2010 at 08:41 AM
I'm worried about this problem whole day, and I formatted the C Drive, is still producing the problem, currently I am using windows xp home edition os,
Best answer
Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen - Mar 6, 2010 at 01:10 PM
1
Thank you
Hello Vikas,

I have studied your Hyjackthis log. Other than the peculiar absence of a anti-virus program, all seems fine.

Formatting C I don't think is the ideal solution. If a virus there is, you memory card may have got infected from another computer.

Now that you have transfered the files to your computer, I suggest the following:

Download, install and do an update of Malwarebyte. Scan you machine as well as the files in question. Tell me about the results. Here is where you may download Malwarebyte:

http://ccm.net/download/download-105-malwarebytes-anti-malware

Thank you, Ambucias 1

Something to say? Add comment

CCM has helped 1671 users this month

vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 7, 2010 at 06:55 AM
Respected Sir,
Follow the instructions tell you. The situation has not improved, I have run malware bytes application. Log file which has paste down. I wonder this type of attack c program drive how the virus survives. while the rest Drive are badly affected,my system of two hard disk (160GB & 250GB) are engaged, which is divided into 6 parts, In C and D did install the XP & WIN7, after the remaining E , F, G & H kept my important data. Now that everything is lost. You become a ray of hope has appeared. I would like some special time that you must give me. I talk to local experts then all expressed helplessness in this regard. And I have one simple suggestion .. erase, it really was for me to worry, but after meeting you hope is tied, in this direction as I tell you worked , the situation is as before, I would like you to understand my problem properly. So I told my behalf by collecting all possible information presented here has attempted to do. I've added some slides through LINK.. Which will help you to read my problem.

My problem ......
Memory Card data in E drive when I did copy paste. Then suddenly already changed all the folder's properties. His look has also changed. When I try to open it then he began to open the dos window and am doing it off when the pop up window message appears " end programme. end now / cancel ". Instead it found the folder on the property check .exe has changed. Which is just 24 KB size. All folders .exe has changed and the size is equal. When I did find Ristart rest of the drive system All folders are hidden. programme drive is absolutely fine and all application working.The situation remains the same. After opening all the hidden folder dos window I can see. Perhaps you might have understood me. Even if some information is left, then we will be waiting impatiently for your information. I'm through several photos of a link, which will help you. This time, my major great sorrow of losing data, but am happy that you are my guide. I am a computer science student and I like this kind of challenge and it is better then when you get together . You are my inspiration. with the hope you give me your valuable time. I shall be grateful. My English is weak, therefore improving read my mistakes. I have some curiosity. (1) how the hidden folder can be expressed? (2) What dos can burn data to help? If so, how?
We will wait for your answer.
Your sincerely
Vikas Kumar,Patna,(India)
-----------------------------------------------------------------------------------------------------------------------------
(malware bytes log file)
----------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/7/2010 8:52:27 AM
mbam-log-2010-03-07 (08-52-27).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 162973
Time elapsed: 24 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\temp\Windows 7 Ultimate Keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
F:\2010 Net Download\February\Adobe CS4 100% WITH CRACK\Photoshop\UNZIP CRACK\keygen2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
F:\wanted software\crack soft\INTERNET DOWNLOAD MANEGER FULL100%\Internet.Download.Manager.v5.17.WinALL.Incl.Keygen.and.Patch-BRD\UNZIP CRACK\Patch\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.-----------------------------]

-----------------------------------------------------------------------------------------------------------------------------
PHOTOGRAPH'S LINK > http://cid-85296ec00c399f36.skydrive.live.com/browse.aspx/CONTENT%20ALBUM
-----------------------------------------------------------------------------------------------------------------------------
vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 8, 2010 at 07:42 AM
Respected Sir,
What have you ignore me ? I spent all day waiting for your answer, whatever it is please tell me for sure. I will be waiting impatiently for your answer.
Thank you
vikas mehta
Best answer
Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen - Mar 8, 2010 at 08:23 AM
1
Thank you
Hello Vikas,

Sorry for the delay in responding for you see I live in Canada and there is quite a time difference between Patna and Shawinigan, Quebec.

Here is the remedy which just may be your solution. If after this fix, something is still wrong, I will ask Melissio to help you. He also lives in India, he is a fine and distinguished gentleman.

Please Vikas, download and run Combofix
•Disable or Close all anti-spyware, anti-malware antivirus real-time protection, which may affect ComboFix.
While disabled, your system will vulneral to attack, so please turn off your modem or disconnect from Internet.
•Download the latest version of ComboFix (2.8mb)save to you desktop

Please connect all of your removal drives and other USB memory devices.

http://www.combofix.org/download.php•Close all programs of you computer

•Double click ComboFix.exe on you desktop
•When Combofix finished, it will create logs for you.

Before you run Combofix, you may wish to read this tutorial on its use:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Good luck and let me know about the results. Please be patient if I do not reply immediately, but I will.

Best regards

Thank you, Ambucias 1

Something to say? Add comment

CCM has helped 1671 users this month

vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 8, 2010 at 08:49 AM
Sorry, I was very upset, but again you've come to help me, I'll give you the results soon, your support made me happy. Thank you so much.
Best answer
Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen - Mar 8, 2010 at 04:19 PM
1
Thank you
Hello Viskas,

I am encouraged by the results.

I would very much like to know what is hidden in those folders.

Do you still have folders which were changed in .exe and .dll? Do you need the data that was in those folders?

Why don't I see an antivirus programme?

Do you by any chance sometimes use a usb key or pendrive to transfer data from your computer to another which is not yours in the course of your studies? Do you have removable memory devices?

I would appreciate a new log but not a Hyjackthis but from ZHP Diag.

Please download and install the following, request a scan, and post the scan log here. At start the application is in French but don't be afraid. If you click on the hard construction headwear, you can change the language to English. it give a much more extensive report.

Please, read the report also and let me know your opinion, things you understand and do not understand. Thank you.

Here is the link:

http://www.commentcamarche.net/download/download-34066799-zhpdiag

I hope that Melissio from Mumbai will be online soon to take a look at all this. As I am writting to you it is here 5:15 PM. I will return here tomorrow morning.

Best regards

P.S. The application will create two icons on your desktop. One of them is called fix, we will not require that component for the moment.

Thank you, Ambucias 1

Something to say? Add comment

CCM has helped 1671 users this month

vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 10, 2010 at 08:31 AM
hello
sir,please tell me ur opinion about this case.i want to know all about this case.How have you managed it. Congratulations to you.
Best answer
Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen - Mar 10, 2010 at 10:07 AM
1
Thank you
Greetings Viskas,

You are a gentleman and a scolar! Congratulations to you for your hard work, passion and patience. I am very happy that the final solution worked for you, you are most deserving. Praise Vishnu!

F-Secure I also use, although no Internet security programme is perfect, I find that F-Secure is among the best in the market.

I looked at your latest log and everything looks just fine. Combox Fix was the most drastic but the last resort as it is to be used with moderation and decerment.

I was most happy to help a person such as you.

My very best regards to you and good luck.

Jules
Shawinigan, Quebec
Canada

Thank you, Ambucias 1

Something to say? Add comment

CCM has helped 1671 users this month

Ambucias 53253 Posts Monday February 1, 2010Registration dateSecurity contributorStatus July 19, 2018 Last seen - Mar 8, 2010 at 09:01 AM
0
Thank you
I have already asked Melissio to have a look at your case. I am waiting for his reply.

Cheers
vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 8, 2010 at 01:35 PM
Hello Sir,
A little good news, since new experiments are given better results. After running the combo-fix folder appear are all hidden. But this is a partial success because of the things still hidden inside the folder,But some of the files inside the folder is visible,who is healthy.Most files are still hidden.All folder is displayed right volume.Challenge remains for you.But it is a great achievement for me.I will wait for your next instructions.Below the combo-fix log file .I run the programme twice. But not any new change. As happened in the first.
thanks,vikas

-----[ first log]-------------------------------------------------------------------------------------------------------------
ComboFix 10-03-08.01 - VIKAS 03/08/2010 22:46:27.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2028.1692 [GMT 5.5:30]
Running from: c:\documents and settings\VIKAS\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 07:51 . 2010-03-08 07:51 -------- d-----w- c:\program files\AutocompletePro
2010-03-07 08:33 . 2010-03-07 08:33 -------- d--h--w- c:\windows\PIF
2010-03-07 08:10 . 2010-03-07 08:10 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 08:10 . 2010-03-07 08:10 -------- d-----w- c:\documents and settings\VIKAS\Local Settings\Application Data\Mozilla
2010-03-07 08:03 . 2010-03-07 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2010-03-07 08:02 . 2010-03-07 08:02 -------- d-----w- c:\program files\IVT Corporation
2010-03-07 02:51 . 2010-03-07 02:51 -------- d-----w- c:\documents and settings\VIKAS\Application Data\Malwarebytes
2010-03-07 02:51 . 2010-03-07 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-06 18:17 . 2010-03-08 14:50 -------- d-----w- c:\program files\W32[1].Netsky.Pmm Removal Tool
2010-03-06 17:10 . 2010-03-06 17:10 -------- d-----w- c:\documents and settings\VIKAS\Application Data\CyberLink
2010-03-06 17:07 . 2010-03-06 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:06 . 2001-03-08 13:00 24064 ------w- c:\windows\system32\msxml3a.dll
2010-03-06 17:06 . 2003-03-18 14:44 499712 ------w- c:\windows\system32\msvcp71.dll
2010-03-06 17:06 . 2003-02-20 23:12 348160 ------w- c:\windows\system32\msvcr71.dll
2010-03-06 17:06 . 2010-03-06 17:06 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:06 . 2010-03-06 09:26 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 17:06 . 2010-03-06 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 17:06 . 2010-03-06 09:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-06 13:53 . 2010-03-06 13:53 -------- d-----w- c:\program files\TrendMicro
2010-03-06 12:05 . 2010-03-06 12:00 -------- d-----w- c:\documents and settings\VIKAS\Application Data\BitTorrent
2010-03-06 11:59 . 2010-03-06 11:59 -------- d-----w- c:\program files\BitTorrent
2010-03-06 10:03 . 2010-03-06 10:03 12328 ----a-w- c:\documents and settings\VIKAS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 09:51 . 2010-03-06 09:51 -------- d-----w- c:\program files\Realtek
2010-03-06 09:51 . 2010-03-06 09:51 315392 ----a-w- c:\windows\HideWin.exe
2010-03-06 09:51 . 2010-03-06 09:44 -------- d-----w- c:\program files\Intel
2010-03-06 09:50 . 2010-03-06 09:50 -------- d-----w- c:\program files\Intel Desktop Board
2010-03-06 09:44 . 2010-03-06 09:44 -------- d-----w- c:\program files\MSXML 4.0
2010-03-06 09:34 . 2010-03-06 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-06 09:34 . 2010-03-06 09:34 -------- d-----w- c:\program files\Micromax
2010-03-06 09:27 . 2010-03-06 09:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-06 09:23 . 2010-03-06 09:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

R3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [3/6/2010 3:04 PM 99456]
.
.
------- Supplementary Scan -------
.
TCP: {8EA4F85F-375B-4A09-890F-36ECE30BC7E5} = 218.248.255.161 218.248.240.180
FF - ProfilePath - c:\documents and settings\VIKAS\Application Data\Mozilla\Firefox\Profiles\u6u2b769.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 22:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-08 22:48:25
ComboFix-quarantined-files.txt 2010-03-08 17:18

Pre-Run: 28,124,307,456 bytes free
Post-Run: 28,108,877,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3A8545C6070B2C049C559DD0EA4EE5F3

-----------------------------------------------------------------------------------------------------------------------------
-------[second log details]------------------------------------------------------------------------------------------------
ComboFix 10-03-08.01 - VIKAS 03/08/2010 23:42:52.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2028.1715 [GMT 5.5:30]
Running from: c:\documents and settings\VIKAS\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-08 07:51 . 2010-03-08 07:51 -------- d-----w- c:\program files\AutocompletePro
2010-03-07 08:33 . 2010-03-07 08:33 -------- d--h--w- c:\windows\PIF
2010-03-07 08:10 . 2010-03-07 08:10 0 ----a-w- c:\windows\nsreg.dat
2010-03-07 08:10 . 2010-03-07 08:10 -------- d-----w- c:\documents and settings\VIKAS\Local Settings\Application Data\Mozilla
2010-03-07 08:03 . 2010-03-07 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2010-03-07 08:02 . 2010-03-07 08:02 -------- d-----w- c:\program files\IVT Corporation
2010-03-07 02:51 . 2010-03-07 02:51 -------- d-----w- c:\documents and settings\VIKAS\Application Data\Malwarebytes
2010-03-07 02:51 . 2010-03-07 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-06 18:17 . 2010-03-08 14:50 -------- d-----w- c:\program files\W32[1].Netsky.Pmm Removal Tool
2010-03-06 17:10 . 2010-03-06 17:10 -------- d-----w- c:\documents and settings\VIKAS\Application Data\CyberLink
2010-03-06 17:07 . 2010-03-06 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:06 . 2001-03-08 13:00 24064 ------w- c:\windows\system32\msxml3a.dll
2010-03-06 17:06 . 2003-03-18 14:44 499712 ------w- c:\windows\system32\msvcp71.dll
2010-03-06 17:06 . 2003-02-20 23:12 348160 ------w- c:\windows\system32\msvcr71.dll
2010-03-06 17:06 . 2010-03-06 17:06 -------- d-----w- c:\program files\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:06 . 2010-03-06 09:26 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 17:06 . 2010-03-06 09:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 17:06 . 2010-03-06 09:34 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-06 13:53 . 2010-03-06 13:53 -------- d-----w- c:\program files\TrendMicro
2010-03-06 12:05 . 2010-03-06 12:00 -------- d-----w- c:\documents and settings\VIKAS\Application Data\BitTorrent
2010-03-06 11:59 . 2010-03-06 11:59 -------- d-----w- c:\program files\BitTorrent
2010-03-06 10:03 . 2010-03-06 10:03 12328 ----a-w- c:\documents and settings\VIKAS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 09:51 . 2010-03-06 09:51 -------- d-----w- c:\program files\Realtek
2010-03-06 09:51 . 2010-03-06 09:51 315392 ----a-w- c:\windows\HideWin.exe
2010-03-06 09:51 . 2010-03-06 09:44 -------- d-----w- c:\program files\Intel
2010-03-06 09:50 . 2010-03-06 09:50 -------- d-----w- c:\program files\Intel Desktop Board
2010-03-06 09:44 . 2010-03-06 09:44 -------- d-----w- c:\program files\MSXML 4.0
2010-03-06 09:34 . 2010-03-06 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-03-06 09:34 . 2010-03-06 09:34 -------- d-----w- c:\program files\Micromax
2010-03-06 09:27 . 2010-03-06 09:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-06 09:23 . 2010-03-06 09:23 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

R3 bsusbser;Basecom USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bsusbser.sys [3/6/2010 3:04 PM 99456]
.
.
------- Supplementary Scan -------
.
TCP: {8EA4F85F-375B-4A09-890F-36ECE30BC7E5} = 218.248.255.161 218.248.240.180
FF - ProfilePath - c:\documents and settings\VIKAS\Application Data\Mozilla\Firefox\Profiles\u6u2b769.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 23:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-08 23:45:08
ComboFix-quarantined-files.txt 2010-03-08 18:15
ComboFix2.txt 2010-03-08 17:18

Pre-Run: 28,112,351,232 bytes free
Post-Run: 28,083,326,976 bytes free

- - End Of File - - 67332D55EACB24F802E6C20F80BD9E47

------------------------------------------------------------------------------------------------------Finished/vikas-------
vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 10, 2010 at 08:22 AM
0
Thank you
Respected Sir,
I have no words to praise you. Sorry, I did a long time to come here again. But now that I am going to say, you have a really genius. You saved me a big crisis. This thing for the world not keep count. But for me it was a miracle.I wish that you continue to help ordinary people like this.
Sir, combo fix application after running all the primary folder and began to appear, but the data was not showing in folder, somewhere data showing, but no other place seemed completely, then I pre - Process repeated This {<1> Uncheck "Hide file extensions for known file types.<2>Uncheck "Hide protected operating system files."}..Now showing all files and folders, but it appears cloudy.Right now I'm excited, all I could save my data, which is all credit to you. I just have to copy all data in DVD. For your research I paste down the log file of ZHPDiag , I'm using F-SECURE anti-virus,that doesn't shows any kind of problem.I'll be your forever grateful.It is becoming a topic of discussion among my friends. All you are appreciated,
thank you so much sir,
vikas kumar,patna.
please reply me as soon as possible.

---------------------------------------------------------------------------------------------------------------------------------
Rapport de ZHPDiag/MD5 v1.25.1285 par Nicolas Coolman
Run by VIKAS at 3/9/2010 8:09:23 AM
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

---\\ Web Browser
MSIE: Internet Explorer v6.0.2900.5512
MFIE: Mozilla Firefox (3.6)

---\\ System Information
Platform : Microsoft Windows XP (5.1.2600) Service Pack 3
Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2028.3 MB (80% free)
System drive C: has 26 GB (87%) free of 30 GB

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 26 Go of 30 Go)
D:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 48 Go of 60 Go)
F:\ Hard drive, Flash drive, Thumb drive (Free 45 Go of 59 Go)
G:\ Hard drive, Flash drive, Thumb drive (Free 55 Go of 100 Go)
H:\ Hard drive, Flash drive, Thumb drive (Free 50 Go of 88 Go)
I:\ CD-ROM drive (Not Inserted)


---\\ Running Processes
[MD5.27C6D03BCDB8CFEB96B716F3D8BE3E18] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) -- C:\WINDOWS\System32\svchost.exe
[MD5.0E776ED5F7CC9F94299E70461B7B8185] - (.Microsoft Corporation - Services and Controller app.) -- C:\WINDOWS\system32\services.exe
[MD5.BF2466B3E18E970D8A976FB95FC1CA85] - (.Microsoft Corporation - LSA Shell (Export Version).) -- C:\WINDOWS\system32\lsass.exe
[MD5.D8E14A61ACC1D4A6CD0D38AEBAC7FA3B] - (.Microsoft Corporation - Spooler SubSystem App.) -- C:\WINDOWS\system32\spoolsv.exe


---\\ Internet Explorer URLSearchHook (R3)


---\\ Browser Helper Objects (O2)
[MD5.85FA85442063284E54E9960014D05C2F] - (.SimplyGen - AutocompletePro - Helps you search the web.) -- C:\Program Files\AutocompletePro\AutocompletePro.dll


---\\ Winsock hijacker (Layered Service Provider) (O10)
[MD5.B4138E99236F0F57D4CF49BAE98A0746] - (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\WINDOWS\system32\mswsock.dll
[MD5.D72B9EC3337B247A666F098F3D6B43DE] - (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
[MD5.B4138E99236F0F57D4CF49BAE98A0746] - (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provi.) -- C:\WINDOWS\system32\mswsock.dll


---\\ AppInit_DLLs Registry value Autorun (O20)
[MD5.E2092F0A1D7ABC243F9C2362483D150D] - (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
[MD5.7ADB6B9B6EE267C845A925196D79EA00] - (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll


---\\ ShellServiceObjectDelayLoad (O21)
[MD5.0CF50B1F45DAB08430C1DBB79FE2CA5B] - (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
[MD5.0CF50B1F45DAB08430C1DBB79FE2CA5B] - (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\WINDOWS\system32\SHELL32.dll
[MD5.E535E0A413655208D7180154150881C6] - (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
[MD5.50512FC9B7878E3C2C147BC17326A7DB] - (.Microsoft Corporation - Systray shell service object.) -- C:\WINDOWS\system32\stobject.dll


---\\ Windows Active Desktop Components (O24)


---\\ ActiveSetup Installed Components (O40)
[MD5.ED4041A9EE05C427D25A59D82BC3712E] - (.Unknown owner - No comment.) -- C:\WINDOWS\INF\msnetmtg.inf
[MD5.7916F9BA432F2C377DF93726B0CADAB7] - (.Unknown owner - No comment.) -- C:\WINDOWS\inf\ie.inf
[MD5.EF5175CE56D762931C468699B935B8ED] - (.Unknown owner - No comment.) -- C:\WINDOWS\INF\msmsgs.inf
[MD5.4821E93A91F7C3D9AA7E3332C0ED9B58] - (.Unknown owner - No comment.) -- C:\WINDOWS\INF\wmp.inf
[MD5.1240074B72B4F6F2D6AEE92DB1D29AED] - (.Macromedia, Inc. - Macromedia Flash Player 6.0 r79.) -- C:\WINDOWS\system32\macromed\flash\flash.ocx


---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.17D7055859D99A0D606CFAF17AE38638] - 3/6/2010 - 2:50:05 PM ---A- . (.Unknown owner - No comment.) -- C:\Boot.bak
O44 - LFC:[MD5.8DDDCD94C13AC84B08203D88004F24B9] - 3/6/2010 - 2:50:22 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\cmsetacl.log
O44 - LFC:[MD5.277BDF16A94BE0D063988D692541650B] - 3/6/2010 - 2:51:04 PM ---A- . (.Hilgraeve, Inc. - HyperTerminal Applet Library.) -- C:\WINDOWS\System32\hypertrm.dll
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 3/6/2010 - 2:51:24 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\wmimgmt.msc
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 3/6/2010 - 2:51:39 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\msdtcprf.h
O44 - LFC:[MD5.28E3647CBB608139AFB076103208552B] - 3/6/2010 - 2:51:40 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\msdtcprf.ini
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 3/6/2010 - 2:51:45 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\tslabels.h
O44 - LFC:[MD5.03C361FAB5AD67924C5150A384C62BE6] - 3/6/2010 - 2:51:45 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\tslabels.ini
O44 - LFC:[MD5.F463BC45CD34ADE54F801746B6D322B1] - 3/6/2010 - 2:51:45 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\usrlogon.cmd
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 3/6/2010 - 2:51:49 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\bopomofo.uce
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 3/6/2010 - 2:51:49 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\gb2312.uce
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 3/6/2010 - 2:51:50 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ideograf.uce
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 3/6/2010 - 2:51:50 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\kanji_1.uce
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 3/6/2010 - 2:51:50 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\kanji_2.uce
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 3/6/2010 - 2:51:50 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\korean.uce
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 3/6/2010 - 2:51:51 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\shiftjis.uce
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 3/6/2010 - 2:51:51 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\subrange.uce
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 3/6/2010 - 2:51:52 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Blue Lace 16.bmp
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 3/6/2010 - 2:51:52 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Coffee Bean.bmp
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 3/6/2010 - 2:51:52 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\FeatherTexture.bmp
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 3/6/2010 - 2:51:52 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Gone Fishing.bmp
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 3/6/2010 - 2:51:52 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Soap Bubbles.bmp
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 3/6/2010 - 2:51:53 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Greenstone.bmp
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 3/6/2010 - 2:51:53 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Prairie Wind.bmp
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 3/6/2010 - 2:51:53 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Rhododendron.bmp
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 3/6/2010 - 2:51:53 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\River Sumida.bmp
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 3/6/2010 - 2:51:53 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Santa Fe Stucco.bmp
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 3/6/2010 - 2:51:54 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Zapotec.bmp
O44 - LFC:[MD5.F759A6E14403BC3D7A55CCAD1B8F7B4A] - 3/6/2010 - 2:52:12 PM ---A- . (.Hilgraeve, Inc. - HyperTerminal Applet Library.) -- C:\WINDOWS\System32\hticons.dll
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 3/6/2010 - 2:53:06 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\sessmgr.setup.log
O44 - LFC:[MD5.D646DC16D95639D90938EDAAC71C569A] - 3/6/2010 - 2:53:09 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\DtcInstall.log
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 3/6/2010 - 2:53:15 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\vb.ini
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 3/6/2010 - 2:53:15 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\vbaddin.ini
O44 - LFC:[MD5.8F60637965C0078848BB38A7D33C9DE5] - 3/6/2010 - 2:53:22 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\emptyregdb.dat
O44 - LFC:[MD5.C8159C518A5B08B721257307061F50F7] - 3/6/2010 - 2:53:23 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\FaxSetup.log
O44 - LFC:[MD5.969BD4DF2A1263BFEB02C26574576C24] - 3/6/2010 - 2:53:23 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\msgsocm.log
O44 - LFC:[MD5.458253D30DD33E20706270A129FE4644] - 3/6/2010 - 2:53:23 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ocgen.log
O44 - LFC:[MD5.0C56AFBBDFA19694CA03F159A5724EA6] - 3/6/2010 - 2:53:42 PM ---A- . (.Intel Corporation - ISR Debug 32-bit Engine.) -- C:\WINDOWS\System32\isrdbg32.dll
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 3/6/2010 - 2:55:48 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\desktop.ini
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 3/6/2010 - 2:55:48 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\desktop.ini
O44 - LFC:[MD5.ECAA53E199B9DA1D41BEDA13CE5B016C] - 3/6/2010 - 2:55:49 PM -SH-- . (.Unknown owner - No comment.) -- C:\WINDOWS\winnt.bmp
O44 - LFC:[MD5.ECAA53E199B9DA1D41BEDA13CE5B016C] - 3/6/2010 - 2:55:49 PM -SH-- . (.Unknown owner - No comment.) -- C:\WINDOWS\winnt256.bmp
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/6/2010 - 2:56:36 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\cdplayer.exe.manifest
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/6/2010 - 2:56:36 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ncpa.cpl.manifest
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/6/2010 - 2:56:36 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\nwc.cpl.manifest
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/6/2010 - 2:56:36 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\sapi.cpl.manifest
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/6/2010 - 2:56:36 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 3/6/2010 - 2:56:36 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\WindowsShell.Manifest
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 3/6/2010 - 2:56:41 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\WindowsLogon.manifest
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 3/6/2010 - 2:56:41 PM R-HA- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\logonui.exe.manifest
O44 - LFC:[MD5.53D7F47255085310F50604FDE3076F97] - 3/6/2010 - 2:57:20 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ODBCINST.INI
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 3/6/2010 - 2:57:29 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\amcompat.tlb
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 3/6/2010 - 2:57:29 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\nscompat.tlb
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 3/6/2010 - 2:57:29 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\WMSysPr9.prx
O44 - LFC:[MD5.8715347D6B7B2E3A7CFE5ADF2D510CE3] - 3/6/2010 - 2:57:32 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\win.ini
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 2:57:33 PM ---A- . (.Unknown owner - No comment.) -- C:\AUTOEXEC.BAT
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 2:57:33 PM ---A- . (.Unknown owner - No comment.) -- C:\CONFIG.SYS
O44 - LFC:[MD5.01C47C2ECED034EF6F8C1552A97CFF00] - 3/6/2010 - 2:57:33 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\CONFIG.NT
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 2:57:33 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\control.ini
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 2:57:33 PM RSHA- . (.Unknown owner - No comment.) -- C:\IO.SYS
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 2:57:33 PM RSHA- . (.Unknown owner - No comment.) -- C:\MSDOS.SYS
O44 - LFC:[MD5.3CEF7C9B22579934AE46B5DB8D768115] - 3/6/2010 - 2:59:16 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\$winnt$.inf
O44 - LFC:[MD5.4C904D0E1CF9DEE7326602A83CA978BC] - 3/6/2010 - 2:59:19 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\comsetup.log
O44 - LFC:[MD5.6C8809CC1D71027D9A227FA7F0A7FF65] - 3/6/2010 - 2:59:19 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\iis6.log
O44 - LFC:[MD5.E08519FBA7BFB0063E9435972E55F383] - 3/6/2010 - 2:59:19 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\imsins.log
O44 - LFC:[MD5.A6C63D23F4E7CBC626DBF7BBD45DDDF5] - 3/6/2010 - 2:59:19 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ntdtcsetup.log
O44 - LFC:[MD5.B038C5225F4F7EFB2336E16FDCD48416] - 3/6/2010 - 2:59:19 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ocmsn.log
O44 - LFC:[MD5.ADF2CC25673FF2F3A5018BCD66305ECD] - 3/6/2010 - 2:59:19 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\tsoc.log
O44 - LFC:[MD5.D1F78AEEFF2CE38A74147E46168D4B39] - 3/6/2010 - 3:00:33 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\FNTCACHE.DAT
O44 - LFC:[MD5.4ECE7200FAAEF6F3B3B389C39576459F] - 3/6/2010 - 3:00:44 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\REGLOCS.OLD
O44 - LFC:[MD5.386114F3938A3FDC2C1D50A50D295576] - 3/6/2010 - 3:03:13 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\OEWABLog.txt
O44 - LFC:[MD5.1BBA0F845F3C609CEBAEB8F19522F207] - 3/6/2010 - 3:04:43 PM ---A- . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\WINDOWS\System32\ISUSPM.cpl
O44 - LFC:[MD5.B9DAEC1D8A8A65740C222419C8D808FE] - 3/6/2010 - 3:04:45 PM ---A- . (.Qualcomm Inc. - USB/Serial Device Driver.) -- C:\WINDOWS\System32\drivers\bsusbser.sys
O44 - LFC:[MD5.3143FD3D5255D9CE9EB628B09E71B13A] - 3/6/2010 - 3:14:44 PM ---A- . (.Windows XP Bundled build C-Centric Single U - CSVer.) -- C:\WINDOWS\System32\CSVer.dll
O44 - LFC:[MD5.658C4C9E436A8B7FA9BB7693A13E61D5] - 3/6/2010 - 3:17:52 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\DirectX.log
O44 - LFC:[MD5.E191CEDCF5C3127EBF43AF4631AD0309] - 3/6/2010 - 3:20:31 PM R--A- . (.Intel® Corporation - Intel® Graphics Media Accelerator Driver in.) -- C:\WINDOWS\System32\igxpun.exe
O44 - LFC:[MD5.1AB9ED2E5181D355BC6C929F4A1F4BDC] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - Component GHAL Driver.) -- C:\WINDOWS\System32\igxpdv32.dll
O44 - LFC:[MD5.AD1BBD352089B304A96EA8883D107D49] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - DirectDraw(R) Driver for Intel(R) Graphics.) -- C:\WINDOWS\System32\igxpdx32.dll
O44 - LFC:[MD5.8B220E5AA0438F657D4C54A9FCE8D193] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - Intel Graphics 2D Driver.) -- C:\WINDOWS\System32\igxpgd32.dll
O44 - LFC:[MD5.6171C485B2E9E617DC0CC8465799A009] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - Intel Graphics 2D Rotation Driver.) -- C:\WINDOWS\System32\igxprd32.dll
O44 - LFC:[MD5.C4018896856A1A1F1F3A0A6EE7206551] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
O44 - LFC:[MD5.DF129616C10DD0642B14606306AC1718] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - hccutils Module.) -- C:\WINDOWS\System32\hccutils.dll
O44 - LFC:[MD5.532B2CC5EA8DE07A46C18D01B7BE4C35] - 3/6/2010 - 3:20:41 PM R--A- . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\System32\igfxsrvc.dll
O44 - LFC:[MD5.7DEF9DFBDE081CAC48105CFCEC4F385C] - 3/6/2010 - 3:20:41 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\igxpxk32.vp
O44 - LFC:[MD5.F3E8AF8FE4BBE7DD92E7C01ACA607D70] - 3/6/2010 - 3:20:41 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\igxpxs32.vp
O44 - LFC:[MD5.965F504ED315449F6B0892A0B2C8373D] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - OpenGL(R) Device Driver for Intel(R) Graphi.) -- C:\WINDOWS\System32\igldev32.dll
O44 - LFC:[MD5.CDA24D74294DD11143D4072382EBB5AB] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - OpenGL(R) Driver for Intel(R) Graphics Acce.) -- C:\WINDOWS\System32\iglicd32.dll
O44 - LFC:[MD5.4CCD8266E948D29C698FE6393D5A9CA9] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\System32\hkcmd.exe
O44 - LFC:[MD5.407E99FD256DAF061C4FFADC0AB0DDBB] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\System32\igfxtray.exe
O44 - LFC:[MD5.C99CC4BC7EB1D7EECDEC2A47D0D9C656] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxcfg Module.) -- C:\WINDOWS\System32\igfxcfg.exe
O44 - LFC:[MD5.D56307745C925FF23D735CF9AEF9A33E] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxcpl Module.) -- C:\WINDOWS\System32\igfxcpl.cpl
O44 - LFC:[MD5.7ADB6B9B6EE267C845A925196D79EA00] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\System32\igfxdev.dll
O44 - LFC:[MD5.93D07B4BC967022E3748C42E0DBE02FD] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxdo Module.) -- C:\WINDOWS\System32\igfxdo.dll
O44 - LFC:[MD5.4525FC85D4EA33F96329FF10D804EE49] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxext Module.) -- C:\WINDOWS\System32\igfxexps.dll
O44 - LFC:[MD5.A8664E65B6F813753ED8457B55B6224F] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxext Module.) -- C:\WINDOWS\System32\igfxext.exe
O44 - LFC:[MD5.EE4CD48EB6FAFC5B9CBEAA891E221723] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxpph Module.) -- C:\WINDOWS\System32\igfxpph.dll
O44 - LFC:[MD5.2A9C845FB8C063B2DE749F568902D61B] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrara.lrc
O44 - LFC:[MD5.BF441B1CEF5B140C60FF0459B1BECAE0] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrchs.lrc
O44 - LFC:[MD5.A09EFE363059FA65CDB0B9B500F409EF] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrcht.lrc
O44 - LFC:[MD5.5AB15DA570EF86F5C144C084DD328641] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrcsy.lrc
O44 - LFC:[MD5.0A448C5AB28DBA7D9FEE4E87B5E19802] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrdan.lrc
O44 - LFC:[MD5.CC89FC23E9BF98EEE267E3ACB453AC50] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrdeu.lrc
O44 - LFC:[MD5.DCDB03542031739BB2ECDAC5D2AF8DCD] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrell.lrc
O44 - LFC:[MD5.CCE2DD63B3D8E5EEBAA1034DDF40946D] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrenu.lrc
O44 - LFC:[MD5.1F483D8F2A19E013368735E91457E9CD] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxresp.lrc
O44 - LFC:[MD5.1462DCB57A5DF61EEE5905C2FA794E7C] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrfin.lrc
O44 - LFC:[MD5.BD978661400820A4F10BA55F708B2CE4] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrfra.lrc
O44 - LFC:[MD5.E051B154DFF9C589D97F08F5555CE098] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrheb.lrc
O44 - LFC:[MD5.97F290FDA35CFFE384C30051EDCFCF1F] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrhun.lrc
O44 - LFC:[MD5.92DEFC2E3B876A4EDC7C26E646EC13A2] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrita.lrc
O44 - LFC:[MD5.49DB9F9D5D107EFCE242486431324D59] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrjpn.lrc
O44 - LFC:[MD5.D8083E6E10600C46E9BF50D04AF26361] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrkor.lrc
O44 - LFC:[MD5.F033E143C1619F833A2232374E366DFC] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrnld.lrc
O44 - LFC:[MD5.618225DF83F92340606A903642EFDFA5] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrnor.lrc
O44 - LFC:[MD5.D64CBE768CBFDC870C2885B04C25BF2C] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrplk.lrc
O44 - LFC:[MD5.B0BD694FACD1EC58E3E42E0B682749FB] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrptb.lrc
O44 - LFC:[MD5.38A8369156120288D75B10D8B3580755] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrptg.lrc
O44 - LFC:[MD5.07D2251D51FC1270FEF022F59CC993C2] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrrus.lrc
O44 - LFC:[MD5.1536AB8AC31064A311F3FA1045CF5CAB] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrsky.lrc
O44 - LFC:[MD5.5CB5CD6E8A76E42C660C4E0205DFAE28] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrslv.lrc
O44 - LFC:[MD5.149452DA8936C976B1F17486544A65BA] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrsve.lrc
O44 - LFC:[MD5.5D14EE56E547AEA27AB0256296BE9B7F] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrtha.lrc
O44 - LFC:[MD5.34DBD102AF5CDB016A585FFA9A59B94A] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxrtrk.lrc
O44 - LFC:[MD5.90910E2E1FA333CF03F92571DAA5824B] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxress Module.) -- C:\WINDOWS\System32\igfxress.dll
O44 - LFC:[MD5.FAB6E90B4229C2CAC944021E9211594F] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\System32\igfxsrvc.exe
O44 - LFC:[MD5.E6320B74F07933516D3AFD3F68813AA0] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - igfxzoom Module.) -- C:\WINDOWS\System32\igfxzoom.exe
O44 - LFC:[MD5.601D21C2B66AB945C0A73C07A8E0C928] - 3/6/2010 - 3:20:42 PM R--A- . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\System32\igfxpers.exe
O44 - LFC:[MD5.030C2D7A1562DBDC751995FA356DFC77] - 3/6/2010 - 3:20:42 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
O44 - LFC:[MD5.4FADCF6FEB354829D51D780DFF764D3C] - 3/6/2010 - 3:20:50 PM ---A- . (.Intel® Corporation - Intel® Management Engine Interface installe.) -- C:\WINDOWS\System32\heciudlg.exe
O44 - LFC:[MD5.C865D1F6D03595DF213DC3C67E4E4C58] - 3/6/2010 - 3:20:51 PM ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\System32\drivers\HECI.sys
O44 - LFC:[MD5.6A8CB90446387D6511AC24402669B6C8] - 3/6/2010 - 3:21:14 PM R--A- . (.Intel Corporation - Intel (R) PRO Network Connections Driver Un.) -- C:\WINDOWS\System32\Prounstl.exe
O44 - LFC:[MD5.2FBE6AFA6EA1F376791EF452EF2BB9ED] - 3/6/2010 - 3:21:14 PM R--A- . (.Intel Corporation - Intel(R) Express Teaming CoInstaller.) -- C:\WINDOWS\System32\NicEtCoE.dll
O44 - LFC:[MD5.A726474BABF0E305C2A7FADE073AB6E2] - 3/6/2010 - 3:21:14 PM R--A- . (.Intel Corporation - Intel(R) Network Interface Card CoInstaller.) -- C:\WINDOWS\System32\NicCo.dll
O44 - LFC:[MD5.72B0FB6BD7DC2E8F9554AF24D817C6D7] - 3/6/2010 - 3:21:14 PM R--A- . (.Intel Corporation - Intel(R) Network Interface Card CoInstaller.) -- C:\WINDOWS\System32\NicInstE.dll
O44 - LFC:[MD5.D6984F253FED192EAD69E309DC82483C] - 3/6/2010 - 3:21:14 PM R--A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter Event-Log Message.) -- C:\WINDOWS\System32\e1000msg.dll
O44 - LFC:[MD5.34AAA3B298A852B3663E6E0D94D12945] - 3/6/2010 - 3:21:14 PM R--A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 5.2 deserial.) -- C:\WINDOWS\System32\drivers\e1e5132.sys
O44 - LFC:[MD5.A0FD71A7ED2308274512251A5B3979F6] - 3/6/2010 - 3:21:14 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\e1e5132.din
O44 - LFC:[MD5.2D65F8DB74C36819896CF809E4375F0A] - 3/6/2010 - 3:21:37 PM ---A- . (.Realtek Semiconductor Corp. - Hide Windows.) -- C:\WINDOWS\HideWin.exe
O44 - LFC:[MD5.C9D1D65169A08D20AEC8FF318E1C2DDE] - 3/6/2010 - 3:21:37 PM R---- . (.Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) -- C:\WINDOWS\RtlExUpd.dll
O44 - LFC:[MD5.EC05E964058693D1F71D1B5506B5CF09] - 3/6/2010 - 3:21:42 PM R---- . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\alcwzrd.exe
O44 - LFC:[MD5.8B4CBBA1EA526830C7F97E7822E2493A] - 3/6/2010 - 3:21:42 PM R---- . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\Alcmtr.exe
O44 - LFC:[MD5.C76445E155590D42F47EA86F9C2D7C2B] - 3/6/2010 - 3:21:42 PM R---- . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\System32\ALSndMgr.cpl
O44 - LFC:[MD5.9E1CADE5FDD67B40A8610BE9CB2B882C] - 3/6/2010 - 3:21:43 PM R---- . (.Realtek Semiconductor Corp. - Realtek Audio Microphone Calibration.) -- C:\WINDOWS\MicCal.exe
O44 - LFC:[MD5.03E3D8A81FCC50ECFBD6C8F22AC0B0C7] - 3/6/2010 - 3:21:44 PM R---- . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe
O44 - LFC:[MD5.C1E3CF28AAA41F1F1E3AA9D110D9447C] - 3/6/2010 - 3:21:47 PM R---- . (.Realtek Semiconductor Corp. - Realtek Audio Control Panel.) -- C:\WINDOWS\RTLCPL.exe
O44 - LFC:[MD5.B1A809E7FE19BECD5ACA61F0E7088C8C] - 3/6/2010 - 3:21:47 PM R---- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function D.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
O44 - LFC:[MD5.F64D1364B1332E8E5B9B96AFFC9EE118] - 3/6/2010 - 3:21:49 PM R---- . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\System32\RTSndMgr.cpl
O44 - LFC:[MD5.964771A8E668CE64708ABE8B95BF5FD2] - 3/6/2010 - 3:21:50 PM R---- . (.Realtek Semiconductor Corp. - Driver Update and remove for Windows x64 or.) -- C:\WINDOWS\RtlUpd.exe
O44 - LFC:[MD5.1AFA1CBBB859A9F335FEC2F8CF3D5D0B] - 3/6/2010 - 3:21:50 PM R---- . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\WINDOWS\SkyTel.exe
O44 - LFC:[MD5.0D034E8C4F88C5B2B0C1AF3CF438CC4F] - 3/6/2010 - 3:21:51 PM R---- . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SoundMan.exe
O44 - LFC:[MD5.03D9804DC999A6D324686102FBC14F01] - 3/6/2010 - 3:22:09 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\PerfStringBackup.INI
O44 - LFC:[MD5.9D5E6A7E20B8919D793D13CE01B7C2C8] - 3/6/2010 - 3:22:09 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\perfc009.dat
O44 - LFC:[MD5.C04DF8F6087A2135B97255A8D27806C4] - 3/6/2010 - 3:22:09 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\perfh009.dat
O44 - LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] - 3/6/2010 - 3:22:10 PM R---- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\ChCfg.exe
O44 - LFC:[MD5.A0BC58FB0895FF57D48ADA93FC7C7429] - 3/6/2010 - 3:22:14 PM ---A- . (.Unknown owner - No comment.) -- C:\RHDSetup.log
O44 - LFC:[MD5.661F4DE797048A81C9C59AF2679647E6] - 3/6/2010 - 3:22:14 PM ---A- . (.Unknown owner - No comment.) -- C:\realtek.log
O44 - LFC:[MD5.CCE2DD63B3D8E5EEBAA1034DDF40946D] - 3/6/2010 - 3:26:43 PM R--A- . (.Intel Corporation - igfxres Module.) -- C:\WINDOWS\System32\igfxres.dll
O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 3/6/2010 - 3:26:51 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\BuzzingBee.wav
O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 3/6/2010 - 3:26:51 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\LoopyMusic.wav
O44 - LFC:[MD5.249413E591712ADDEE1AB627CF4F5C14] - 3/6/2010 - 5:16:02 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\pid.PNF
O44 - LFC:[MD5.8C3CC08662398A535FB8F3FD941EB742] - 3/6/2010 - 7:09:24 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\wmsetup.log
O44 - LFC:[MD5.05531EAE692A18A634A7129E13B22895] - 3/6/2010 - 7:09:48 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\setupact.log
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 8:06:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\setuperr.log
O44 - LFC:[MD5.4D4FFA3DAD3C93478DD6B74A7FF09F36] - 3/6/2010 - 8:07:00 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\SET3.tmp
O44 - LFC:[MD5.D84CCA844A329765D9734B534B226FE3] - 3/6/2010 - 8:07:02 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\SET4.tmp
O44 - LFC:[MD5.C88469E6A8796CD38BD931E18BFD6139] - 3/6/2010 - 8:07:05 PM R--A- . (.Unknown owner - No comment.) -- C:\WINDOWS\SET8.tmp
O44 - LFC:[MD5.30475F091008E24550523515A023270D] - 3/6/2010 - 8:07:16 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\AUTOEXEC.NT
O44 - LFC:[MD5.060110976C713D49CEFEE9A7291CE9D7] - 3/6/2010 - 8:07:19 PM ---A- . (.Digi International - DGSETUP DLL.) -- C:\WINDOWS\System32\dgsetup.dll
O44 - LFC:[MD5.5726CB81771655731D011ABD878CB65D] - 3/6/2010 - 8:07:19 PM ---A- . (.Equinox Systems Inc. - Equinox Multiport Serial Coinstaller.) -- C:\WINDOWS\System32\EqnClass.Dll
O44 - LFC:[MD5.1C3C9B5B42A50D2D86CAF2EC05D34B3C] - 3/6/2010 - 8:07:19 PM ---A- . (.Perle Systems Ltd. - Specialix MPS NT Upgrade CoInstaller.) -- C:\WINDOWS\System32\spxcoins.dll
O44 - LFC:[MD5.1E8F9818D695F8759B125EE146BEB935] - 3/6/2010 - 8:07:20 PM ---A- . (.Digi International, Inc. - Digi RealPort® Driver Upgrade.) -- C:\WINDOWS\System32\dgrpsetu.dll
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 3/6/2010 - 8:07:20 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_20127.nls
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 3/6/2010 - 8:07:22 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10010.nls
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 3/6/2010 - 8:07:22 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10029.nls
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 3/6/2010 - 8:07:22 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10082.nls
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 3/6/2010 - 8:07:22 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_852.nls
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 3/6/2010 - 8:07:25 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\C_28594.NLS
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 3/6/2010 - 8:07:25 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_855.nls
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 3/6/2010 - 8:07:25 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_866.nls
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 3/6/2010 - 8:07:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\C_28597.NLS
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 3/6/2010 - 8:07:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10006.nls
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 3/6/2010 - 8:07:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_737.nls
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 3/6/2010 - 8:07:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_869.nls
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 3/6/2010 - 8:07:28 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_875.nls
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 3/6/2010 - 8:07:31 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\C_28595.NLS
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 3/6/2010 - 8:07:31 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10007.nls
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 3/6/2010 - 8:07:31 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10017.nls
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 3/6/2010 - 8:07:33 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_10081.nls
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 3/6/2010 - 8:07:33 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_28599.nls
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 3/6/2010 - 8:07:33 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_857.nls
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 3/6/2010 - 8:07:36 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\c_28603.nls
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/6/2010 - 8:10:08 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\Sti_Trace.log
O44 - LFC:[MD5.E10D6DA37CD35DD080391843BD40291D] - 3/6/2010 - 8:10:09 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\wiadebug.log
O44 - LFC:[MD5.9484321DC3A2A2BB6842596AD261E49B] - 3/6/2010 - 8:10:10 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\wiaservc.log
O44 - LFC:[MD5.E704FA96428673321171800BE7D6A374] - 3/6/2010 - 8:10:31 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\regopt.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/6/2010 - 8:19:42 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\h323log.txt
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/7/2010 - 1:32:23 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\0
O44 - LFC:[MD5.87E5AAE1AA9431EF1DDEDC46D2145BDB] - 3/7/2010 - 1:33:07 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\0
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/7/2010 - 1:40:16 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\nsreg.dat
O44 - LFC:[MD5.AEE95DC2CF867ACFD70153AC6BD49CEA] - 3/7/2010 - 5:03:20 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\setuplog.txt
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 3/8/2010 - 10:44:14 PM ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 3/8/2010 - 10:44:14 PM ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 3/8/2010 - 10:44:14 PM ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 3/8/2010 - 10:44:14 PM ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe
O44 - LFC:[MD5.C5EC72A20B4C98DB5314E6C46765B148] - 3/8/2010 - 10:44:14 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\MBR.exe
O44 - LFC:[MD5.4E20F3B27B334E9273FC3890B7948BD8] - 3/8/2010 - 10:44:14 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\PEV.exe
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 3/8/2010 - 10:44:14 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\grep.exe
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 3/8/2010 - 10:44:14 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\sed.exe
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 3/8/2010 - 10:44:14 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\zip.exe
O44 - LFC:[MD5.94E5450C43E4CF78E1D3AD4816966909] - 3/8/2010 - 10:45:51 PM ---A- . (.Unknown owner - No comment.) -- C:\cmldr
O44 - LFC:[MD5.2B8384AFAC545044FCDAEEF875075F13] - 3/8/2010 - 10:45:53 PM RSHA- . (.Unknown owner - No comment.) -- C:\boot.ini
O44 - LFC:[MD5.997584FEE40DED5BF33A95A83F8C0EB2] - 3/8/2010 - 11:44:26 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system.ini
O44 - LFC:[MD5.9D4D9B05D0D69F844B7E7C12396C260A] - 3/8/2010 - 11:45:08 PM ---A- . (.Unknown owner - No comment.) -- C:\ComboFix.txt
O44 - LFC:[MD5.598FDC859529992101F4CFE089526A56] - 3/8/2010 - 8:21:06 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt
O44 - LFC:[MD5.9A78FA2AECFD468FBE9D129BD70D4FC1] - 3/8/2010 - 8:21:06 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
O44 - LFC:[MD5.DAFA2DD712A5AD6587D966730472A5AB] - 3/8/2010 - 8:26:20 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\setupapi.log
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/9/2010 - 1:14:32 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\SchedLgU.Txt
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 3/9/2010 - 7:33:01 AM -S-A- . (.Unknown owner - No comment.) -- C:\WINDOWS\bootstat.dat
O44 - LFC:[MD5.0CA450E13C51A7E158DBE465C514B8FE] - 3/9/2010 - 7:33:03 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\System32\wpa.dbl
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/9/2010 - 7:33:05 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\0.log
O44 - LFC:[MD5.06A6A9F378909343AB85828F29DFDB61] - 3/9/2010 - 7:35:04 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\WirelessCard.INI
O44 - LFC:[MD5.00000000000000000000000000000000] - 3/9/2010 - 7:38:52 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\WindowsUpdate.log
O44 - LFC:[MD5.0046EAF9EDAF89FE17DFE4BD73160D06] - 3/9/2010 - 8:03:31 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\flowstatics.db
O44 - LFC:[MD5.19985FD68818269FC959EC75FC51A810] - 3/9/2010 - 8:03:32 AM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\ModemLog_Basecom HS-USB Modem 9000.txt


---\\ Last files created in Windows Prefetcher (O45)
[MD5.D4B9254B11ADFDD25537760A5D8ABC27] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IKERNEL.EXE-078AA887.pf
[MD5.B3171BA53BB2CA6935685F48D6798E3C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf
[MD5.62E5528419DACD1239A60EC47F9C2D1C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SHMGRATE.EXE-1BA69E68.pf
[MD5.822959D28AD07E5C0FFD80EE24AF9376] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\AGENT.EXE-10B4BAEA.pf
[MD5.1D60B2ACBC0E03F33B8FCE3957580FA2] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf
[MD5.232BB4009EA8A2A43063D475F9DF9CC1] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\UNREGMP2.EXE-07CACB61.pf
[MD5.0D493B64E14796FE5861BD69D0B2C739] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\POWERDVD.EXE-13FC7432.pf
[MD5.92692D930F3610001BDD5B851352ED71] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-28A2E6E6.pf
[MD5.C5FA145A344874F21A2F2D5ACAE266AE] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-47DBD4DB.pf
[MD5.59CD7D99DFD614CB4ECD135EA11A254B] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-17AE8FEA.pf
[MD5.C9685A0682AE03F6B85BC0ED86F04F0C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4176E9B5.pf
[MD5.DCCD9C542A683ED34C85BB9DCE870F42] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-477D5839.pf
[MD5.49E276BB58ACC2141277EBDAF05B0957] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf
[MD5.BB50B8BFE31ACDB3A797684D9DFE1841] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SETUP.DAT-02405359.pf
[MD5.81C4D17A4F9C91AD3A3C2A2129D207E6] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SETUP_.EXE-15A83EA9.pf
[MD5.2D53C4F332B14150C5FD82D096A972D1] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-14EC1EE8.pf
[MD5.379B8F8040768900B7C9C21831B80C9F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C703AED.pf
[MD5.E46336A2102D55F047EA9CD3F711EAB3] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4ABAF25B.pf
[MD5.8227BA66A9C6B54628E163FA486BB949] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1449EFD1.pf
[MD5.B0FD7EDAB4B8B5A44458E8639D8EC674] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C980510.pf
[MD5.B4BAE4642C5AE752DA4FCA0A46C2FC40] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-20056AF4.pf
[MD5.47FFB7E8456C58AE8DE05881F5A7F8E3] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2586AB1A.pf
[MD5.C38356CE7A85304A1005B9D1CDD9C55F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-285569AC.pf
[MD5.9D22229F237CB3321E0418B48EA266A2] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2855CE4C.pf
[MD5.0F15138150193E564B1FD3A6D8664FC2] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-29F0DE28.pf
[MD5.E683E6094F6DABBDC973CF3297E9BD40] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A0DDD9A.pf
[MD5.49E1E1A1E39FDD77B19B189F005A3B44] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2B8B23D4.pf
[MD5.301ABD90B27AB3461252ADD382999E35] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2FF556E2.pf
[MD5.179EB0C1147A2CB805D4E98B79232774] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-36A962EB.pf
[MD5.021A1E41B363565DC560AA3406CBE721] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-3775BF93.pf
[MD5.570558EC381446652936F0318D6C1F73] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A47DF99.pf
[MD5.BF17E6EECFB5C34A34B114DAFB340A2B] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A250B28.pf
[MD5.E0F708C3C032ACB5B7B83D47D2D8B349] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1586E753.pf
[MD5.82298E2A88C8FF356C0277540CF6F46E] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1655DF58.pf
[MD5.6D56FB083508365592F93D0E54DD23AF] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-330B8C85.pf
[MD5.9A62DCBF3DD50822AB0CE0552D2FF640] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-437C3A1D.pf
[MD5.56F45F6E94C14FA55EED2D7E82983317] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-3942C946.pf
[MD5.42108F02628DAD7E88674871300604EF] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\FIREFOX SETUP 3.6.EXE-0E6C6582.pf
[MD5.57CA4685ECAFD65FDF695CECBE70C4CD] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SETUP.EXE-3A2A2A9E.pf
[MD5.D86CD9753C87DDFF3F30F281EEC1385B] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-34304B04.pf
[MD5.137A1CD28D028BE8F40F0AB50E32595B] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9C.pf
[MD5.DA69D3F4CD551F849C1E13D330AB1CBA] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MSOOBE.EXE-30411B02.pf
[MD5.4A7D58C608B6A80290C68FAFFE47613F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
[MD5.9BC6F4D580CFB9362035D555FC845A84] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-149AF9A9.pf
[MD5.B2946D19AA8E98E7AB0D6941E91BA7EE] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MBAM-SETUP.TMP-03075876.pf
[MD5.2CE6595CAEEBF0CF476C576656AB1065] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA0.pf
[MD5.6082A02B0CEBF969A51E5B06C5D1C869] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IGFXEXT.EXE-20973E2B.pf
[MD5.B95113F821993DC2F6129A2F92F09605] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\Layout.ini
[MD5.08BA1C06BA94A9A51F450C7A02204233] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\NIRCMDC.CFXXE-1A395113.pf
[MD5.9E1CFE69D3F6CA0C80D131D3DE1230D3] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf
[MD5.CDCB461F6EDA82D3BD3BB33946CE108E] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
[MD5.657C9F267CE9D9FC8587F69B4ADB3ED9] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\FSEASYCLEAN.EXE-1C939454.pf
[MD5.BC7628703FAE96692391E0284C8967D3] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\FSREMOVAL.EXE-13EF949A.pf
[MD5.10613D10D0B0C7FC1F6149423335B62F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
[MD5.44E5BEC4AA6FB35A0958E8DBF620838A] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\HIDEC.EXE-3B166DB3.pf
[MD5.B28E75C6922E50EDE256F1BFA527C28D] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-0A31FE70.pf
[MD5.AA1CAA2C9FE1E7E95F1DB2FA3073DE24] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-12915967.pf
[MD5.D0E32A890BF185B41DB3799B68B26D42] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\N.PIF-1B75D06C.pf
[MD5.802C3501972473B248BD9304E4AF8FE7] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\PEV.EXE-2937A365.pf
[MD5.25EBA6E20029D4F22D13D34532FDE4EB] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\GRPCONV.EXE-111CD845.pf
[MD5.DB548D59C2D53B53EB98D94DB556B611] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1EE676D0.pf
[MD5.39BBDA2B6C4363C66FF09BFB9B22E820] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf
[MD5.654F55240505B4649BC167139F5697A6] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SWREG.EXE-0937BD77.pf
[MD5.28DA733E135D72349373B6D70EFE2997] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SWXCACLS.CFXXE-1ECB3953.pf
[MD5.D7F40004184667CCC54E3A36A65D3F43] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\NIRCMD.CFXXE-351E2F5E.pf
[MD5.FB54222B284D01C46EC2EDAE7192C361] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\COMBOFIX.EXE-255ED5CD.pf
[MD5.BD2E6410CBD1C0A059FC40935AA0EDAC] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\GSAR.CFXXE-064C1B3A.pf
[MD5.BCAD87389A84965F9B2F442CC41E8808] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\GREP.CFXXE-005CE245.pf
[MD5.FA8A621860BDF92D014C07A51779F1FD] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\PEV.CFXXE-3B65BD28.pf
[MD5.8359D221D3770077286C3E44294257F7] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SED.CFXXE-384BB311.pf
[MD5.4621D5B4C8A7747382CF662812E38662] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SWREG.CFXXE-16776A8B.pf
[MD5.66D4EA75425333EB4FF157D5E23AB69B] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\ATTRIB.CFXXE-18D70E5B.pf
[MD5.DAF34BFA7D21ABDA9C74EC7D68B6120D] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\CSCRIPT.CFXXE-2F5062B6.pf
[MD5.7DE34FFAB5E527D3D4ED27507B11ADB9] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\PV.CFXXE-38A0900B.pf
[MD5.7E39C46801F0FC418CAE52DE99538A0C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf
[MD5.88F4B6A96B6BF0082BFBC3BBD26E3D46] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\FP_PL_PFS_INSTALLER.EXE-1102FB5F.pf
[MD5.F50BABACD53D03DE956DCA3C41CEA7D9] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\CMD.CFXXE-12A6B182.pf
[MD5.72E8E46EB049353774E7B44C32599591] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
[MD5.71948C5F13506796DCF2DCF1079516A2] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\CHCP.COM-18156052.pf
[MD5.440F04BBFA8F575E448D315B9309A113] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
[MD5.3BB0DCC5F231132A3D8C3860E0DAF6D7] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
[MD5.96A33E67316296B6AD970FF7FE2BAF7C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1E085AAF.pf
[MD5.C1A09D25F055D3EE3BF9A9F218A9C740] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\BLUESOLEIL.EXE-1AFB79C2.pf
[MD5.A2151E8225DD826E81B444E366533B10] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\BLUESOLEIL__.EXE-1AE6C4E8.pf
[MD5.21BE6C194D0072498DDBA4E9810F3BD1] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\HID2HCI.EXE-13770EEC.pf
[MD5.1CC428EA718BCA579DB5A5E765B9AB4C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\BLUESOLEIL_.EXE-02510B01.pf
[MD5.A47A8847B3BAC42F5C16E75C4C5577C2] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\CC.EXE-1199A984.pf
[MD5.B5CA4052BD1922C1EE818A09D7FEBDA4] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\CC.TMP-0C9AA442.pf
[MD5.37EA77B1CF3CBE11D9BD5E0FF036CC94] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RKVERIFY.EXE-07FE2B59.pf
[MD5.B9F875D0BDF597DE8EDDCF61294919A2] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RKINSTALL.EXE-39EB6F6F.pf
[MD5.28930C27A1416507274C556791F4672E] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SMCINSTALL.EXE-0846F9AA.pf
[MD5.EDE6C1459BEF57DD4A1A8D5AF08D9C3B] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SMRTCO~1.EXE-376683EF.pf
[MD5.976BD3CE2BD69C1CCFD921E3EF940FD8] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\BHO_VCSOFTWARESACPRO.EXE-1EF00F36.pf
[MD5.6FBF3958365CEBDCE690768301D09D1F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\BHO_VCSOFTWARESACPRO.TMP-2D20E6BB.pf
[MD5.15C2775BB1913C4DBC20035E7412D684] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\COPY CAT 2.0.EXE-20FEAF69.pf
[MD5.E972059900EB7DD78585FC8CD4E82A7A] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SAUPDATE.EXE-01D42FCF.pf
[MD5.27E1EF3C12E8753D08BFCD78C8D6E119] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\UPDATETASK.EXE-154F922C.pf
[MD5.24C1B74DB0AEFBBBDB24B9ECA238149C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\QSSETUP.EXE-1C32AEF0.pf
[MD5.F3700457CEBFD848083B321AFA4B787D] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf
[MD5.345EE5ED6539C09FB0EED54F0D0CD7ED] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\UNINS000.EXE-1E4DEDE7.pf
[MD5.277C82087F4B24BA10C6F5CE170F3532] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
[MD5.C8CB45963D456207D7A833C7DD26092F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
[MD5.348B82B5438CC7A0320DB8C33EF90754] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MBAMGUI.EXE-1286D63B.pf
[MD5.8953B37D85B4AAB7B072F94A659627E7] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\UNINS000.EXE-15535578.pf
[MD5.9D6051D5D4D295B207C9AF43BE5B0315] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
[MD5.B54E514AC38B96AC9215774D19DD84BD] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\UNINS000.EXE-26CDEBA5.pf
[MD5.EBEA36A21300BFE396D8B9D62309B10D] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\_IU14D2N.TMP-229D3B9A.pf
[MD5.3827AC964E3B9E6899AD8CC24C3E6B1A] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
[MD5.2A2249F82ABF4D29C1A71A0B31566881] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\UNINSTAL.EXE-1CDF30BE.pf
[MD5.0880F267875F2816442B8C6606C2F1C6] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RLVKNLG.EXE-2A0A2C3D.pf
[MD5.C62C6AD2C7929B4734B9D5B4EB8343C5] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf
[MD5.B657E39923D844C6EF8F1E94A21F5022] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
[MD5.DBE0946FE4CF06172CAD018428055CAE] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MSI29.TMP-07FB35AF.pf
[MD5.651FBAF86ABCE7FBBCF3BC4383BBD59A] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MSI2F.TMP-39C87B51.pf
[MD5.BF886FAA8C1980D8EAF97D3ADAAC6AB6] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-193E3BA8.pf
[MD5.9CEFDD156CB3AC14DEE8316F08C25091] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WINDOWS-KB890830-V3.4.EXE-1FC7F6E8.pf
[MD5.21C74107299D510B989A4E82725B3143] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MRTSTUB.EXE-25E5C015.pf
[MD5.16E73D677D0B255A179F8EB4DE7ABBB7] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\MRT.EXE-1B4A8D49.pf
[MD5.D5CC1D419A7A8544E9BC651D9EA7F7CE] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
[MD5.F3BFBF50A330B9AB92D766E4E7FB56C8] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
[MD5.039F6EE8297D8A324C9BD7BB939AE0D6] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
[MD5.4D6A210E3256BC53E57DEBD5E322D61F] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf
[MD5.D293404D92263A7F76FBA888C9B5F428] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
[MD5.A822D2073D4BA4CE543DE5CB56354D9C] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
[MD5.558B2C793216279908BFB2C6AF991758] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf
[MD5.98C60B175447EB12ED334D22B34686F6] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WPABALN.EXE-18F87702.pf
[MD5.5B39DF00E57872C70F5B52A8B93C21E0] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
[MD5.C8454E89824339205932B081FF534644] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf
[MD5.1538CAAE14B6C5F06F8B4AD853DCCC30] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\WIRELESSCARD.EXE-26C4AAEF.pf
[MD5.36497DCF89392A8B71F6228A9696443D] - (.Unknown owner - No comment.) -- C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf


---\\ Operations and functions at Windows Explorer startup (O46)


---\\ Image File Execution Options (IFEO) (O50)


---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.852A1BD08E7DFEB9E30B5440881C0501] - 5/11/2007 - 3:10:50 AM ---A- . (.IVT Corporation. - Bluelet Audio Driver.) -- C:\WINDOWS\system32\drivers\blueletaudio.sys
O58 - SDL:[MD5.8FC27B12A02B43947787F0EF1885DF9B] - 3/5/2007 - 6:00:04 AM ---A- . (.IVT Corporation. - Bluelet Audio Driver.) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys
O58 - SDL:[MD5.B9DAEC1D8A8A65740C222419C8D808FE] - 1/23/2008 - 5:08:58 PM ---A- . (.Qualcomm Inc. - USB/Serial Device Driver.) -- C:\WINDOWS\system32\drivers\bsusbser.sys
O58 - SDL:[MD5.DA473D279420234170DA795F1CAD4479] - 5/9/2007 - 1:59:40 AM ---A- . (.IVT Corporation. - Bluetooth USB Device Driver.) -- C:\WINDOWS\system32\drivers\btcusb.sys
O58 - SDL:[MD5.DFCA4FE4C8AEC786B4D0F432EB730F48] - 3/5/2007 - 5:56:18 AM ---A- . (.IVT Corporation. - Bluetooth HID Manager Device Driver.) -- C:\WINDOWS\system32\drivers\BTHidMgr.sys
O58 - SDL:[MD5.C5CCE2B26F73F8CF7F3C82159E79AA08] - 3/5/2007 - 5:59:04 AM ---A- . (.IVT Corporation. - Bluetooth PAN Network Adapter Driver.) -- C:\WINDOWS\system32\drivers\btnetdrv.sys
O58 - SDL:[MD5.4F26303BECBB7CC5CA8FF39593124CF2] - 11/21/2006 - 10:41:18 PM ---A- . (.IVT Corporation. - Bluetooth Network Filter Driver.) -- C:\WINDOWS\system32\drivers\BTNetFilter.sys
O58 - SDL:[MD5.B562592B7F5759C99E179CA467ECFB4C] - 4/14/2008 - 5:30:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 4/14/2008 - 5:30:00 PM ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
O58 - SDL:[MD5.34AAA3B298A852B3663E6E0D94D12945] - 1/16/2008 - 6:42:20 AM R--A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver.) -- C:\WINDOWS\system32\drivers\e1e5132.sys
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 4/14/2008 - 5:30:00 PM ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
O58 - SDL:[MD5.C865D1F6D03595DF213DC3C67E4E4C58] - 5/11/2007 - 7:00:14 PM ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\WINDOWS\system32\drivers\HECI.sys
O58 - SDL:[MD5.DDFCCFF7DC5770B3536427A42A25DE71] - 1/16/2008 - 6:41:30 AM ---A- . (.Intel Corporation - NDIS 5.1 Advanced Networking Services..) -- C:\WINDOWS\system32\drivers\ianswxp.sys
O58 - SDL:[MD5.C4018896856A1A1F1F3A0A6EE7206551] - 1/16/2008 - 6:42:50 AM R--A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\drivers\igxpmp32.sys
O58 - SDL:[MD5.8E7726BA6E6C4CD81BAA6C8D8C0099F3] - 3/9/2007 - 5:04:42 PM ---A- . (.Intel Corporation - Intel(R) Network Adapter Diagnostic Driver.) -- C:\WINDOWS\system32\drivers\iqvw32.sys
O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 4/14/2008 - 5:30:00 PM ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys
O58 - SDL:[MD5.8DB0DBDEC7880E81B73B8E7E8E9A666A] - 4/28/2003 - 10:31:18 AM ---A- . (.OEM - OX16C95x Serial Device Driver.) -- C:\WINDOWS\system32\drivers\OXSER.SYS
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 4/14/2008 - 5:30:00 PM ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys
O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 4/14/2008 - 5:30:00 PM ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys
O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 4/14/2008 - 5:30:00 PM ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys
O58 - SDL:[MD5.B1A809E7FE19BECD5ACA61F0E7088C8C] - 1/16/2008 - 6:40:51 AM R---- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 4/14/2008 - 5:30:00 PM ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys
O58 - SDL:[MD5.F6ACD9575B5D77673B979BB46FF6A837] - 2/10/2004 - 10:29:34 PM ---A- . (.Socket Communications, Inc. - WDM serial port device driver.) -- C:\WINDOWS\system32\drivers\Sio9502k.sys
O58 - SDL:[MD5.42A39AA7ED51616E36ADB5ABDDF8349B] - 3/22/2004 - 7:26:22 PM ---A- . (.Socket Communications, Inc. - WDM serial port device driver.) -- C:\WINDOWS\system32\drivers\SktBt2k.sys
O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 4/14/2008 - 5:30:00 PM ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
O58 - SDL:[MD5.CE643D0918123D76A5CAAB008FCA9663] - 3/5/2007 - 5:55:12 AM ---A- . (.IVT Corporation. - Bluetooth HID Enumerator Driver.) -- C:\WINDOWS\system32\drivers\vbtenum.sys
O58 - SDL:[MD5.51750B0539986186C6931FC40D171521] - 3/5/2007 - 5:52:18 AM ---A- . (.IVT Corporation. - Bluetooth Serial Port Driver.) -- C:\WINDOWS\system32\drivers\VComm.sys
O58 - SDL:[MD5.6D9C891C0A761AFED1F3609C2E56F2B9] - 3/5/2007 - 5:53:18 AM ---A- . (.IVT Corporation. - Bluetooth VcommMgr Driver.) -- C:\WINDOWS\system32\drivers\VcommMgr.sys
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 4/14/2008 - 5:30:00 PM ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
O58 - SDL:[MD5.B2A7F67DF95E5FFF5129734F854B7705] - 3/5/2007 - 5:57:14 AM ---A- . (.IVT Corporation. - Bluetooth HID Mini driver.) -- C:\WINDOWS\system32\drivers\VHIDMini.sys
O58 - SDL:[MD5.85C3BAA151A6118B24D7701DDFC2D1EB] - 7/3/2003 - 11:58:34 AM ---A- . (.National Semiconductor Sweden AB - wssbt.) -- C:\WINDOWS\system32\drivers\wssbtr1f.sys
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\ansi.sys
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\country.sys
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\himem.sys
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\key01.sys
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\keyboard.sys
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\ntdos.sys
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\ntdos404.sys
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\ntdos411.sys
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 4/14/2008 - 5:30:00 PM ---A- . (.Unknown owner - No comment.) -- C:\WINDOWS\system32\ntdos412.sys
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 4/14/2008 - 5:30:00 PM ---A- . (.U
vikas651 9 Posts Saturday March 6, 2010Registration date March 10, 2010 Last seen - Mar 10, 2010 at 08:40 AM
0
Thank you
hello sir,
please tell me ur opinion about this case as soon as possible.Congratulations to you for ur great work.i want to know all about this case.How did you succeed.
thanks...thanks....a lot of thanks...