DDS (Ver_10-03-17.01) - NTFSx86 Run by 1505hvmo at 21:08:59,87 on 19.09.2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1976.1234 [GMT 2:00] AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {C24317C3-EF42-4BD3-B9F6-926FE54E7D8D} AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {2045E3EF-E5E7-488B-AC43-2B179BB14050} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\LightScribe\LightScribeControlPanel.exe C:\Documents and Settings\1505hvmo\Lokale innstillinger\Programdata\Skype\Phone\Skype.exe C:\Programfiler\DataStudio\PASPortal.exe C:\Documents and Settings\1505hvmo\Lokale innstillinger\Programdata\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\1505hvmo\Skrivebord\Spotify\spotify.exe svchost.exe svchost.exe svchost.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\1505hvmo\Skrivebord\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/calendar/render?gsessionid=B78NsKokGpoQtiMDF4UFsA uWindow Title = Windows Internet Explorer provided by IKT avd. ved Sandefjord VGS uDefault_Page_URL = hxxp://svgs.vfk.no mStart Page = hxxp://svgs.vfk.no uInternet Settings,ProxyOverride = mWinlogon: System=c:\programfiler\novell\zenworks\bin\preboot\ZISWIN.exe BHO: lsk_WebBlk Class: {1935e690-1ac1-4aa5-ba23-3d9d0ceb3a00} - c:\windows\system32\Lsk_iBlk.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\programfiler\microsoft office\office12\GrooveShellExtensions.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programfiler\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programfiler\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: ClueIEAddin: {c14aa221-bae1-45f6-b0b3-90c23f2daa7d} - c:\programfiler\clue\adxloader.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [LightScribe Control Panel] c:\programfiler\fellesfiler\lightscribe\LightScribeControlPanel.exe -hidden uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "e:\windows live\messenger\msnmsgr.exe" /background uRun: [Skype] "c:\documents and settings\1505hvmo\lokale innstillinger\programdata\skype\\phone\Skype.exe" /nosplash /minimized uRun: [QuickTime Task] "c:\programfiler\quicktime\QTTask.exe" -atboottime uRun: [MSMSGS] "c:\programfiler\messenger\msmsgs.exe" /background uRun: [Wgaruy] rundll32.exe "c:\documents and settings\1505hvmo\lokale innstillinger\programdata\wsxMPr.dll",Startup mRun: [OfficeScanNT Monitor] "c:\programfiler\trend micro\officescan client\pccntmon.exe" -HideWindow mRun: [WatchDog] c:\programfiler\intervideo\dvd check\DVDCheck.exe mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\programfiler\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\dvdche~1.lnk - c:\programfiler\intervideo\dvd check\DVDCheck.exe StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\paspor~1.lnk - c:\windows\installer\{7ac82557-3e93-4896-83e0-6bcc1a869f98}\NewShortcut1.exe uPolicies-explorer: NoToolbarCustomize = 1 (0x1) uPolicies-explorer: NoBandCustomize = 1 (0x1) uPolicies-explorer: NoNetConnectDisconnect = 1 (0x1) uPolicies-explorer: NoSimpleStartMenu = 1 (0x1) uPolicies-explorer: NoSMBalloonTip = 1 (0x1) uPolicies-explorer: NoWindowsUpdate = 1 (0x1) uPolicies-explorer: NoRun = 1 (0x1) uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1) uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1) uPolicies-explorer: NoChangeStartMenu = 1 (0x1) uPolicies-explorer: NoSetTaskbar = 1 (0x1) uPolicies-explorer: NoTaskGrouping = 1 (0x1) uPolicies-explorer: NoToolbarsOnTaskbar = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1) uPolicies-explorer: NoPropertiesMyDocuments = 1 (0x1) uPolicies-explorer: NoPropertiesMyComputer = 1 (0x1) uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) uPolicies-explorer: DisablePersonalDirChange = 1 (0x1) uPolicies-explorer: NoCloseDragDropBands = 1 (0x1) uPolicies-explorer: NoMovingBands = 1 (0x1) uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-explorer: NoPublishingWizard = 1 (0x1) uPolicies-explorer: NoWebServices = 1 (0x1) uPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1) uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) uPolicies-explorer: RestrictCpl = 1 (0x1) uPolicies-system: NoDispBackgroundPage = 1 (0x1) uPolicies-system: NoDispAppearancePage = 1 (0x1) uPolicies-system: Wallpaper = c:\windows\svgsbakgrunn.bmp uPolicies-system: WallpaperStyle = 2 uPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-system: CompatibleRUPSecurity = 1 (0x1) IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programfiler\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: DirectEdit - hxxps://vfk.itslearning.com/file/DirectEdit.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263469359906 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263469353156 DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\programfiler\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programfiler\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\docume~1\1505hvmo\lokale~1\progra~1\skype\shared\SKYPE4~1.DLL Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\programfiler\actividentity\activclient\acunlock.dll Notify: igfxcui - igfxdev.dll Notify: LCredMgr - c:\programfiler\novell\casa\bin\lcredmgr.dll Notify: nzrNotifier - nzrNotifier.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\programfiler\microsoft office\office12\GrooveShellExtensions.dll SEH: ZENworks Adaptive Agent: {763370c4-268e-4308-a60c-d8da0342be32} - c:\programfiler\novell\zenworks\bin\NalShell.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\programfiler\fellesfiler\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\1505hvmo\progra~1\mozilla\firefox\profiles\lztw8yf6.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\programfiler\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\programfiler\google\google updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\programfiler\google\update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\programfiler\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programfiler\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\programfiler\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\programfiler\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\programfiler\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programfiler\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programfiler\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programfiler\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\programfiler\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\programfiler\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programfiler\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programfiler\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programfiler\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programfiler\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\programfiler\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programfiler\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\programfiler\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programfiler\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programfiler\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-8-18 24064] R2 accoca;ActivClient Middleware Service;c:\programfiler\actividentity\activclient\accoca.exe [2007-5-15 182576] R2 LanSchoolStudent;LanSchool Student Service;c:\programfiler\lanschool\student.exe [2010-7-6 1054000] R2 Novell Identity Store;Novell Identity Store;c:\programfiler\novell\casa\bin\micasad.exe [2009-6-24 245760] R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\programfiler\novell\zenworks\bin\ZenworksWindowsService.exe [2009-11-26 28672] R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\programfiler\novell\zenworks\bin\nzrwinvnc.exe -service --> c:\programfiler\novell\zenworks\bin\nzrWinVNC.exe -service [?] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-8-17 50192] R2 TmFilter;Trend Micro Filter;c:\programfiler\trend micro\officescan client\TmXPFlt.sys [2009-5-22 225296] R2 TmPreFilter;Trend Micro PreFilter;c:\programfiler\trend micro\officescan client\tmpreflt.sys [2009-5-22 36368] R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2009-8-13 9176] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-4-7 31896] R3 tmcfw;tmcfw;c:\windows\system32\drivers\TM_CFW.sys [2009-2-23 338960] R3 TmPfw;OfficeScan NT Firewall;c:\programfiler\trend micro\officescan client\TmPfw.exe [2009-2-23 488768] S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2008-8-3 10880] S2 gupdate1c9ec307e332d60;Googles oppdateringstjeneste (gupdate1c9ec307e332d60);c:\programfiler\google\update\GoogleUpdate.exe [2009-6-13 133104] S3 Com4QLBEx;Com4QLBEx;c:\programfiler\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-8-18 193840] S3 RoxMediaDB10;RoxMediaDB10;c:\programfiler\fellesfiler\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560] S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-6-21 56448] S3 TmProxy;OfficeScan NT Proxy Service;c:\programfiler\trend micro\officescan client\TmProxy.exe [2009-2-23 652552] S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2009-8-13 188416] =============== Created Last 30 ================ 2010-09-19 17:16:02 77312 ----a-w- c:\windows\MBR.exe 2010-09-19 17:16:00 256512 ----a-w- c:\windows\PEV.exe 2010-09-19 17:16:00 161792 ----a-w- c:\windows\SWREG.exe 2010-09-19 17:15:59 98816 ----a-w- c:\windows\sed.exe 2010-09-19 16:22:30 0 d-----w- c:\docume~1\1505hvmo\progra~1\AnVi 2010-09-05 16:28:06 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-09-05 16:28:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2010-08-25 11:51:55 0 d-----w- c:\docume~1\1505hvmo\progra~1\Malwarebytes 2010-08-21 22:34:43 0 d-----w- c:\windows\system32\Fonts 2010-08-21 17:39:17 0 d-sha-r- C:\cmdcons 2010-08-21 13:26:26 0 d-----w- c:\docume~1\alluse~1\progra~1\Spybot - Search & Destroy 2010-08-21 08:08:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-21 08:07:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-21 08:07:59 0 d-----w- c:\docume~1\alluse~1\progra~1\Malwarebytes 2010-08-21 08:07:58 0 d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-08-20 21:54:09 175 ----a-w- c:\documents and settings\1505hvmo\.com.zerog.registry.xml 2010-08-20 21:53:38 0 d--h--w- c:\documents and settings\1505hvmo\InstallAnywhere 2010-08-20 21:50:17 0 d-----w- c:\docume~1\1505hvmo\progra~1\BitTorrent 2010-08-20 19:52:08 0 d-----w- c:\windows\system32\wbem\Repository 2010-08-20 19:28:02 5 ----a-w- C:\zrpt.xml ==================== Find3M ==================== 2010-09-15 20:14:24 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-20 19:27:52 210816 ----a-w- c:\windows\system32\drivers\ndis.sys 2010-07-27 11:04:58 84518 ----a-w- c:\windows\system32\perfc014.dat 2010-07-27 11:04:58 457746 ----a-w- c:\windows\system32\perfh014.dat 2010-07-06 09:04:14 61232 ----a-w- c:\windows\system32\lskhook64.dll 2010-07-06 09:04:12 75056 ----a-w- c:\windows\system32\lskhook.dll 2009-06-01 17:19:08 6253 ----a-w- c:\programfiler\eula.rtf ============= FINISH: 21:09:21,32 ===============