Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with virus: dsca.exe application error on startup


  • This topic is locked This topic is locked
31 replies to this topic

#16 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 13 April 2009 - 03:17 AM

It depends on when the Backdoor arrived at the system. If it is really after the date you have restored the system to, then it is safe.

Edited by farbar, 13 April 2009 - 03:18 AM.


BC AdBot (Login to Remove)

 


#17 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 13 April 2009 - 11:05 AM

Is there any way to tell if the trojan is really gone, or any signs to look for that it is still present?

#18 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 13 April 2009 - 12:05 PM

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of Files/Folders created to 3 Months.
    • Click Continue at the disclaimer screen.
    • Once it has finished please post the contents of just log.txt


#19 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 13 April 2009 - 04:26 PM

My computer is still infected... Kaspersky finished, but RSIT encountered the same error as before.

When it is 'Performing Registry Dump' the following error pop-ups on the screen:

AutoIt Error

Line -1:
Error: Subscript used with non-Array variable



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, April 13, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, April 13, 2009 20:46:29
Records in database: 2041343
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 146605
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:55:53


File name / Threat name / Threats count
C:\Users\Kyle\AppData\Local\Temp\wJQs.exe Infected: Trojan-Spy.Win32.Zbot.kdp 1
C:\Windows\Temp\1347091011.exe Infected: Virus.Win32.Virut.ce 1
C:\Windows\Temp\3084961779.exe Infected: Virus.Win32.Virut.ce 1
C:\Windows\Temp\3285536083.exe Infected: Virus.Win32.Virut.ce 1
C:\Windows\Temp\68547747.exe Infected: Virus.Win32.Virut.ce 1
C:\Windows\Temp\w1w1.exe Infected: Trojan.Win32.Agent2.hsk 1

The selected area was scanned.

#20 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 13 April 2009 - 04:49 PM

I'm afraid I've got bad news again.

Your computer is infected with a nasty type of backdoor (Trojan Win32/Z-Bot) which is known to be a killer of OS.

See also this: When a Bot master goes mad - Kill the OS

That might be the reason your system is infected with one of the nastiest file infectors:

Virut is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously. The only symptoms are a strange HDD activity while infecting, and also unwanted TCP traffic. Virut tries to connect you into an IRC network under the user name "Virtu" and zombify you. Unfortunately, the cleaning of this virus is very difficult or almost impossible.

http://www.ca.com/us/securityadvisor/virus...s.aspx?id=55141

The virus remains resident in memory and infects executable files with ".EXE" and ".SCR" file extensions.


It's damage to the system is almost beyond repair as it disables Windows File Protection:

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.


http://www.ca.com/us/securityadvisor/virus...s.aspx?id=55141

Therefore all those running processes are most probably now the virus agent.

There is a claim by Grisoft that the following tool can remove the infection:

http://www.softpedia.com/get/Antivirus/Win...t-Remover.shtml

This claim is hard to believe. Not only almost all the running processes are infected but also their copy in i386 folder and in the dll cache are patched.

Therefore the only fast and safe answer to the virus is reformatting and reinstalling windows. You may backup non-executable (data) files and reformat the entire hard drive.

#21 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 13 April 2009 - 05:03 PM

I am going to go ahead and reformat and reinstall my OS. My owner's manual suggests to use a utility called 'dell factory restore' which restores the hard drive back to its original factory configuration as when I first ordered from Dell. It says that his process will reformat the hard drive and restore the system software to the factory condition. Is this what I should use to reformat my hard drive?

#22 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 13 April 2009 - 05:13 PM

Please read post # 10. If you have still any question I would be glad to answer it.

It is too late over here and tomorrow is a long working day for me. I'll see you post tomorrow.

#23 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 14 April 2009 - 07:34 PM

I have reformatted my hard drive. When I asked the previous how I could check to see if the trojan was removed, you said to run Kaspersky and RSIT, I have done both and will post the logs below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 14, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 15, 2009 00:00:25
Records in database: 2044611
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 106020
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:43:33

No malware has been detected. The scan area is clean.

The selected area was scanned.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Kyle at 2009-04-14 19:29:54
Microsoft® Windows Vista™ Home Premium
System drive C: has 24 GB (13%) free of 178 GB
Total RAM: 3069 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:17 PM, on 4/14/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Kyle\Program Files\DNA\btdna.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Users\Kyle\Desktop\RSIT.exe
C:\Program Files\trend micro\Kyle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Kyle\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [weligosimu] Rundll32.exe "C:\ProgramData\kahowuhi\kahowuhi.dll",s
O4 - HKCU\..\Run: [7ece93aa] rundll32.exe "C:\ProgramData\dehaziku\dehaziku.dll",b
O4 - HKCU\..\Run: [CPM7dfda036] Rundll32.exe "C:\ProgramData\botireyo\botireyo.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10417 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-12-26 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-26 2554680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-12-26 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-26 2554680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-27 1006264]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-07 159744]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-28 36864]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-28 405504]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Users\Kyle\Program Files\DNA\btdna.exe [2009-04-14 321344]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-13 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"weligosimu"=C:\ProgramData\kahowuhi\kahowuhi.dll [2009-01-14 69632]
"7ece93aa"=C:\ProgramData\dehaziku\dehaziku.dll [2009-04-14 101888]
"CPM7dfda036"=C:\ProgramData\botireyo\botireyo.dll [2009-04-14 109056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-17 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03a717e6-288c-11de-8202-001dd9e8a260}]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 3 months======

2009-04-14 19:29:55 ----D---- C:\Program Files\trend micro
2009-04-14 19:29:54 ----D---- C:\rsit
2009-04-14 19:25:31 ----D---- C:\ProgramData\nekularu
2009-04-14 19:25:31 ----D---- C:\ProgramData\dehaziku
2009-04-14 19:25:31 ----D---- C:\ProgramData\botireyo
2009-04-14 19:20:29 ----D---- C:\ProgramData\rugawaba
2009-04-14 19:20:28 ----D---- C:\ProgramData\wumoyuvo
2009-04-14 19:20:28 ----D---- C:\ProgramData\kahowuhi
2009-04-14 17:26:09 ----D---- C:\Windows\Sun
2009-04-14 16:53:42 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-14 16:49:02 ----D---- C:\Users\Kyle\AppData\Roaming\vlc
2009-04-14 16:47:40 ----D---- C:\Program Files\VideoLAN
2009-04-14 16:43:09 ----D---- C:\Users\Kyle\AppData\Roaming\DivX
2009-04-14 16:42:01 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-04-14 16:41:50 ----D---- C:\Program Files\DivX
2009-04-14 16:26:48 ----D---- C:\Windows\pss
2009-04-14 16:22:49 ----D---- C:\Program Files\CCleaner
2009-04-14 16:20:36 ----D---- C:\Program Files\DVDFab 5
2009-04-14 16:15:45 ----A---- C:\Users\Kyle\AppData\Roaming\inst.exe
2009-04-14 16:15:44 ----D---- C:\Users\Kyle\AppData\Roaming\Vso
2009-04-14 16:15:40 ----A---- C:\Windows\system32\sipr3260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\Pncrt.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv43260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv33260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv23260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\cook3260.dll
2009-04-14 16:15:39 ----A---- C:\Windows\system32\wvc1dmod.dll
2009-04-14 16:15:39 ----A---- C:\Windows\system32\vp7vfw.dll
2009-04-14 16:15:37 ----D---- C:\Program Files\VSO
2009-04-14 16:09:35 ----D---- C:\Program Files\PowerISO
2009-04-14 16:08:52 ----D---- C:\Users\Kyle\AppData\Roaming\WinRAR
2009-04-14 16:08:09 ----D---- C:\Program Files\WinRAR
2009-04-14 16:07:58 ----D---- C:\Users\Kyle\AppData\Roaming\AdobeUM
2009-04-14 15:58:16 ----D---- C:\Program Files\BitPim
2009-04-14 15:53:57 ----D---- C:\Users\Kyle\AppData\Roaming\BitTorrent
2009-04-14 15:43:43 ----D---- C:\Users\Kyle\AppData\Roaming\Skype
2009-04-14 15:43:28 ----RD---- C:\Program Files\Skype
2009-04-14 15:43:23 ----D---- C:\ProgramData\Skype
2009-04-14 15:37:46 ----D---- C:\Program Files\Paint.NET
2009-04-14 12:33:28 ----D---- C:\Users\Kyle\AppData\Roaming\Intel
2009-04-14 09:24:11 ----D---- C:\Users\Kyle\AppData\Roaming\Stardock
2009-04-14 09:24:01 ----HDC---- C:\ProgramData\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-04-14 09:23:56 ----D---- C:\ProgramData\Stardock
2009-04-14 09:23:56 ----D---- C:\Program Files\Stardock
2009-04-14 00:34:22 ----A---- C:\Windows\system32\es.dll
2009-04-13 23:40:32 ----D---- C:\Users\Kyle\AppData\Roaming\DNA
2009-04-13 23:40:32 ----D---- C:\Program Files\DNA
2009-04-13 23:40:29 ----D---- C:\Program Files\BitTorrent
2009-04-13 23:08:05 ----D---- C:\Users\Kyle\AppData\Roaming\Apple Computer
2009-04-13 23:07:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-13 23:07:56 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-13 23:07:28 ----D---- C:\Program Files\iPod
2009-04-13 23:07:27 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 23:07:27 ----D---- C:\Program Files\iTunes
2009-04-13 23:07:05 ----D---- C:\Program Files\Bonjour
2009-04-13 23:06:14 ----D---- C:\Program Files\QuickTime
2009-04-13 23:06:13 ----D---- C:\ProgramData\Apple Computer
2009-04-13 23:05:56 ----D---- C:\Program Files\Apple Software Update
2009-04-13 23:04:58 ----D---- C:\ProgramData\Apple
2009-04-13 23:04:58 ----D---- C:\Program Files\Common Files\Apple
2009-04-13 20:14:13 ----D---- C:\Program Files\Microsoft Works
2009-04-13 20:13:57 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-13 20:13:57 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-13 20:13:33 ----D---- C:\Windows\PCHEALTH
2009-04-13 20:13:33 ----D---- C:\Program Files\Microsoft.NET
2009-04-13 20:10:40 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-04-13 20:09:52 ----D---- C:\ProgramData\Microsoft Help
2009-04-13 20:09:52 ----D---- C:\Program Files\Microsoft Office
2009-04-13 20:09:20 ----RHD---- C:\MSOCache
2009-04-13 19:43:45 ----D---- C:\Users\Kyle\AppData\Roaming\Adobe
2009-04-13 19:24:47 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\winipsec.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\polstore.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-04-13 19:22:59 ----A---- C:\Windows\system32\wtsapi32.dll
2009-04-13 19:22:56 ----A---- C:\Windows\system32\sysmain.dll
2009-04-13 19:22:55 ----A---- C:\Windows\system32\wlanapi.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlansvc.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlansec.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlanmsm.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlanhlp.dll
2009-04-13 19:22:02 ----A---- C:\Windows\system32\WebClnt.dll
2009-04-13 19:20:50 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-13 19:20:50 ----A---- C:\Windows\system32\advpack.dll
2009-04-13 19:20:49 ----A---- C:\Windows\system32\wininet.dll
2009-04-13 19:20:49 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-13 19:20:49 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-13 19:20:49 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-13 19:20:48 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-13 19:20:48 ----A---- C:\Windows\system32\ieui.dll
2009-04-13 19:20:47 ----A---- C:\Windows\system32\ieframe.dll
2009-04-13 19:20:46 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-13 19:20:46 ----A---- C:\Windows\system32\mshtml.dll
2009-04-13 19:20:44 ----A---- C:\Windows\system32\mstime.dll
2009-04-13 19:20:44 ----A---- C:\Windows\system32\icardie.dll
2009-04-13 19:20:42 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-13 19:20:41 ----A---- C:\Windows\system32\urlmon.dll
2009-04-13 19:20:41 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-13 19:20:41 ----A---- C:\Windows\system32\iertutil.dll
2009-04-13 19:20:40 ----A---- C:\Windows\system32\iesetup.dll
2009-04-13 19:20:40 ----A---- C:\Windows\system32\iernonce.dll
2009-04-13 19:20:40 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-13 19:18:42 ----A---- C:\Windows\system32\gdi32.dll
2009-04-13 19:16:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-04-13 19:16:31 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-04-13 19:16:31 ----A---- C:\Windows\system32\gameux.dll
2009-04-13 19:15:43 ----A---- C:\Windows\system32\wmpeffects.dll
2009-04-13 19:14:58 ----A---- C:\Windows\system32\msxml3r.dll
2009-04-13 19:14:58 ----A---- C:\Windows\system32\msxml3.dll
2009-04-13 19:13:11 ----A---- C:\Windows\system32\netapi32.dll
2009-04-13 19:12:26 ----A---- C:\Windows\system32\tzres.dll
2009-04-13 19:09:20 ----A---- C:\Windows\system32\mcmde.dll
2009-04-13 19:09:20 ----A---- C:\Windows\system32\EncDec.dll
2009-04-13 19:09:19 ----A---- C:\Windows\system32\psisdecd.dll
2009-04-13 19:08:26 ----A---- C:\Windows\system32\wmploc.DLL
2009-04-13 19:08:25 ----A---- C:\Windows\system32\wmp.dll
2009-04-13 19:08:25 ----A---- C:\Windows\system32\spwmp.dll
2009-04-13 19:08:25 ----A---- C:\Windows\system32\dxmasf.dll
2009-04-13 19:07:11 ----A---- C:\Windows\system32\shell32.dll
2009-04-13 19:05:00 ----A---- C:\Windows\explorer.exe
2009-04-13 19:03:44 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-04-13 19:03:44 ----A---- C:\Windows\system32\netiougc.exe
2009-04-13 19:03:44 ----A---- C:\Windows\system32\netcfg.exe
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-04-13 19:02:44 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-04-13 19:02:44 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-04-13 19:02:42 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-04-13 19:02:42 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-04-13 19:02:38 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-04-13 19:02:38 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsData0046.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsData0045.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0049.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0047.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0039.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0022.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0021.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0020.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0027.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0026.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0024.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0011.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0010.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0019.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0018.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0013.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0003.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0002.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0001.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0000.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData004b.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData004a.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData0009.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData0007.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData004e.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData004c.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData003e.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData002a.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData001b.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData001a.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData001d.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000d.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000c.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000a.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData0416.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData0414.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData000f.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData081a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData0816.dll
2009-04-13 19:00:56 ----A---- C:\Windows\system32\fsquirt.exe
2009-04-13 19:00:12 ----A---- C:\Windows\system32\setupapi.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srdelayed.exe
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srcore.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srclient.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\rstrui.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\wpd_ci.dll
2009-04-13 18:59:44 ----A---- C:\Windows\system32\winresume.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\winload.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\kd1394.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\drvinst.exe
2009-04-13 18:59:43 ----A---- C:\Windows\system32\ci.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\oleaut32.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\nshhttp.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\lodctr.exe
2009-04-13 18:59:42 ----A---- C:\Windows\system32\kbd106n.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\dpx.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\unlodctr.exe
2009-04-13 18:59:41 ----A---- C:\Windows\system32\schedsvc.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\prflbmsg.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\loadperf.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\dispci.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\batt.dll
2009-04-13 18:57:23 ----A---- C:\Windows\system32\LAPRXY.DLL
2009-04-13 18:57:23 ----A---- C:\Windows\system32\asferror.dll
2009-04-13 18:57:22 ----A---- C:\Windows\system32\WMASF.DLL
2009-04-13 18:56:47 ----A---- C:\Windows\system32\slwmi.dll
2009-04-13 18:56:47 ----A---- C:\Windows\system32\SLC.dll
2009-04-13 18:56:47 ----A---- C:\Windows\system32\mcbuilder.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLUINotify.dll
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLUI.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLLUA.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-04-13 18:56:45 ----A---- C:\Windows\system32\SLsvc.exe
2009-04-13 18:56:45 ----A---- C:\Windows\system32\slcinst.dll
2009-04-13 18:56:00 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-04-13 18:56:00 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-04-13 18:55:59 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-04-13 18:54:42 ----A---- C:\Windows\system32\win32spl.dll
2009-04-13 18:54:42 ----A---- C:\Windows\system32\printcom.dll
2009-04-13 18:54:10 ----A---- C:\Windows\system32\wshrm.dll
2009-04-13 18:53:38 ----A---- C:\Windows\system32\sbunattend.exe
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnsapi.dll
2009-04-13 18:51:27 ----A---- C:\Windows\system32\schannel.dll
2009-04-13 18:49:00 ----A---- C:\Windows\system32\icardres.dll
2009-04-13 18:49:00 ----A---- C:\Windows\system32\icardagt.exe
2009-04-13 18:48:59 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-13 18:48:56 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-13 18:48:55 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-13 18:48:55 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-13 18:48:54 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-13 18:39:59 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-13 18:39:59 ----A---- C:\Windows\system32\dfshim.dll
2009-04-13 18:39:58 ----A---- C:\Windows\system32\mscoree.dll
2009-04-13 18:39:57 ----A---- C:\Windows\system32\mscories.dll
2009-04-13 18:39:57 ----A---- C:\Windows\system32\mscorier.dll
2009-04-13 18:34:09 ----SHD---- C:\System Volume Information
2009-04-13 18:29:21 ----A---- C:\Windows\system32\mfps.dll
2009-04-13 18:29:21 ----A---- C:\Windows\system32\mf.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\rrinstaller.exe
2009-04-13 18:29:20 ----A---- C:\Windows\system32\mfpmp.exe
2009-04-13 18:29:20 ----A---- C:\Windows\system32\mferror.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\logagent.exe
2009-04-13 18:29:19 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-04-13 18:29:04 ----A---- C:\Windows\system32\INETRES.dll
2009-04-13 18:29:04 ----A---- C:\Windows\system32\inetcomm.dll
2009-04-13 18:28:56 ----A---- C:\Windows\system32\connect.dll
2009-04-13 18:28:49 ----A---- C:\Windows\system32\quartz.dll
2009-04-13 18:28:30 ----D---- C:\Program Files\MSXML 4.0
2009-04-13 18:28:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-13 18:28:19 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-13 18:28:08 ----A---- C:\Windows\system32\msxml6r.dll
2009-04-13 18:28:08 ----A---- C:\Windows\system32\msxml6.dll
2009-04-13 17:58:18 ----D---- C:\Users\Kyle\AppData\Roaming\Mozilla
2009-04-13 17:52:42 ----D---- C:\Program Files\Mozilla Firefox
2009-04-13 17:51:56 ----D---- C:\Users\Kyle\AppData\Roaming\Macromedia
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wups2.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wucltux.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wuaueng.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wuauclt.exe
2009-04-13 17:47:00 ----A---- C:\Windows\system32\wups.dll
2009-04-13 17:47:00 ----A---- C:\Windows\system32\wudriver.dll
2009-04-13 17:46:59 ----A---- C:\Windows\system32\wuapi.dll
2009-04-13 17:46:22 ----A---- C:\Windows\system32\wuwebv.dll
2009-04-13 17:46:22 ----A---- C:\Windows\system32\wuapp.exe
2009-04-13 17:41:03 ----D---- C:\Users\Kyle\AppData\Roaming\Google
2009-04-13 17:39:41 ----HD---- C:\Users\Kyle\AppData\Roaming\GTek
2009-04-13 17:39:13 ----D---- C:\Users\Kyle\AppData\Roaming\Identities
2009-04-13 17:38:34 ----SD---- C:\Users\Kyle\AppData\Roaming\Microsoft
2009-04-13 17:38:34 ----D---- C:\Users\Kyle\AppData\Roaming\Media Center Programs
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Templates
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Start Menu
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Favorites
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Documents
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Desktop
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Application Data
2009-02-24 14:34:16 ----A---- C:\Windows\system32\dpl100.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx11.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx0c.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx0a.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx07.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\DivX.dll

======List of files/folders modified in the last 3 months======

2009-04-14 19:30:17 ----D---- C:\Windows\Temp
2009-04-14 19:29:55 ----RD---- C:\Program Files
2009-04-14 19:25:31 ----HD---- C:\ProgramData
2009-04-14 17:26:09 ----D---- C:\Windows
2009-04-14 17:10:19 ----D---- C:\Windows\Prefetch
2009-04-14 16:53:45 ----D---- C:\Windows\System32
2009-04-14 16:53:44 ----SHD---- C:\Windows\Installer
2009-04-14 16:53:42 ----D---- C:\Program Files\Common Files
2009-04-14 16:51:43 ----D---- C:\Windows\system32\WDI
2009-04-14 16:36:57 ----D---- C:\Windows\inf
2009-04-14 16:36:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-14 16:30:42 ----D---- C:\Program Files\Google
2009-04-14 16:16:05 ----D---- C:\Windows\system32\drivers
2009-04-14 16:16:03 ----D---- C:\Windows\system32\catroot
2009-04-14 15:43:40 ----D---- C:\Windows\system32\Tasks
2009-04-14 15:38:29 ----RSD---- C:\Windows\assembly
2009-04-14 15:38:02 ----D---- C:\Windows\winsxs
2009-04-14 13:50:07 ----D---- C:\Windows\system32\catroot2
2009-04-14 13:09:26 ----D---- C:\Windows\Microsoft.NET
2009-04-14 12:37:04 ----D---- C:\Windows\system32\NDF
2009-04-14 09:05:21 ----D---- C:\Windows\servicing
2009-04-14 00:31:43 ----D---- C:\ProgramData\NVIDIA
2009-04-13 23:06:47 ----D---- C:\Program Files\Internet Explorer
2009-04-13 22:01:48 ----D---- C:\ProgramData\Dell
2009-04-13 20:34:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-13 20:34:00 ----A---- C:\Windows\win.ini
2009-04-13 20:14:06 ----D---- C:\Program Files\MSBuild
2009-04-13 20:13:53 ----D---- C:\Windows\ShellNew
2009-04-13 20:13:40 ----RSD---- C:\Windows\Fonts
2009-04-13 20:13:33 ----SD---- C:\ProgramData\Microsoft
2009-04-13 20:10:24 ----D---- C:\Program Files\Common Files\System
2009-04-13 19:51:49 ----D---- C:\Program Files\McAfee
2009-04-13 19:38:45 ----ASH---- C:\Program Files\desktop.ini
2009-04-13 19:38:38 ----D---- C:\Windows\rescache
2009-04-13 19:34:50 ----D---- C:\DELL
2009-04-13 19:33:23 ----D---- C:\Windows\system32\en-US
2009-04-13 19:33:21 ----D---- C:\Windows\system32\wbem
2009-04-13 19:33:18 ----D---- C:\Windows\system32\migration
2009-04-13 19:33:17 ----D---- C:\Windows\AppPatch
2009-04-13 19:33:10 ----D---- C:\Windows\ehome
2009-04-13 19:33:09 ----D---- C:\Program Files\Windows Media Player
2009-04-13 19:32:58 ----D---- C:\Windows\system32\SLUI
2009-04-13 19:32:57 ----D---- C:\Program Files\Windows Sidebar
2009-04-13 19:32:57 ----D---- C:\Program Files\Windows Mail
2009-04-13 19:32:55 ----D---- C:\Windows\system32\XPSViewer
2009-04-13 19:13:41 ----D---- C:\Windows\Debug
2009-04-13 18:28:15 ----D---- C:\Windows\SoftwareDistribution
2009-04-13 17:54:33 ----D---- C:\Windows\Logs
2009-04-13 17:39:31 ----SHD---- C:\$Recycle.Bin
2009-04-13 17:38:34 ----RD---- C:\Users
2009-02-25 12:55:00 ----A---- C:\Windows\system32\mrt.exe
2009-02-24 14:35:32 ----N---- C:\Windows\system32\VXBLOCK.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxWave.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxSFS.DLL
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxMas.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\pxdrv.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxAFS.DLL
2009-02-24 14:35:32 ----N---- C:\Windows\system32\Px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2007-07-13 125728]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 {2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files\Dell\MediaDirect\000.fcl [2007-04-02 13560]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-07 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-07 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-07 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-07 155136]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-13 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-13 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-04-13 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-04-14 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-12-27 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-28 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-04-13 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 278528]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-13 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaNvStor;Intel® Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-28 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2007-12-26 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2007-04-09 44032]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-28 102400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

#24 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 15 April 2009 - 01:14 AM

Did you Recovered using the recovery partition or Reformatted?
Either way you are infected this time with a rogue software and it is not difficult to guess how:

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • You may uninstall the following program in case it is installed without your consent:

    Browser Address Error Redirector

    In case you uninstalled it delete the followong folder: C:\Program Files\Dell\BAE

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK:

      c:\rsit\info.txt
    • A text file opens, please post the content.
  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).
Please include in your next reply:
  • The log of MBAM.
  • The content of open test file (info.txt)
  • The OTViewIt logs.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#25 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 15 April 2009 - 11:29 AM

OTViewIt logs

OTViewIt logfile created on: 4/15/2009 11:08:40 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Kyle\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.73 Gb Total Space | 20.17 Gb Free Space | 11.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.81 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRICK2FLY
Current User Name: Kyle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2006/11/02 04:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 04:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/03 11:54:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2009/04/13 18:56:45 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 07:34:30 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2007/04/17 00:05:52 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
[2006/11/02 04:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/09/28 00:56:38 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
[2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/12/26 18:13:55 | 00,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
[2007/04/09 01:48:34 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE
[2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2009/01/16 20:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
[2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2007/09/28 00:56:42 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2007/12/27 01:48:07 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2006/11/02 04:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
[2007/12/27 01:49:18 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2007/09/07 03:50:56 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2007/08/28 00:51:42 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
[2007/09/28 00:56:50 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
[2007/05/31 10:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
[2007/07/27 17:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
[2007/03/21 14:00:00 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2009/04/14 01:11:14 | 00,321,344 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Kyle\Program Files\DNA\btdna.exe
[2009/04/13 18:53:38 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2006/11/02 07:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2006/11/03 18:55:50 | 00,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2007/09/07 17:27:08 | 01,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
[2007/04/24 18:45:32 | 03,446,512 | ---- | M] (Stardock) -- C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
[2007/04/16 23:55:00 | 00,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
[2007/09/07 03:50:54 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2006/11/02 07:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2007/09/07 03:51:00 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2009/03/02 20:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2007/09/07 03:50:56 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2006/11/03 18:55:48 | 01,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
[2009/01/16 19:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2009/04/13 18:59:40 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
[2009/04/15 11:07:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/09/28 00:56:38 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters [Auto | Running])
[2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2009/04/13 18:39:56 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/12/26 18:13:55 | 00,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Auto | Running])
[2007/04/09 01:48:34 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 07:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2007/12/27 01:52:12 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2007/03/19 13:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
[2007/12/27 01:47:32 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2007/07/25 17:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2009/04/13 18:48:56 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/11/02 04:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2007/12/26 18:32:02 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/03/21 14:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2009/01/17 07:33:02 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2009/01/16 20:03:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2009/01/16 19:28:08 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2009/01/09 13:48:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2006/11/02 08:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service [Auto | Running])
[2009/04/13 18:49:03 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/09/03 11:54:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/07/25 17:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2006/11/02 04:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/04/13 18:56:45 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/09/28 00:56:42 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe -- (STacSV [Auto | Running])
[2006/09/14 15:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2006/11/02 04:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 04:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 07:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2007/12/27 01:48:07 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2007/12/27 01:56:18 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2007/12/27 01:47:23 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2007/12/27 01:56:18 | 00,018,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2007/09/07 03:50:54 | 00,155,136 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/11/02 03:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2009/04/13 19:00:56 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 03:55:27 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2009/04/13 19:00:56 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2009/04/13 19:00:56 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
[2006/11/06 20:37:16 | 00,078,128 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Running])
[2006/11/06 18:13:50 | 00,080,176 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Running])
[2006/11/06 18:13:52 | 00,016,560 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid [On_Demand | Running])
[2006/11/02 03:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2009/04/13 18:59:43 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2007/12/27 01:56:18 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 04:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 03:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2006/10/05 18:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
[2007/02/25 13:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv [Auto | Running])
[2007/12/27 01:47:52 | 00,621,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 02:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express [On_Demand | Stopped])
[2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 07:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 04:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 03:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 04:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/12/27 01:48:45 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 03:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2007/09/07 04:27:32 | 00,209,408 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor [Disabled | Stopped])
[2007/09/07 04:22:34 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Boot | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 03:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2009/04/13 18:59:39 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2006/11/02 03:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 03:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2009/01/16 20:04:28 | 00,079,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2009/01/16 20:04:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2009/01/16 20:04:28 | 00,213,640 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
[2009/01/16 20:03:56 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
[2009/01/16 20:04:28 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2009/04/13 19:17:58 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2008/10/23 13:08:54 | 00,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP [System | Running])
[2006/11/02 04:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2007/12/27 01:49:06 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2009/04/13 19:17:16 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2009/04/13 18:29:10 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2007/12/27 01:56:18 | 00,025,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 04:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2007/12/27 01:47:23 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 04:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2009/04/13 19:05:37 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2007/09/26 08:12:00 | 02,251,776 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 03:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/08/31 18:58:20 | 00,018,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])
[2008/09/03 11:54:00 | 07,583,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2007/12/27 01:47:23 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2007/08/28 00:51:40 | 00,235,520 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev [On_Demand | Running])
[2007/08/28 00:51:44 | 00,007,424 | ---- | M] (EyePower Games Pte. Ltd.) -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx [On_Demand | Running])
[2009/04/14 16:15:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2007/12/27 01:52:12 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2006/07/24 04:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 07:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2006/11/02 04:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 03:55:23 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2007/09/07 01:35:44 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/09/07 01:35:42 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/09/07 01:35:46 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2006/11/02 03:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/11/02 03:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/12/27 01:51:34 | 00,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2009/04/13 18:59:40 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2007/12/27 01:51:34 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2007/12/27 01:51:34 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2007/12/27 01:51:34 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2007/12/27 01:47:23 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2007/12/27 01:48:01 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 04:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2009/04/13 18:29:10 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2009/04/13 18:29:10 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2007/09/28 00:56:52 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 03:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2007/04/16 23:44:34 | 00,046,992 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2006/11/02 03:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 04:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2007/12/27 01:49:06 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2007/12/27 01:49:06 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 04:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2007/12/27 01:47:23 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 03:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2006/11/02 03:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 03:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2007/12/27 01:56:18 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2007/12/27 01:47:23 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2007/12/27 01:47:43 | 00,293,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 04:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2009/04/13 18:59:40 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2009/04/13 19:22:58 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2006/11/02 03:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2007/09/28 01:40:24 | 00,278,528 | ---- | M] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh [On_Demand | Running])
[2007/04/02 11:47:50 | 00,013,560 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\Dell\MediaDirect\000.fcl -- ({2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071227
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071227
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071227
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071227
"StartPageCache"=

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} (HKLM) -- c:\Program Files\McAfee\MSK\mskapbho.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s (Creative Technology Ltd.)
"ECenter"=C:\Dell\E-Center\EULALauncher.exe ( )
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe C:\Windows\system32\nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup (UPEK Inc.)
"SigmatelSysTrayApp"=%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
"UpdReg"=C:\Windows\UpdReg.EXE (Creative Technology Ltd.)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Users\Kyle\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Users\Kyle\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/29 16:12:28 | 00,002,773 | ---- | M] ()
Send page to &Bluetooth Device...: c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/10/26 20:28:50 | 00,005,601 | ---- | M] ()

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/02/26 00:37:14 | 17,937,768 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/29 16:12:28 | 00,002,773 | ---- | M] ()
Send page to &Bluetooth Device...: c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/10/26 20:28:50 | 00,005,601 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0\bin\npjpi160.dll [2007/12/26 18:13:32 | 00,132,744 | ---- | M] (Sun Microsystems, Inc.)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 10:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 10:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/10/26 20:28:50 | 00,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/10/26 20:28:50 | 00,005,601 | ---- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0

========== (O17) DNS Name Servers ==========

{6FA19815-3130-4CE3-B970-74294A4F30AF} (Servers: | Description: )
{9E82DA4E-5F48-4C11-A39E-83CC55328F1A} (Servers: | Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller)
{AE3CC140-6CFA-4A41-BC7C-D4C370E69D32} (Servers: | Description: Intel® Wireless WiFi Link 4965AGN)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2007/04/17 00:06:24 | 00,549,888 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
psfus: "DllName" = C:\Windows\system32\psqlpwd.dll -- C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 04:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 04:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 16:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03a717e6-288c-11de-8202-001dd9e8a260}\Shell\AutoRun\command]
""=G:\wd_windows_tools\WDSetup.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command]
""=G:\wd_windows_tools\WDSetup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/15 11:03:14 | 00,001,876 | ---- | C] () -- C:\Users\Kyle\Desktop\HijackThis.lnk
[2009/04/15 10:50:26 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Malwarebytes
[2009/04/15 10:50:24 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/15 10:50:24 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyts' Anti-Malware.lnk
[2009/04/15 10:50:22 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/15 10:50:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/04/15 10:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/15 10:24:56 | 00,000,000 | ---D | C] -- C:\ProgramData\zepepewa
[2009/04/15 10:24:56 | 00,000,000 | ---D | C] -- C:\ProgramData\mapefubo
[2009/04/15 10:24:56 | 00,000,000 | ---D | C] -- C:\ProgramData\gewiluje
[2009/04/15 10:24:24 | 00,000,000 | ---D | C] -- C:\ProgramData\rurimita
[2009/04/15 10:24:23 | 00,000,000 | ---D | C] -- C:\ProgramData\vubebiye
[2009/04/15 10:24:23 | 00,000,000 | ---D | C] -- C:\ProgramData\nazesuna
[2009/04/14 21:37:01 | 01,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/14 21:37:01 | 00,875,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/14 21:37:00 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/14 21:36:58 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/14 21:36:58 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/14 21:36:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/04/14 21:36:47 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/14 21:36:43 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/14 21:36:43 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/14 21:34:21 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/14 21:34:18 | 03,503,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/14 21:34:18 | 03,469,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/14 21:34:18 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/14 21:34:17 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/14 21:34:15 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/14 21:34:15 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/14 21:34:15 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/14 21:34:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/14 21:33:16 | 03,595,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/14 21:33:15 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/14 21:33:14 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/14 21:33:13 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/14 21:33:13 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/14 21:33:13 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/14 21:33:11 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/04/14 21:33:10 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/04/14 21:33:10 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/04/14 21:33:10 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/14 21:33:10 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/14 21:33:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/04/14 21:33:10 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/04/14 21:33:09 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/04/14 21:33:07 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/14 21:33:07 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/14 21:33:07 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/14 21:33:07 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/04/14 21:33:07 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/14 21:33:06 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/04/14 21:33:04 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/04/14 21:33:04 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/14 21:33:04 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/14 21:33:04 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/04/14 21:33:04 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/14 21:33:02 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/04/14 21:33:01 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/04/14 21:32:58 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/14 21:32:58 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/04/14 21:32:58 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/04/14 19:29:55 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/04/14 19:29:54 | 00,000,000 | ---D | C] -- C:\rsit
[2009/04/14 19:29:16 | 00,781,909 | ---- | C] () -- C:\Users\Kyle\Desktop\RSIT.exe
[2009/04/14 19:25:31 | 00,000,000 | ---D | C] -- C:\ProgramData\nekularu
[2009/04/14 19:25:31 | 00,000,000 | ---D | C] -- C:\ProgramData\dehaziku
[2009/04/14 19:25:31 | 00,000,000 | ---D | C] -- C:\ProgramData\botireyo
[2009/04/14 19:20:29 | 00,000,000 | ---D | C] -- C:\ProgramData\rugawaba
[2009/04/14 19:20:28 | 00,000,000 | ---D | C] -- C:\ProgramData\wumoyuvo
[2009/04/14 19:20:28 | 00,000,000 | ---D | C] -- C:\ProgramData\kahowuhi
[2009/04/14 17:26:09 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/04/14 16:53:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/14 16:49:02 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\vlc
[2009/04/14 16:47:40 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/14 16:43:09 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\DivX
[2009/04/14 16:42:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/04/14 16:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/04/14 16:26:48 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/04/14 16:22:49 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/04/14 16:20:48 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\DVDFab
[2009/04/14 16:20:36 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 5
[2009/04/14 16:16:29 | 00,000,671 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\vso_ts_preview.xml
[2009/04/14 16:15:45 | 00,087,608 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\inst.exe
[2009/04/14 16:15:45 | 00,047,360 | ---- | C] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/04/14 16:15:45 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Kyle\AppData\Roaming\pcouffin.sys
[2009/04/14 16:15:45 | 00,007,887 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\pcouffin.cat
[2009/04/14 16:15:45 | 00,001,144 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\pcouffin.inf
[2009/04/14 16:15:44 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\PcSetup
[2009/04/14 16:15:44 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Vso
[2009/04/14 16:15:39 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2009/04/14 16:15:39 | 00,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2009/04/14 16:15:37 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/04/14 16:09:35 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2009/04/14 16:08:52 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\WinRAR
[2009/04/14 16:08:09 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/04/14 16:07:58 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\AdobeUM
[2009/04/14 15:58:16 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/04/14 15:53:57 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\BitTorrent
[2009/04/14 15:43:43 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Skype
[2009/04/14 15:43:28 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/14 15:43:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/04/14 15:37:46 | 00,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2009/04/14 15:37:34 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Paint.NET
[2009/04/14 14:09:52 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009/04/14 12:33:28 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Intel
[2009/04/14 09:25:56 | 00,002,020 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/04/14 09:25:56 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Stardock
[2009/04/14 09:25:56 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Stardock
[2009/04/14 09:24:11 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Stardock
[2009/04/14 09:24:01 | 00,000,000 | -H-D | C] -- C:\ProgramData\{62902F53-D725-44F9-B385-979CC0E00E8A}
[2009/04/14 09:23:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2009/04/14 09:23:56 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/04/14 00:34:22 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/04/14 00:29:58 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/04/13 23:40:35 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\DNA
[2009/04/13 23:40:32 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\DNA
[2009/04/13 23:40:32 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/04/13 23:40:29 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/04/13 23:10:43 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Classes
[2009/04/13 23:10:38 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Class Schedule
[2009/04/13 23:10:23 | 00,010,183 | ---- | C] () -- C:\Users\Kyle\Documents\True Astonishment Cookies.xlsx
[2009/04/13 23:10:08 | 00,414,384 | ---- | C] () -- C:\Users\Kyle\Documents\Phantom.docx
[2009/04/13 23:10:03 | 00,014,412 | ---- | C] () -- C:\Users\Kyle\Documents\Mizzou Wireless.docx
[2009/04/13 23:09:57 | 00,010,981 | ---- | C] () -- C:\Users\Kyle\Documents\Liese 21st Birthday.docx
[2009/04/13 23:09:49 | 00,012,571 | ---- | C] () -- C:\Users\Kyle\Documents\Complete Movie List.xlsx
[2009/04/13 23:09:43 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Resume
[2009/04/13 23:08:05 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Apple Computer
[2009/04/13 23:08:05 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Apple Computer
[2009/04/13 23:07:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/04/13 23:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/13 23:07:27 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/13 23:07:27 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/13 23:07:05 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/13 23:06:14 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/13 23:06:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/04/13 23:06:00 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Apple
[2009/04/13 23:05:56 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/13 23:04:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/04/13 23:04:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/04/13 22:34:09 | 00,000,000 | R--D | C] -- C:\Users\Kyle\Desktop\Kyle's Stuff
[2009/04/13 20:14:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/04/13 20:13:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/04/13 20:13:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/04/13 20:13:33 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/04/13 20:13:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/04/13 20:10:40 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/04/13 20:09:55 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Microsoft Help
[2009/04/13 20:09:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/04/13 20:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/04/13 20:09:20 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/04/13 19:43:45 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Adobe
[2009/04/13 19:43:45 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Adobe
[2009/04/13 19:43:07 | 00,029,696 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 19:29:30 | 02,578,289 | -H-- | C] () -- C:\Users\Kyle\AppData\Local\IconCache.db
[2009/04/13 19:24:47 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/04/13 19:24:46 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/04/13 19:24:46 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/04/13 19:24:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/04/13 19:23:53 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/04/13 19:23:53 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/04/13 19:23:53 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/04/13 19:23:00 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/04/13 19:22:59 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/04/13 19:22:58 | 00,258,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/04/13 19:22:58 | 00,020,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/04/13 19:22:58 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2009/04/13 19:22:58 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2009/04/13 19:22:57 | 00,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2009/04/13 19:22:56 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/04/13 19:22:56 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/04/13 19:22:55 | 01,652,417 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/04/13 19:22:55 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/04/13 19:22:54 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/04/13 19:22:54 | 00,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/04/13 19:22:54 | 00,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/04/13 19:22:54 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/04/13 19:22:02 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/04/13 19:22:02 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/04/13 19:18:42 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/04/13 19:17:58 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/13 19:17:58 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/04/13 19:17:16 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/13 19:16:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/04/13 19:16:31 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/04/13 19:16:31 | 01,687,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/04/13 19:15:43 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/04/13 19:14:58 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/04/13 19:14:58 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/04/13 19:13:11 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/04/13 19:12:26 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/04/13 19:09:20 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/04/13 19:09:20 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/04/13 19:09:20 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/04/13 19:09:19 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/04/13 19:09:19 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/04/13 19:09:19 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/04/13 19:09:19 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/04/13 19:09:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/04/13 19:08:26 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/04/13 19:08:25 | 10,619,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/04/13 19:08:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/04/13 19:08:25 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/04/13 19:08:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/04/13 19:07:11 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/04/13 19:05:38 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/04/13 19:05:38 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/04/13 19:05:37 | 00,211,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/13 19:05:37 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/13 19:05:37 | 00,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/04/13 19:05:37 | 00,015,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/04/13 19:05:00 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/13 19:03:44 | 00,217,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/04/13 19:03:44 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/04/13 19:03:44 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/04/13 19:03:44 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/04/13 19:03:43 | 00,806,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/04/13 19:02:46 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/04/13 19:02:46 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/04/13 19:02:46 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/04/13 19:02:46 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/04/13 19:02:45 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/04/13 19:02:45 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/04/13 19:02:45 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/04/13 19:02:45 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/04/13 19:02:44 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/04/13 19:02:44 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/04/13 19:02:43 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/04/13 19:02:43 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/04/13 19:02:43 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/04/13 19:02:43 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/04/13 19:02:42 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/04/13 19:02:42 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/04/13 19:02:41 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/04/13 19:02:41 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/04/13 19:02:41 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/04/13 19:02:40 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/04/13 19:02:40 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/04/13 19:02:40 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/04/13 19:02:40 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/04/13 19:02:40 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/04/13 19:02:39 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/04/13 19:02:39 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/04/13 19:02:39 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/04/13 19:02:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/04/13 19:02:38 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/04/13 19:02:38 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/04/13 19:02:37 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/04/13 19:02:37 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/04/13 19:02:37 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/04/13 19:02:37 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/04/13 19:02:36 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/04/13 19:02:36 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/04/13 19:02:36 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/04/13 19:02:35 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/04/13 19:02:35 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/04/13 19:02:35 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/04/13 19:02:35 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/04/13 19:02:34 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/04/13 19:02:34 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/04/13 19:02:33 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/04/13 19:02:33 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/04/13 19:02:33 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/04/13 19:02:33 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/04/13 19:02:33 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/04/13 19:02:32 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/04/13 19:02:32 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/04/13 19:02:32 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/04/13 19:02:32 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/04/13 19:02:32 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/04/13 19:02:32 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/04/13 19:02:32 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/04/13 19:02:31 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/04/13 19:02:31 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/04/13 19:02:31 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/04/13 19:02:31 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/04/13 19:02:30 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/04/13 19:02:30 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/04/13 19:02:30 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/04/13 19:02:30 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/04/13 19:02:30 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/04/13 19:02:30 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/04/13 19:02:29 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/04/13 19:02:29 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/04/13 19:02:29 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/04/13 19:02:29 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/04/13 19:02:28 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/04/13 19:02:28 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/04/13 19:02:28 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/04/13 19:02:28 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/04/13 19:02:27 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/04/13 19:02:27 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/04/13 19:02:27 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/04/13 19:02:27 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2009/04/13 19:00:56 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2009/04/13 19:00:56 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS
[2009/04/13 19:00:56 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys
[2009/04/13 19:00:12 | 01,585,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/04/13 18:59:45 | 00,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/04/13 18:59:45 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/04/13 18:59:45 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/04/13 18:59:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/04/13 18:59:44 | 00,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/04/13 18:59:44 | 00,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/04/13 18:59:44 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/04/13 18:59:44 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/04/13 18:59:43 | 00,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/04/13 18:59:43 | 00,224,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/04/13 18:59:43 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/04/13 18:59:43 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/04/13 18:59:43 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/04/13 18:59:42 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/04/13 18:59:42 | 00,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/04/13 18:59:42 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/04/13 18:59:42 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/04/13 18:59:42 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/04/13 18:59:41 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/04/13 18:59:41 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/04/13 18:59:41 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/04/13 18:59:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/04/13 18:59:40 | 00,495,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/04/13 18:59:40 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/04/13 18:59:40 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/04/13 18:59:40 | 00,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/04/13 18:59:40 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/04/13 18:59:40 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/04/13 18:59:40 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/04/13 18:59:39 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/04/13 18:59:39 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/04/13 18:59:39 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2009/04/13 18:59:39 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/13 18:57:23 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/04/13 18:57:23 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/04/13 18:57:22 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/04/13 18:56:47 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/04/13 18:56:47 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/04/13 18:56:47 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/04/13 18:56:46 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/04/13 18:56:46 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/04/13 18:56:46 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/04/13 18:56:46 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/04/13 18:56:45 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/04/13 18:56:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/04/13 18:56:00 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/04/13 18:56:00 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/04/13 18:55:59 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/04/13 18:54:42 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/04/13 18:54:42 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/04/13 18:54:10 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/13 18:54:10 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/04/13 18:53:38 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/04/13 18:52:30 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/04/13 18:51:58 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/04/13 18:51:58 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/04/13 18:51:58 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/04/13 18:51:27 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/04/13 18:49:00 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/04/13 18:49:00 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/04/13 18:48:59 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/04/13 18:48:59 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/04/13 18:48:56 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/04/13 18:48:55 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/04/13 18:48:55 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/04/13 18:48:54 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/04/13 18:41:40 | 19,988,480 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/04/13 18:41:40 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/04/13 18:41:40 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/04/13 18:39:59 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/04/13 18:39:59 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/04/13 18:39:58 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/04/13 18:39:57 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/04/13 18:39:57 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/04/13 18:34:09 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/04/13 18:32:23 | 32,191,93856 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 18:29:21 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/04/13 18:29:21 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/04/13 18:29:20 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/04/13 18:29:20 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/04/13 18:29:20 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/04/13 18:29:20 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/04/13 18:29:20 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/04/13 18:29:19 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/04/13 18:29:10 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/04/13 18:29:10 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/04/13 18:29:10 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/13 18:29:10 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/04/13 18:29:04 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/04/13 18:29:04 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/04/13 18:28:56 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/04/13 18:28:49 | 01,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/04/13 18:28:41 | 02,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/04/13 18:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/04/13 18:28:08 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/04/13 18:28:08 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/04/13 17:58:18 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Mozilla
[2009/04/13 17:58:18 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Mozilla
[2009/04/13 17:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/13 17:51:56 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Macromedia
[2009/04/13 17:48:05 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/04/13 17:48:05 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/04/13 17:48:05 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/04/13 17:48:05 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/04/13 17:47:00 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/04/13 17:47:00 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/04/13 17:46:59 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/04/13 17:46:22 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/04/13 17:46:22 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/04/13 17:39:58 | 00,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Bluetooth Exchange Folder
[2009/04/13 17:39:45 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\MediaDirect
[2009/04/13 17:39:41 | 00,000,000 | -H-D | C] -- C:\Users\Kyle\AppData\Roaming\GTek
[2009/04/13 17:39:30 | 00,115,312 | ---- | C] () -- C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/04/13 17:39:21 | 00,000,402 | -HS- | C] () -- C:\Users\Kyle\Documents\desktop.ini
[2009/04/13 17:39:21 | 00,000,282 | -HS- | C] () -- C:\Users\Kyle\Desktop\desktop.ini
[2009/04/13 17:39:21 | 00,000,174 | -HS- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/13 17:39:13 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Identities
[2009/04/13 17:39:09 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\VirtualStore
[2009/04/13 17:38:34 | 00,000,000 | --SD | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft
[2009/04/13 17:38:34 | 00,000,000 | -HSD | C] -- C:\Users\Kyle\Documents\My Videos
[2009/04/13 17:38:34 | 00,000,000 | -HSD | C] -- C:\Users\Kyle\Documents\My Pictures
[2009/04/13 17:38:34 | 00,000,000 | -HSD | C] -- C:\Users\Kyle\Documents\My Music
[2009/04/13 17:38:34 | 00,000,000 | -HSD | C] -- C:\Users\Kyle\AppData\Local\Temporary Internet Files
[2009/04/13 17:38:34 | 00,000,000 | -HSD | C] -- C:\Users\Kyle\AppData\Local\History
[2009/04/13 17:38:34 | 00,000,000 | -HSD | C] -- C:\Users\Kyle\AppData\Local\Application Data
[2009/04/13 17:38:34 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Media Center Programs
[2009/04/13 17:38:34 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Temp
[2009/04/13 17:38:34 | 00,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Microsoft
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2009/04/13 17:35:12 | 00,000,000 | -HSD | C] -- C:\ProgramData\Application Data

========== Files - Modified Within 30 Days ==========

[2009/04/15 11:05:25 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/15 11:05:25 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/15 11:05:25 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/15 11:03:14 | 00,001,876 | ---- | M] () -- C:\Users\Kyle\Desktop\HijackThis.lnk
[2009/04/15 11:01:46 | 00,013,891 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/04/15 10:58:18 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/15 10:58:18 | 00,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/15 10:58:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/15 10:58:11 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/15 10:57:57 | 32,191,93856 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/15 10:55:55 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/04/15 10:55:52 | 02,578,289 | -H-- | M] () -- C:\Users\Kyle\AppData\Local\IconCache.db
[2009/04/15 10:53:54 | 00,011,168 | -H-- | M] () -- C:\ProgramData\pabojolu
[2009/04/15 10:50:24 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyts' Anti-Malware.lnk
[2009/04/15 10:39:44 | 00,029,696 | ---- | M] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 01:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/04/14 19:29:20 | 00,781,909 | ---- | M] () -- C:\Users\Kyle\Desktop\RSIT.exe
[2009/04/14 16:17:36 | 00,000,671 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\vso_ts_preview.xml
[2009/04/14 16:15:45 | 00,087,608 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\inst.exe
[2009/04/14 16:15:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys
[2009/04/14 16:15:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\Kyle\AppData\Roaming\pcouffin.sys
[2009/04/14 16:15:45 | 00,007,887 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\pcouffin.cat
[2009/04/14 16:15:45 | 00,001,144 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\pcouffin.inf
[2009/04/14 09:25:56 | 00,002,020 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/04/14 00:34:22 | 00,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/04/14 00:29:58 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/04/13 21:59:45 | 00,115,312 | ---- | M] () -- C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/04/13 21:58:44 | 00,413,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/13 20:34:00 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/04/13 19:43:09 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/04/13 19:38:45 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2009/04/13 19:38:45 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2009/04/13 19:38:45 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/13 19:24:47 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/04/13 19:24:47 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/04/13 19:24:46 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/04/13 19:24:46 | 00,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/04/13 19:23:53 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/04/13 19:23:53 | 00,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/04/13 19:23:53 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/04/13 19:23:00 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/04/13 19:22:59 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/04/13 19:22:58 | 00,258,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/04/13 19:22:58 | 00,020,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2009/04/13 19:22:58 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2009/04/13 19:22:58 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2009/04/13 19:22:57 | 00,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2009/04/13 19:22:56 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/04/13 19:22:56 | 00,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/04/13 19:22:55 | 01,652,417 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2009/04/13 19:22:55 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/04/13 19:22:54 | 00,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/04/13 19:22:54 | 00,299,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/04/13 19:22:54 | 00,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/04/13 19:22:54 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/04/13 19:22:02 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/04/13 19:22:02 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/04/13 19:18:42 | 00,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/04/13 19:17:58 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/04/13 19:17:58 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/04/13 19:17:16 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/04/13 19:16:33 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/04/13 19:16:31 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/04/13 19:16:31 | 01,687,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/04/13 19:15:43 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/04/13 19:14:59 | 01,194,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/04/13 19:14:58 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/04/13 19:13:11 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/04/13 19:12:26 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/04/13 19:09:20 | 01,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/04/13 19:09:20 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/04/13 19:09:20 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/04/13 19:09:19 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/04/13 19:09:19 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/04/13 19:09:19 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/04/13 19:09:19 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/04/13 19:09:19 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/04/13 19:08:26 | 10,619,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/04/13 19:08:26 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/04/13 19:08:25 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/04/13 19:08:25 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/04/13 19:08:24 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/04/13 19:07:11 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/04/13 19:05:38 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/04/13 19:05:38 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/04/13 19:05:37 | 00,211,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/13 19:05:37 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/04/13 19:05:37 | 00,110,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/04/13 19:05:37 | 00,015,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/04/13 19:05:00 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/13 19:03:44 | 00,217,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/04/13 19:03:44 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/04/13 19:03:44 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/04/13 19:03:44 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/04/13 19:03:43 | 00,806,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/04/13 19:02:46 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/04/13 19:02:46 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/04/13 19:02:46 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/04/13 19:02:46 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/04/13 19:02:45 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/04/13 19:02:45 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/04/13 19:02:45 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/04/13 19:02:45 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/04/13 19:02:44 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/04/13 19:02:44 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/04/13 19:02:43 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/04/13 19:02:43 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/04/13 19:02:43 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/04/13 19:02:43 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/04/13 19:02:42 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/04/13 19:02:42 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/04/13 19:02:42 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/04/13 19:02:41 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/04/13 19:02:41 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/04/13 19:02:41 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/04/13 19:02:40 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/04/13 19:02:40 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/04/13 19:02:40 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/04/13 19:02:40 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/04/13 19:02:39 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/04/13 19:02:39 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/04/13 19:02:39 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/04/13 19:02:39 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/04/13 19:02:38 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/04/13 19:02:38 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/04/13 19:02:38 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/04/13 19:02:37 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/04/13 19:02:37 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/04/13 19:02:37 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/04/13 19:02:36 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/04/13 19:02:36 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/04/13 19:02:36 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/04/13 19:02:35 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/04/13 19:02:35 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/04/13 19:02:35 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/04/13 19:02:35 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/04/13 19:02:35 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/04/13 19:02:34 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/04/13 19:02:34 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/04/13 19:02:34 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/04/13 19:02:33 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/04/13 19:02:33 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/04/13 19:02:33 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/04/13 19:02:33 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/04/13 19:02:33 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/04/13 19:02:33 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/04/13 19:02:32 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/04/13 19:02:32 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/04/13 19:02:32 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/04/13 19:02:32 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/04/13 19:02:32 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/04/13 19:02:32 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/04/13 19:02:31 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/04/13 19:02:31 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/04/13 19:02:31 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/04/13 19:02:31 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/04/13 19:02:30 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/04/13 19:02:30 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/04/13 19:02:30 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/04/13 19:02:30 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/04/13 19:02:30 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/04/13 19:02:30 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/04/13 19:02:29 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/04/13 19:02:29 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/04/13 19:02:29 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/04/13 19:02:29 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/04/13 19:02:28 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/04/13 19:02:28 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/04/13 19:02:28 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/04/13 19:02:28 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/04/13 19:02:28 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/04/13 19:02:27 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/04/13 19:02:27 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/04/13 19:02:27 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2009/04/13 19:00:56 | 00,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2009/04/13 19:00:56 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS
[2009/04/13 19:00:56 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys
[2009/04/13 19:00:12 | 01,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/04/13 18:59:47 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2009/04/13 18:59:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2009/04/13 18:59:47 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2009/04/13 18:59:47 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2009/04/13 18:59:47 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2009/04/13 18:59:47 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2009/04/13 18:59:45 | 00,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/04/13 18:59:45 | 00,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/04/13 18:59:45 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/04/13 18:59:45 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/04/13 18:59:44 | 00,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/04/13 18:59:44 | 00,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/04/13 18:59:44 | 00,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/04/13 18:59:44 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/04/13 18:59:43 | 00,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/04/13 18:59:43 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/04/13 18:59:43 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/04/13 18:59:43 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/04/13 18:59:43 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/04/13 18:59:42 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/04/13 18:59:42 | 00,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/04/13 18:59:42 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/04/13 18:59:42 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/04/13 18:59:42 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/04/13 18:59:41 | 00,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/04/13 18:59:41 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/04/13 18:59:41 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/04/13 18:59:41 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/04/13 18:59:40 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/04/13 18:59:40 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/04/13 18:59:40 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/04/13 18:59:40 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/04/13 18:59:40 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/04/13 18:59:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/04/13 18:59:40 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/04/13 18:59:39 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/04/13 18:59:39 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/04/13 18:59:39 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2009/04/13 18:59:39 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/04/13 18:57:23 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/04/13 18:57:23 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/04/13 18:57:22 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/04/13 18:56:47 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/04/13 18:56:47 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/04/13 18:56:47 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/04/13 18:56:46 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/04/13 18:56:46 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/04/13 18:56:46 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/04/13 18:56:46 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/04/13 18:56:45 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/04/13 18:56:45 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/04/13 18:56:00 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/04/13 18:56:00 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/04/13 18:55:59 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/04/13 18:54:42 | 00,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/04/13 18:54:42 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/04/13 18:54:10 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/04/13 18:54:10 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/04/13 18:53:38 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/04/13 18:52:30 | 00,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/04/13 18:51:58 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/04/13 18:51:58 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/04/13 18:51:58 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/04/13 18:51:27 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/04/13 18:49:00 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/04/13 18:49:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/04/13 18:48:59 | 00,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/04/13 18:48:59 | 00,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/04/13 18:48:56 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/04/13 18:48:55 | 00,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/04/13 18:48:55 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/04/13 18:48:54 | 00,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/04/13 18:43:50 | 19,988,480 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/04/13 18:43:50 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/04/13 18:43:49 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/04/13 18:39:59 | 00,096,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/04/13 18:39:59 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/04/13 18:39:58 | 00,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/04/13 18:39:57 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/04/13 18:39:57 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/04/13 18:29:21 | 02,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/04/13 18:29:21 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/04/13 18:29:20 | 02,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/04/13 18:29:20 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/04/13 18:29:20 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/04/13 18:29:20 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/04/13 18:29:20 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/04/13 18:29:20 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/04/13 18:29:10 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/04/13 18:29:10 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/04/13 18:29:10 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/04/13 18:29:10 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/04/13 18:29:04 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/04/13 18:29:04 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/04/13 18:28:56 | 01,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/04/13 18:28:49 | 01,327,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/04/13 18:28:41 | 02,028,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/04/13 18:28:08 | 01,341,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/04/13 18:28:08 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/04/13 17:48:05 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/04/13 17:48:05 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/04/13 17:48:05 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/04/13 17:48:05 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/04/13 17:47:00 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/04/13 17:47:00 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/04/13 17:46:59 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/04/13 17:46:22 | 00,162,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/04/13 17:46:22 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/04/13 17:39:21 | 00,000,402 | -HS- | M] () -- C:\Users\Kyle\Documents\desktop.ini
[2009/04/13 17:39:21 | 00,000,282 | -HS- | M] () -- C:\Users\Kyle\Desktop\desktop.ini
[2009/04/13 17:39:21 | 00,000,174 | -HS- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/03/16 22:16:31 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/03/16 22:16:29 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
< End of report >


OTViewIt Extras logfile created on: 4/15/2009 11:08:40 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Kyle\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173.73 Gb Total Space | 20.17 Gb Free Space | 11.61% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.81 Gb Free Space | 58.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRICK2FLY
Current User Name: Kyle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/04/08 14:37:48 | 00,637,232 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000006 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] -- C:\Windows\System32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}"=Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}"=Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}"=QualxServ Service Agreement
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}"=Live! Cam Avatar v1.0
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}"=QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}"=Skype™ 4.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}"=Sonic Activation Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}"=DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}"=Paint.NET v3.36
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}"=Dell DataSafe Online
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}"=Sound Blaster Audigy ADVANCED MB
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}"=User's Guides
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}"=iTunes
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}"=mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}"=Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}"=VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1"=ConvertXtoDVD 3.3.4.106e
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}"=Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}"=DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}"=Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}"=Product Documentation Launcher
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}"=Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{91120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}"=OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}"=MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}"=WIDCOMM Bluetooth Software 6.0.1.3100
"{A2289997-10A3-48F2-AA03-99180D761661}"=Fingerprint Reader Suite 5.6
"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}"=Apple Mobile Device Support
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}"=Creative MediaSource 5
"{C4972073-2BFE-475D-8441-564EA97DA161}"=QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}"=Stardock Impulse
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}"=Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}"=Music, Photos & Videos Launcher
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{E7044E25-3038-4A76-9064-344AC038043E}"=Windows Mobile Device Center Driver Update
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}"=mCore
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1"=BitPim 1.0.6
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine"=Advanced Audio FX Engine
"Advanced Video FX Engine"=Advanced Video FX Engine
"CCleaner"=CCleaner (remove only)
"Creative OEM002"=Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center"=Dell Webcam Center
"Dell Webcam Manager"=Dell Webcam Manager
"DVDFab Ghosthunter release_is1"=DVDFab Ghosthunter release 5.2.3.2
"HijackThis"=HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)"=Mozilla Firefox (3.0.8)
"MSC"=McAfee SecurityCenter
"NVIDIA Drivers"=NVIDIA Drivers
"ObjectDock"=ObjectDock
"PowerISO"=PowerISO
"ProInst"=Intel® PROSet/Wireless Software
"PROPLUSR"=Microsoft Office Professional Plus 2007
"Stardock Impulse"=Stardock Impulse
"VLC media player"=VLC media player 0.9.9
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4047770738-1123082679-2476018846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2009 9:09:01 PM | Computer Name = Trick2Fly | Source = VSS | ID = 8194
Description =

Error - 4/14/2009 4:37:34 PM | Computer Name = Trick2Fly | Source = VSS | ID = 8194
Description =

Error - 4/14/2009 8:23:53 PM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 7.0.8.218, time stamp 0x446abf60,
faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception
code 0xc0000005, fault offset 0x000625cd, process id 0x1608, application start time
0x01c9bd5ff41d6fdf.

Error - 4/14/2009 8:26:43 PM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, time stamp 0x49cbcea4,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x30303220, process id 0x1568, application start time 0x01c9bd5fa5e213f7.

Error - 4/14/2009 9:04:08 PM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, time stamp 0x49cbcea4,
faulting module botireyo.dll, version 5.6.1215.0, time stamp 0x49db6dbc, exception
code 0xc0000005, fault offset 0x0000772c, process id 0xc70, application start time
0x01c9bd6348e05679.

Error - 4/14/2009 10:31:27 PM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application ObjectDock.exe, version 1.9.0.534, time stamp
0x462e9697, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0x00000000, fault offset 0x00000000, process id 0xa90, application start time
0x01c9bd62dc660359.

Error - 4/15/2009 11:36:33 AM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16809, time stamp
0x496e9a04, faulting module mskapbho.dll_unloaded, version 0.0.0.0, time stamp
0x49678270, exception code 0xc0000005, fault offset 0x6931ad25, process id 0x80c,
application start time 0x01c9bddfe5208cb5.

Error - 4/15/2009 11:37:04 AM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16809, time stamp
0x496e9a04, faulting module mskapbho.dll_unloaded, version 0.0.0.0, time stamp
0x49678270, exception code 0xc0000005, fault offset 0x6931ad25, process id 0x147c,
application start time 0x01c9bddffcf0e4c5.

Error - 4/15/2009 11:37:32 AM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16809, time stamp
0x496e9a04, faulting module mskapbho.dll_unloaded, version 0.0.0.0, time stamp
0x49678270, exception code 0xc0000005, fault offset 0x6931ad25, process id 0x14e0,
application start time 0x01c9bde00a7c25f5.

Error - 4/15/2009 11:40:02 AM | Computer Name = Trick2Fly | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16809, time stamp
0x496e9a04, faulting module mskapbho.dll_unloaded, version 0.0.0.0, time stamp
0x49678270, exception code 0xc0000005, fault offset 0x6931ad25, process id 0xb54,
application start time 0x01c9bde06823f2a5.

[ System Events ]
Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/14/2009 1:16:54 AM | Computer Name = Trick2Fly | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/14/2009 10:06:19 AM | Computer Name = Trick2Fly | Source = DCOM | ID = 10010
Description =

Error - 4/14/2009 1:37:33 PM | Computer Name = Trick2Fly | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 001DE0477C9B has been denied by the DHCP server 128.206.10.5 (The DHCP
Server sent a DHCPNACK message).

Error - 4/14/2009 2:48:36 PM | Computer Name = Trick2Fly | Source = Dhcp | ID = 1002
Description = The IP address lease 161.130.188.128 for the Network Card with network
address 001DE0477C9B has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:26 AM, on 4/15/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Kyle\Program Files\DNA\btdna.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Kyle\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9811 bytes


No problems encountered while performing any of the tasks given. The logs will be posted in the order given by you:

Malwarebytes' Anti-Malware 1.36
Database version: 1987
Windows 6.0.6000

4/15/2009 10:55:33 AM
mbam-log-2009-04-15 (10-55-33).txt

Scan type: Quick Scan
Objects scanned: 66519
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7dfda036 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\weligosimu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7ece93aa (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\nazesuna\nazesuna.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\zepepewa\zepepewa.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\vubebiye\vubebiye.dll (Trojan.Agent) -> Delete on reboot.





RSIT logs

info.txt logfile of random's system information tool 1.06 2009-04-14 19:30:19

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BitPim 1.0.6-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 3.3.4.106e-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVDFab Ghosthunter release 5.2.3.2-->"C:\Program Files\DVDFab 5\unins000.exe"
Fingerprint Reader Suite 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel® PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Laptop Integrated Webcam Driver (1.03.02.0719) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
ObjectDock-->"C:\Program Files\Stardock\Object Desktop\ObjectDock\UninstHelper.exe" /autouninstall odk
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
QualxServ Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove
Stardock Impulse-->"C:\ProgramData\{62902F53-D725-44F9-B385-979CC0E00E8A}\shareware.exe" REMOVE=TRUE MODIFY=FALSE
Stardock Impulse-->C:\ProgramData\{62902F53-D725-44F9-B385-979CC0E00E8A}\shareware.exe
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall
AS: McAfee VirusScan
AS: Windows Defender

======System event log======

Computer Name: Trick2Fly
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {0420B1E8-F980-44B1-834A-15E253C57A14}
User: Trick2Fly\Kyle
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\weligosimu;runkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\weligosimu;file:C:\ProgramData\kahowuhi\kahowuhi.dll
Alert Type: Unclassified software
Detection Type:
Record Number: 19365
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090415002054.000000-000
Event Type: Warning
User:

Computer Name: Trick2Fly
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {831F9C72-BAF3-420A-BA7F-BB59DC0E54B4}
User: Trick2Fly\Kyle
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CPM7dfda036;runkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CPM7dfda036;file:C:\ProgramData\botireyo\botireyo.dll
Alert Type: Unclassified software
Detection Type:
Record Number: 19370
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090415002541.000000-000
Event Type: Warning
User:

Computer Name: Trick2Fly
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {CC4E9CBF-25F6-44CA-80BF-18CE2F2A39B6}
User: Trick2Fly\Kyle
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\7ece93aa;runkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\7ece93aa;file:C:\ProgramData\dehaziku\dehaziku.dll
Alert Type: Unclassified software
Detection Type:
Record Number: 19372
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090415002549.000000-000
Event Type: Warning
User:

Computer Name: Trick2Fly
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {55E952DC-0585-4FD6-A282-3AA3B4379E7F}
User: Trick2Fly\Kyle
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CPM7dfda036;runkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CPM7dfda036;file:c:\programdata\botireyo\botireyo.dll
Alert Type: Unclassified software
Detection Type:
Record Number: 19374
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090415002603.000000-000
Event Type: Warning
User:

Computer Name: Trick2Fly
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {55926DBF-BE2F-4674-82AA-AFA83CA436D1}
User: Trick2Fly\Kyle
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CPM7dfda036;runkey:HKCU@S-1-5-21-4047770738-1123082679-2476018846-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CPM7dfda036;file:C:\ProgramData\botireyo\botireyo.dll
Alert Type: Unclassified software
Detection Type:
Record Number: 19376
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090415002612.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Trick2Fly
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {e26bfb54-b1e6-474b-bfcd-1f798bbc8f7a}
Record Number: 1107
Source Name: VSS
Time Written: 20090414203734.000000-000
Event Type: Error
User:

Computer Name: Trick2Fly
Event Code: 1
Message: The application (Acrobat Reader 7.*, from vendor Adobe) has the following problem: Acrobat Reader 7.* has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Adobe.
Record Number: 1121
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20090414210724.571500-000
Event Type: Warning
User: Trick2Fly\Kyle

Computer Name: Trick2Fly
Event Code: 1
Message: The application (Acrobat Reader 7.*, from vendor Adobe) has the following problem: Acrobat Reader 7.* has a known compatibility issue with this version of Windows. For an update that is compatible with this version of Windows, contact Adobe.
Record Number: 1172
Source Name: Microsoft-Windows-ApplicationExperienceInfrastructure
Time Written: 20090415002017.448246-000
Event Type: Warning
User: Trick2Fly\Kyle

Computer Name: Trick2Fly
Event Code: 1000
Message: Faulting application AcroRd32.exe, version 7.0.8.218, time stamp 0x446abf60, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x000625cd, process id 0x1608, application start time 0x01c9bd5ff41d6fdf.
Record Number: 1173
Source Name: Application Error
Time Written: 20090415002353.000000-000
Event Type: Error
User:

Computer Name: Trick2Fly
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3372, time stamp 0x49cbcea4, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x30303220, process id 0x1568, application start time 0x01c9bd5fa5e213f7.
Record Number: 1175
Source Name: Application Error
Time Written: 20090415002643.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Trick2Fly
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1455
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090414215131.994746-000
Event Type: Audit Failure
User:

Computer Name: Trick2Fly
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 1456
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090414215419.521746-000
Event Type: Audit Failure
User:

Computer Name: Trick2Fly
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: TRICK2FLY$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2f0
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1457
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090414223512.892146-000
Event Type: Audit Success
User:

Computer Name: Trick2Fly
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: TRICK2FLY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2f0
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1458
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090414223512.892146-000
Event Type: Audit Success
User:

Computer Name: Trick2Fly
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1459
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090414223512.892146-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Kyle at 2009-04-15 11:01:38
Microsoft® Windows Vista™ Home Premium
System drive C: has 21 GB (12%) free of 178 GB
Total RAM: 3069 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:50 AM, on 4/15/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Kyle\Program Files\DNA\btdna.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyle\Desktop\RSIT.exe
C:\Program Files\trend micro\Kyle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Kyle\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9826 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - c:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-12-26 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-01-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-26 2554680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-12-26 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-26 2554680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-27 1006264]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-07 159744]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-28 36864]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-28 405504]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Users\Kyle\Program Files\DNA\btdna.exe [2009-04-14 321344]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-13 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-17 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03a717e6-288c-11de-8202-001dd9e8a260}]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2009-04-15 10:50:26 ----D---- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2009-04-15 10:50:21 ----D---- C:\ProgramData\Malwarebytes
2009-04-15 10:50:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-15 10:24:56 ----D---- C:\ProgramData\zepepewa
2009-04-15 10:24:56 ----D---- C:\ProgramData\mapefubo
2009-04-15 10:24:56 ----D---- C:\ProgramData\gewiluje
2009-04-15 10:24:24 ----D---- C:\ProgramData\rurimita
2009-04-15 10:24:23 ----D---- C:\ProgramData\vubebiye
2009-04-15 10:24:23 ----D---- C:\ProgramData\nazesuna
2009-04-14 21:37:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-14 21:37:01 ----A---- C:\Windows\system32\kernel32.dll
2009-04-14 21:37:00 ----A---- C:\Windows\system32\secur32.dll
2009-04-14 21:36:58 ----A---- C:\Windows\system32\lsass.exe
2009-04-14 21:36:58 ----A---- C:\Windows\system32\apilogen.dll
2009-04-14 21:36:58 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 21:36:47 ----A---- C:\Windows\system32\winhttp.dll
2009-04-14 21:36:43 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-14 21:36:43 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-14 21:34:21 ----A---- C:\Windows\system32\rpcss.dll
2009-04-14 21:34:18 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-14 21:34:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-14 21:34:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-14 21:34:17 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\iasads.dll
2009-04-14 21:33:16 ----A---- C:\Windows\system32\mshtml.dll
2009-04-14 21:33:15 ----A---- C:\Windows\system32\ieframe.dll
2009-04-14 21:33:13 ----A---- C:\Windows\system32\wininet.dll
2009-04-14 21:33:13 ----A---- C:\Windows\system32\urlmon.dll
2009-04-14 21:33:13 ----A---- C:\Windows\system32\mstime.dll
2009-04-14 21:33:11 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\iertutil.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-14 21:33:10 ----A---- C:\Windows\system32\icardie.dll
2009-04-14 21:33:09 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\occache.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-14 21:33:06 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-14 21:33:04 ----A---- C:\Windows\system32\iernonce.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\ieencode.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\advpack.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\admparse.dll
2009-04-14 21:33:02 ----A---- C:\Windows\system32\ieui.dll
2009-04-14 21:33:01 ----A---- C:\Windows\system32\iesetup.dll
2009-04-14 21:32:58 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-14 21:32:58 ----A---- C:\Windows\system32\ieakui.dll
2009-04-14 19:29:55 ----D---- C:\Program Files\trend micro
2009-04-14 19:29:54 ----D---- C:\rsit
2009-04-14 19:25:31 ----D---- C:\ProgramData\nekularu
2009-04-14 19:25:31 ----D---- C:\ProgramData\dehaziku
2009-04-14 19:25:31 ----D---- C:\ProgramData\botireyo
2009-04-14 19:20:29 ----D---- C:\ProgramData\rugawaba
2009-04-14 19:20:28 ----D---- C:\ProgramData\wumoyuvo
2009-04-14 19:20:28 ----D---- C:\ProgramData\kahowuhi
2009-04-14 17:26:09 ----D---- C:\Windows\Sun
2009-04-14 16:53:42 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-14 16:49:02 ----D---- C:\Users\Kyle\AppData\Roaming\vlc
2009-04-14 16:47:40 ----D---- C:\Program Files\VideoLAN
2009-04-14 16:43:09 ----D---- C:\Users\Kyle\AppData\Roaming\DivX
2009-04-14 16:42:01 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-04-14 16:41:50 ----D---- C:\Program Files\DivX
2009-04-14 16:26:48 ----D---- C:\Windows\pss
2009-04-14 16:22:49 ----D---- C:\Program Files\CCleaner
2009-04-14 16:20:36 ----D---- C:\Program Files\DVDFab 5
2009-04-14 16:15:45 ----A---- C:\Users\Kyle\AppData\Roaming\inst.exe
2009-04-14 16:15:44 ----D---- C:\Users\Kyle\AppData\Roaming\Vso
2009-04-14 16:15:40 ----A---- C:\Windows\system32\sipr3260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\Pncrt.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv43260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv33260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv23260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\cook3260.dll
2009-04-14 16:15:39 ----A---- C:\Windows\system32\wvc1dmod.dll
2009-04-14 16:15:39 ----A---- C:\Windows\system32\vp7vfw.dll
2009-04-14 16:15:37 ----D---- C:\Program Files\VSO
2009-04-14 16:09:35 ----D---- C:\Program Files\PowerISO
2009-04-14 16:08:52 ----D---- C:\Users\Kyle\AppData\Roaming\WinRAR
2009-04-14 16:08:09 ----D---- C:\Program Files\WinRAR
2009-04-14 16:07:58 ----D---- C:\Users\Kyle\AppData\Roaming\AdobeUM
2009-04-14 15:58:16 ----D---- C:\Program Files\BitPim
2009-04-14 15:53:57 ----D---- C:\Users\Kyle\AppData\Roaming\BitTorrent
2009-04-14 15:43:43 ----D---- C:\Users\Kyle\AppData\Roaming\Skype
2009-04-14 15:43:28 ----RD---- C:\Program Files\Skype
2009-04-14 15:43:23 ----D---- C:\ProgramData\Skype
2009-04-14 15:37:46 ----D---- C:\Program Files\Paint.NET
2009-04-14 12:33:28 ----D---- C:\Users\Kyle\AppData\Roaming\Intel
2009-04-14 09:24:11 ----D---- C:\Users\Kyle\AppData\Roaming\Stardock
2009-04-14 09:24:01 ----HDC---- C:\ProgramData\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-04-14 09:23:56 ----D---- C:\ProgramData\Stardock
2009-04-14 09:23:56 ----D---- C:\Program Files\Stardock
2009-04-14 00:34:22 ----A---- C:\Windows\system32\es.dll
2009-04-13 23:40:32 ----D---- C:\Users\Kyle\AppData\Roaming\DNA
2009-04-13 23:40:32 ----D---- C:\Program Files\DNA
2009-04-13 23:40:29 ----D---- C:\Program Files\BitTorrent
2009-04-13 23:08:05 ----D---- C:\Users\Kyle\AppData\Roaming\Apple Computer
2009-04-13 23:07:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-13 23:07:56 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-13 23:07:28 ----D---- C:\Program Files\iPod
2009-04-13 23:07:27 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 23:07:27 ----D---- C:\Program Files\iTunes
2009-04-13 23:07:05 ----D---- C:\Program Files\Bonjour
2009-04-13 23:06:14 ----D---- C:\Program Files\QuickTime
2009-04-13 23:06:13 ----D---- C:\ProgramData\Apple Computer
2009-04-13 23:05:56 ----D---- C:\Program Files\Apple Software Update
2009-04-13 23:04:58 ----D---- C:\ProgramData\Apple
2009-04-13 23:04:58 ----D---- C:\Program Files\Common Files\Apple
2009-04-13 20:14:13 ----D---- C:\Program Files\Microsoft Works
2009-04-13 20:13:57 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-13 20:13:57 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-13 20:13:33 ----D---- C:\Windows\PCHEALTH
2009-04-13 20:13:33 ----D---- C:\Program Files\Microsoft.NET
2009-04-13 20:10:40 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-04-13 20:09:52 ----D---- C:\ProgramData\Microsoft Help
2009-04-13 20:09:52 ----D---- C:\Program Files\Microsoft Office
2009-04-13 20:09:20 ----RHD---- C:\MSOCache
2009-04-13 19:43:45 ----D---- C:\Users\Kyle\AppData\Roaming\Adobe
2009-04-13 19:24:47 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\winipsec.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\polstore.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-04-13 19:22:59 ----A---- C:\Windows\system32\wtsapi32.dll
2009-04-13 19:22:56 ----A---- C:\Windows\system32\sysmain.dll
2009-04-13 19:22:55 ----A---- C:\Windows\system32\wlanapi.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlansvc.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlansec.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlanmsm.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlanhlp.dll
2009-04-13 19:22:02 ----A---- C:\Windows\system32\WebClnt.dll
2009-04-13 19:18:42 ----A---- C:\Windows\system32\gdi32.dll
2009-04-13 19:16:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-04-13 19:16:31 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-04-13 19:16:31 ----A---- C:\Windows\system32\gameux.dll
2009-04-13 19:15:43 ----A---- C:\Windows\system32\wmpeffects.dll
2009-04-13 19:14:58 ----A---- C:\Windows\system32\msxml3r.dll
2009-04-13 19:14:58 ----A---- C:\Windows\system32\msxml3.dll
2009-04-13 19:13:11 ----A---- C:\Windows\system32\netapi32.dll
2009-04-13 19:12:26 ----A---- C:\Windows\system32\tzres.dll
2009-04-13 19:09:20 ----A---- C:\Windows\system32\mcmde.dll
2009-04-13 19:09:20 ----A---- C:\Windows\system32\EncDec.dll
2009-04-13 19:09:19 ----A---- C:\Windows\system32\psisdecd.dll
2009-04-13 19:08:26 ----A---- C:\Windows\system32\wmploc.DLL
2009-04-13 19:08:25 ----A---- C:\Windows\system32\wmp.dll
2009-04-13 19:08:25 ----A---- C:\Windows\system32\spwmp.dll
2009-04-13 19:08:25 ----A---- C:\Windows\system32\dxmasf.dll
2009-04-13 19:07:11 ----A---- C:\Windows\system32\shell32.dll
2009-04-13 19:05:00 ----A---- C:\Windows\explorer.exe
2009-04-13 19:03:44 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-04-13 19:03:44 ----A---- C:\Windows\system32\netiougc.exe
2009-04-13 19:03:44 ----A---- C:\Windows\system32\netcfg.exe
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-04-13 19:02:44 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-04-13 19:02:44 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-04-13 19:02:42 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-04-13 19:02:42 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-04-13 19:02:38 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-04-13 19:02:38 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsData0046.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsData0045.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0049.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0047.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0039.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0022.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0021.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0020.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0027.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0026.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0024.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0011.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0010.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0019.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0018.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0013.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0003.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0002.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0001.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0000.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData004b.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData004a.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData0009.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData0007.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData004e.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData004c.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData003e.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData002a.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData001b.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData001a.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData001d.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000d.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000c.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000a.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData0416.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData0414.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData000f.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData081a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData0816.dll
2009-04-13 19:00:56 ----A---- C:\Windows\system32\fsquirt.exe
2009-04-13 19:00:12 ----A---- C:\Windows\system32\setupapi.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srdelayed.exe
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srcore.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srclient.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\rstrui.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\wpd_ci.dll
2009-04-13 18:59:44 ----A---- C:\Windows\system32\winresume.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\winload.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\kd1394.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\drvinst.exe
2009-04-13 18:59:43 ----A---- C:\Windows\system32\ci.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\oleaut32.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\nshhttp.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\lodctr.exe
2009-04-13 18:59:42 ----A---- C:\Windows\system32\kbd106n.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\dpx.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\unlodctr.exe
2009-04-13 18:59:41 ----A---- C:\Windows\system32\schedsvc.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\prflbmsg.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\loadperf.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\dispci.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\batt.dll
2009-04-13 18:57:23 ----A---- C:\Windows\system32\LAPRXY.DLL
2009-04-13 18:57:23 ----A---- C:\Windows\system32\asferror.dll
2009-04-13 18:57:22 ----A---- C:\Windows\system32\WMASF.DLL
2009-04-13 18:56:47 ----A---- C:\Windows\system32\slwmi.dll
2009-04-13 18:56:47 ----A---- C:\Windows\system32\SLC.dll
2009-04-13 18:56:47 ----A---- C:\Windows\system32\mcbuilder.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLUINotify.dll
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLUI.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLLUA.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-04-13 18:56:45 ----A---- C:\Windows\system32\SLsvc.exe
2009-04-13 18:56:45 ----A---- C:\Windows\system32\slcinst.dll
2009-04-13 18:56:00 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-04-13 18:56:00 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-04-13 18:55:59 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-04-13 18:54:42 ----A---- C:\Windows\system32\win32spl.dll
2009-04-13 18:54:42 ----A---- C:\Windows\system32\printcom.dll
2009-04-13 18:54:10 ----A---- C:\Windows\system32\wshrm.dll
2009-04-13 18:53:38 ----A---- C:\Windows\system32\sbunattend.exe
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnsapi.dll
2009-04-13 18:51:27 ----A---- C:\Windows\system32\schannel.dll
2009-04-13 18:49:00 ----A---- C:\Windows\system32\icardres.dll
2009-04-13 18:49:00 ----A---- C:\Windows\system32\icardagt.exe
2009-04-13 18:48:59 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-13 18:48:56 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-13 18:48:55 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-13 18:48:55 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-13 18:48:54 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-13 18:39:59 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-13 18:39:59 ----A---- C:\Windows\system32\dfshim.dll
2009-04-13 18:39:58 ----A---- C:\Windows\system32\mscoree.dll
2009-04-13 18:39:57 ----A---- C:\Windows\system32\mscories.dll
2009-04-13 18:39:57 ----A---- C:\Windows\system32\mscorier.dll
2009-04-13 18:34:09 ----SHD---- C:\System Volume Information
2009-04-13 18:29:21 ----A---- C:\Windows\system32\mfps.dll
2009-04-13 18:29:21 ----A---- C:\Windows\system32\mf.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\rrinstaller.exe
2009-04-13 18:29:20 ----A---- C:\Windows\system32\mfpmp.exe
2009-04-13 18:29:20 ----A---- C:\Windows\system32\mferror.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\logagent.exe
2009-04-13 18:29:19 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-04-13 18:29:04 ----A---- C:\Windows\system32\INETRES.dll
2009-04-13 18:29:04 ----A---- C:\Windows\system32\inetcomm.dll
2009-04-13 18:28:56 ----A---- C:\Windows\system32\connect.dll
2009-04-13 18:28:49 ----A---- C:\Windows\system32\quartz.dll
2009-04-13 18:28:30 ----D---- C:\Program Files\MSXML 4.0
2009-04-13 18:28:08 ----A---- C:\Windows\system32\msxml6r.dll
2009-04-13 18:28:08 ----A---- C:\Windows\system32\msxml6.dll
2009-04-13 17:58:18 ----D---- C:\Users\Kyle\AppData\Roaming\Mozilla
2009-04-13 17:52:42 ----D---- C:\Program Files\Mozilla Firefox
2009-04-13 17:51:56 ----D---- C:\Users\Kyle\AppData\Roaming\Macromedia
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wups2.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wucltux.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wuaueng.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wuauclt.exe
2009-04-13 17:47:00 ----A---- C:\Windows\system32\wups.dll
2009-04-13 17:47:00 ----A---- C:\Windows\system32\wudriver.dll
2009-04-13 17:46:59 ----A---- C:\Windows\system32\wuapi.dll
2009-04-13 17:46:22 ----A---- C:\Windows\system32\wuwebv.dll
2009-04-13 17:46:22 ----A---- C:\Windows\system32\wuapp.exe
2009-04-13 17:41:03 ----D---- C:\Users\Kyle\AppData\Roaming\Google
2009-04-13 17:39:41 ----HD---- C:\Users\Kyle\AppData\Roaming\GTek
2009-04-13 17:39:13 ----D---- C:\Users\Kyle\AppData\Roaming\Identities
2009-04-13 17:38:34 ----SD---- C:\Users\Kyle\AppData\Roaming\Microsoft
2009-04-13 17:38:34 ----D---- C:\Users\Kyle\AppData\Roaming\Media Center Programs
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Templates
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Start Menu
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Favorites
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Documents
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Desktop
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Application Data

======List of files/folders modified in the last 1 months======

2009-04-15 11:01:40 ----D---- C:\Windows\Temp
2009-04-15 10:59:00 ----D---- C:\Windows
2009-04-15 10:58:55 ----D---- C:\Program Files\McAfee
2009-04-15 10:57:47 ----RD---- C:\Program Files
2009-04-15 10:57:47 ----D---- C:\Windows\system32\drivers
2009-04-15 10:50:21 ----HD---- C:\ProgramData
2009-04-15 10:49:54 ----D---- C:\Windows\System32
2009-04-15 10:49:54 ----D---- C:\Windows\inf
2009-04-15 10:49:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-15 10:47:36 ----SHD---- C:\Windows\Installer
2009-04-15 10:47:36 ----D---- C:\Program Files\Dell
2009-04-15 10:44:02 ----D---- C:\Windows\winsxs
2009-04-15 10:43:56 ----D---- C:\Windows\system32\catroot
2009-04-15 10:41:39 ----D---- C:\Program Files\Windows Mail
2009-04-15 10:41:37 ----D---- C:\Windows\system32\wbem
2009-04-15 10:41:36 ----D---- C:\Windows\system32\manifeststore
2009-04-15 10:41:35 ----D---- C:\Windows\AppPatch
2009-04-15 10:41:32 ----D---- C:\Windows\system32\migration
2009-04-15 10:41:32 ----D---- C:\Program Files\Internet Explorer
2009-04-14 21:32:33 ----D---- C:\Windows\system32\catroot2
2009-04-14 19:39:40 ----D---- C:\Windows\system32\WDI
2009-04-14 17:10:19 ----D---- C:\Windows\Prefetch
2009-04-14 16:53:42 ----D---- C:\Program Files\Common Files
2009-04-14 16:30:42 ----D---- C:\Program Files\Google
2009-04-14 15:43:40 ----D---- C:\Windows\system32\Tasks
2009-04-14 15:38:29 ----RSD---- C:\Windows\assembly
2009-04-14 13:09:26 ----D---- C:\Windows\Microsoft.NET
2009-04-14 12:37:04 ----D---- C:\Windows\system32\NDF
2009-04-14 09:05:21 ----D---- C:\Windows\servicing
2009-04-14 00:31:43 ----D---- C:\ProgramData\NVIDIA
2009-04-13 22:01:48 ----D---- C:\ProgramData\Dell
2009-04-13 20:34:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-13 20:34:00 ----A---- C:\Windows\win.ini
2009-04-13 20:14:06 ----D---- C:\Program Files\MSBuild
2009-04-13 20:13:53 ----D---- C:\Windows\ShellNew
2009-04-13 20:13:40 ----RSD---- C:\Windows\Fonts
2009-04-13 20:13:33 ----SD---- C:\ProgramData\Microsoft
2009-04-13 20:10:24 ----D---- C:\Program Files\Common Files\System
2009-04-13 19:38:45 ----ASH---- C:\Program Files\desktop.ini
2009-04-13 19:38:38 ----D---- C:\Windows\rescache
2009-04-13 19:34:50 ----D---- C:\DELL
2009-04-13 19:33:23 ----D---- C:\Windows\system32\en-US
2009-04-13 19:33:10 ----D---- C:\Windows\ehome
2009-04-13 19:33:09 ----D---- C:\Program Files\Windows Media Player
2009-04-13 19:32:58 ----D---- C:\Windows\system32\SLUI
2009-04-13 19:32:57 ----D---- C:\Program Files\Windows Sidebar
2009-04-13 19:32:55 ----D---- C:\Windows\system32\XPSViewer
2009-04-13 19:13:41 ----D---- C:\Windows\Debug
2009-04-13 18:28:15 ----D---- C:\Windows\SoftwareDistribution
2009-04-13 17:54:33 ----D---- C:\Windows\Logs
2009-04-13 17:39:31 ----SHD---- C:\$Recycle.Bin
2009-04-13 17:38:34 ----RD---- C:\Users
2009-04-06 09:57:24 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-01-16 213640]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 {2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files\Dell\MediaDirect\000.fcl [2007-04-02 13560]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-07 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-07 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-07 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-07 155136]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-13 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-13 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-04-13 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-01-16 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-01-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-01-16 40552]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-04-14 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-12-27 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-28 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-04-13 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 278528]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-13 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-01-16 34216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaNvStor;Intel® Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-28 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2007-12-26 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2007-04-09 44032]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-28 102400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-16 606736]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-17 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

#26 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 15 April 2009 - 12:55 PM

Thanks for the logs.

Have you rebooted your computer after running MBAM ? If not please reboot first.

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@ECHO OFF
IF EXIST log.txt DEL log.txt
ECHO Deleting files>>log.txt
FOR %%I in (
C:\ProgramData\zepepewa
C:\ProgramData\mapefubo
C:\ProgramData\gewiluje
C:\ProgramData\rurimita
C:\ProgramData\vubebiye
C:\ProgramData\nazesuna
C:\ProgramData\nekularu
C:\ProgramData\dehaziku
C:\ProgramData\botireyo
C:\ProgramData\rugawaba
C:\ProgramData\wumoyuvo
C:\ProgramData\kahowuhi) DO (
IF EXIST %%I (
RD /S /Q %%I
IF EXIST %%I (
ECHO %%I not deleted>>log.txt
) ELSE (
ECHO %%I deleted successfully>>log.txt)
) ELSE (
ECHO %%I not found>>log.txt))
NOTEPAD log.txt
del %0
  • Select save in:desktop
  • Fill in File name: remove.bat
  • Save as type: All file types (*.*)
  • Click Save and close the Notepad.
  • Double-click remove.bat on the desktop.
  • Copy/paste the content of the log.txt which opens up.


#27 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 15 April 2009 - 01:57 PM

Yes, I did reboot after running MBAM. Here is the log:

Deleting files
C:\ProgramData\zepepewa deleted successfully
C:\ProgramData\mapefubo deleted successfully
C:\ProgramData\gewiluje deleted successfully
C:\ProgramData\rurimita deleted successfully
C:\ProgramData\vubebiye deleted successfully
C:\ProgramData\nazesuna deleted successfully
C:\ProgramData\nekularu deleted successfully
C:\ProgramData\dehaziku deleted successfully
C:\ProgramData\botireyo deleted successfully
C:\ProgramData\rugawaba deleted successfully
C:\ProgramData\wumoyuvo deleted successfully
C:\ProgramData\kahowuhi deleted successfully

#28 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 15 April 2009 - 02:05 PM

It looks good but I want to make sure of any inactive malware.
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java or Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
  • Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
    • Click on I Agree.
    • If an Active X warning box will appear Click on Install.
      Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
      "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
      Click on that and select: Install Active x.
    • Now Click On Start Scan. Please wait as it might take some time.
    • If it found anything when it finished click Click here to export the scan report
    • Give the report a name and save it. The file will be a .HTML file.
    • Please attach the file to your reply.
    • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
    • Highlight the file and click Open then press the green UPLOAD button.
  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply for final review and tell me how is your computer running.
Please include in your next reply:
  • The BitDefender log.
  • The RSIT log.
  • Any comment or feedback about how it went and how is the computer running.


#29 KBrady3905

KBrady3905
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:02 PM

Posted 15 April 2009 - 04:40 PM

BitDefender detected no virus's. I saved a copy of the html file saying just that and can attach if you would like. With JRE, the version available to download was JRE 6 update 13, so I went ahead and downloaded and installed, per your directions, update 13 instead of 12. My computer is running fine, I noticed the time between logging into the computer and being at the desktop with all startup programs running has improved slightly. Here is the RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kyle at 2009-04-15 16:34:38
Microsoft® Windows Vista™ Home Premium
System drive C: has 19 GB (11%) free of 178 GB
Total RAM: 3069 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:43 PM, on 4/15/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Kyle\Program Files\DNA\btdna.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyle\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kyle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Kyle\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10007 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-01-16 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-12-26 2554680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-12-26 325048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-15 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-12-26 2554680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-12-27 1006264]
"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-07 159744]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-08-28 36864]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-28 405504]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-15 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Users\Kyle\Program Files\DNA\btdna.exe [2009-04-14 321344]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-13 1232896]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-17 86528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03a717e6-288c-11de-8202-001dd9e8a260}]
shell\AutoRun\command - G:\wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 2 months======

2009-04-15 14:21:16 ----D---- C:\Windows\BDOSCAN8
2009-04-15 14:19:09 ----A---- C:\Windows\system32\javaws.exe
2009-04-15 14:19:09 ----A---- C:\Windows\system32\javaw.exe
2009-04-15 14:19:09 ----A---- C:\Windows\system32\java.exe
2009-04-15 14:19:09 ----A---- C:\Windows\system32\deploytk.dll
2009-04-15 10:50:26 ----D---- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2009-04-15 10:50:21 ----D---- C:\ProgramData\Malwarebytes
2009-04-15 10:50:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-14 21:37:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-14 21:37:01 ----A---- C:\Windows\system32\kernel32.dll
2009-04-14 21:37:00 ----A---- C:\Windows\system32\secur32.dll
2009-04-14 21:36:58 ----A---- C:\Windows\system32\lsass.exe
2009-04-14 21:36:58 ----A---- C:\Windows\system32\apilogen.dll
2009-04-14 21:36:58 ----A---- C:\Windows\system32\amxread.dll
2009-04-14 21:36:47 ----A---- C:\Windows\system32\winhttp.dll
2009-04-14 21:36:43 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-14 21:36:43 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-14 21:34:21 ----A---- C:\Windows\system32\rpcss.dll
2009-04-14 21:34:18 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-14 21:34:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-14 21:34:18 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-14 21:34:17 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-14 21:34:15 ----A---- C:\Windows\system32\iasads.dll
2009-04-14 21:33:16 ----A---- C:\Windows\system32\mshtml.dll
2009-04-14 21:33:15 ----A---- C:\Windows\system32\ieframe.dll
2009-04-14 21:33:13 ----A---- C:\Windows\system32\wininet.dll
2009-04-14 21:33:13 ----A---- C:\Windows\system32\urlmon.dll
2009-04-14 21:33:13 ----A---- C:\Windows\system32\mstime.dll
2009-04-14 21:33:11 ----A---- C:\Windows\system32\ieapfltr.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\mshtmled.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\iertutil.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-14 21:33:10 ----A---- C:\Windows\system32\ie4uinit.exe
2009-04-14 21:33:10 ----A---- C:\Windows\system32\icardie.dll
2009-04-14 21:33:09 ----A---- C:\Windows\system32\dxtmsft.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\pngfilt.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\occache.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-14 21:33:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-14 21:33:06 ----A---- C:\Windows\system32\dxtrans.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-14 21:33:04 ----A---- C:\Windows\system32\iernonce.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\ieencode.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\advpack.dll
2009-04-14 21:33:04 ----A---- C:\Windows\system32\admparse.dll
2009-04-14 21:33:02 ----A---- C:\Windows\system32\ieui.dll
2009-04-14 21:33:01 ----A---- C:\Windows\system32\iesetup.dll
2009-04-14 21:32:58 ----A---- C:\Windows\system32\mshtmler.dll
2009-04-14 21:32:58 ----A---- C:\Windows\system32\ieakui.dll
2009-04-14 19:29:55 ----D---- C:\Program Files\trend micro
2009-04-14 19:29:54 ----D---- C:\rsit
2009-04-14 17:26:09 ----D---- C:\Windows\Sun
2009-04-14 16:53:42 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-14 16:49:02 ----D---- C:\Users\Kyle\AppData\Roaming\vlc
2009-04-14 16:47:40 ----D---- C:\Program Files\VideoLAN
2009-04-14 16:43:09 ----D---- C:\Users\Kyle\AppData\Roaming\DivX
2009-04-14 16:42:01 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-04-14 16:41:50 ----D---- C:\Program Files\DivX
2009-04-14 16:26:48 ----D---- C:\Windows\pss
2009-04-14 16:22:49 ----D---- C:\Program Files\CCleaner
2009-04-14 16:20:36 ----D---- C:\Program Files\DVDFab 5
2009-04-14 16:15:45 ----A---- C:\Users\Kyle\AppData\Roaming\inst.exe
2009-04-14 16:15:44 ----D---- C:\Users\Kyle\AppData\Roaming\Vso
2009-04-14 16:15:40 ----A---- C:\Windows\system32\sipr3260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\Pncrt.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv43260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv33260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\drv23260.dll
2009-04-14 16:15:40 ----A---- C:\Windows\system32\cook3260.dll
2009-04-14 16:15:39 ----A---- C:\Windows\system32\wvc1dmod.dll
2009-04-14 16:15:39 ----A---- C:\Windows\system32\vp7vfw.dll
2009-04-14 16:15:37 ----D---- C:\Program Files\VSO
2009-04-14 16:09:35 ----D---- C:\Program Files\PowerISO
2009-04-14 16:08:52 ----D---- C:\Users\Kyle\AppData\Roaming\WinRAR
2009-04-14 16:08:09 ----D---- C:\Program Files\WinRAR
2009-04-14 16:07:58 ----D---- C:\Users\Kyle\AppData\Roaming\AdobeUM
2009-04-14 15:58:16 ----D---- C:\Program Files\BitPim
2009-04-14 15:53:57 ----D---- C:\Users\Kyle\AppData\Roaming\BitTorrent
2009-04-14 15:43:43 ----D---- C:\Users\Kyle\AppData\Roaming\Skype
2009-04-14 15:43:28 ----RD---- C:\Program Files\Skype
2009-04-14 15:43:23 ----D---- C:\ProgramData\Skype
2009-04-14 15:37:46 ----D---- C:\Program Files\Paint.NET
2009-04-14 12:33:28 ----D---- C:\Users\Kyle\AppData\Roaming\Intel
2009-04-14 09:24:11 ----D---- C:\Users\Kyle\AppData\Roaming\Stardock
2009-04-14 09:24:01 ----HDC---- C:\ProgramData\{62902F53-D725-44F9-B385-979CC0E00E8A}
2009-04-14 09:23:56 ----D---- C:\ProgramData\Stardock
2009-04-14 09:23:56 ----D---- C:\Program Files\Stardock
2009-04-14 00:34:22 ----A---- C:\Windows\system32\es.dll
2009-04-13 23:40:32 ----D---- C:\Users\Kyle\AppData\Roaming\DNA
2009-04-13 23:40:32 ----D---- C:\Program Files\DNA
2009-04-13 23:40:29 ----D---- C:\Program Files\BitTorrent
2009-04-13 23:08:05 ----D---- C:\Users\Kyle\AppData\Roaming\Apple Computer
2009-04-13 23:07:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-13 23:07:56 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-13 23:07:28 ----D---- C:\Program Files\iPod
2009-04-13 23:07:27 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 23:07:27 ----D---- C:\Program Files\iTunes
2009-04-13 23:07:05 ----D---- C:\Program Files\Bonjour
2009-04-13 23:06:14 ----D---- C:\Program Files\QuickTime
2009-04-13 23:06:13 ----D---- C:\ProgramData\Apple Computer
2009-04-13 23:05:56 ----D---- C:\Program Files\Apple Software Update
2009-04-13 23:04:58 ----D---- C:\ProgramData\Apple
2009-04-13 23:04:58 ----D---- C:\Program Files\Common Files\Apple
2009-04-13 20:14:13 ----D---- C:\Program Files\Microsoft Works
2009-04-13 20:13:57 ----D---- C:\Program Files\Microsoft Visual Studio
2009-04-13 20:13:57 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-13 20:13:33 ----D---- C:\Windows\PCHEALTH
2009-04-13 20:13:33 ----D---- C:\Program Files\Microsoft.NET
2009-04-13 20:10:40 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-04-13 20:09:52 ----D---- C:\ProgramData\Microsoft Help
2009-04-13 20:09:52 ----D---- C:\Program Files\Microsoft Office
2009-04-13 20:09:20 ----RHD---- C:\MSOCache
2009-04-13 19:43:45 ----D---- C:\Users\Kyle\AppData\Roaming\Adobe
2009-04-13 19:24:47 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\winipsec.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\polstore.dll
2009-04-13 19:24:46 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-04-13 19:23:53 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-04-13 19:22:59 ----A---- C:\Windows\system32\wtsapi32.dll
2009-04-13 19:22:56 ----A---- C:\Windows\system32\sysmain.dll
2009-04-13 19:22:55 ----A---- C:\Windows\system32\wlanapi.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlansvc.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlansec.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlanmsm.dll
2009-04-13 19:22:54 ----A---- C:\Windows\system32\wlanhlp.dll
2009-04-13 19:22:02 ----A---- C:\Windows\system32\WebClnt.dll
2009-04-13 19:18:42 ----A---- C:\Windows\system32\gdi32.dll
2009-04-13 19:16:33 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-04-13 19:16:31 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-04-13 19:16:31 ----A---- C:\Windows\system32\gameux.dll
2009-04-13 19:15:43 ----A---- C:\Windows\system32\wmpeffects.dll
2009-04-13 19:14:58 ----A---- C:\Windows\system32\msxml3r.dll
2009-04-13 19:14:58 ----A---- C:\Windows\system32\msxml3.dll
2009-04-13 19:13:11 ----A---- C:\Windows\system32\netapi32.dll
2009-04-13 19:12:26 ----A---- C:\Windows\system32\tzres.dll
2009-04-13 19:09:20 ----A---- C:\Windows\system32\mcmde.dll
2009-04-13 19:09:20 ----A---- C:\Windows\system32\EncDec.dll
2009-04-13 19:09:19 ----A---- C:\Windows\system32\psisdecd.dll
2009-04-13 19:08:26 ----A---- C:\Windows\system32\wmploc.DLL
2009-04-13 19:08:25 ----A---- C:\Windows\system32\wmp.dll
2009-04-13 19:08:25 ----A---- C:\Windows\system32\spwmp.dll
2009-04-13 19:08:25 ----A---- C:\Windows\system32\dxmasf.dll
2009-04-13 19:07:11 ----A---- C:\Windows\system32\shell32.dll
2009-04-13 19:05:00 ----A---- C:\Windows\explorer.exe
2009-04-13 19:03:44 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-04-13 19:03:44 ----A---- C:\Windows\system32\netiougc.exe
2009-04-13 19:03:44 ----A---- C:\Windows\system32\netcfg.exe
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-04-13 19:02:46 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-04-13 19:02:45 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-04-13 19:02:44 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-04-13 19:02:44 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-04-13 19:02:43 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-04-13 19:02:42 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-04-13 19:02:42 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-04-13 19:02:41 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-04-13 19:02:40 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-04-13 19:02:39 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-04-13 19:02:38 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-04-13 19:02:38 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-04-13 19:02:37 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-04-13 19:02:36 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsData0046.dll
2009-04-13 19:02:35 ----A---- C:\Windows\system32\NlsData0045.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0049.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0047.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0039.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0022.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0021.dll
2009-04-13 19:02:34 ----A---- C:\Windows\system32\NlsData0020.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0027.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0026.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0024.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0011.dll
2009-04-13 19:02:33 ----A---- C:\Windows\system32\NlsData0010.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0019.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0018.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0013.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0003.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0002.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0001.dll
2009-04-13 19:02:32 ----A---- C:\Windows\system32\NlsData0000.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData004b.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData004a.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData0009.dll
2009-04-13 19:02:31 ----A---- C:\Windows\system32\NlsData0007.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData004e.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData004c.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData003e.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData002a.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData001b.dll
2009-04-13 19:02:30 ----A---- C:\Windows\system32\NlsData001a.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData001d.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000d.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000c.dll
2009-04-13 19:02:29 ----A---- C:\Windows\system32\NlsData000a.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData0416.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData0414.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NlsData000f.dll
2009-04-13 19:02:28 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData081a.dll
2009-04-13 19:02:27 ----A---- C:\Windows\system32\NlsData0816.dll
2009-04-13 19:00:56 ----A---- C:\Windows\system32\fsquirt.exe
2009-04-13 19:00:12 ----A---- C:\Windows\system32\setupapi.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srdelayed.exe
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srcore.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\srclient.dll
2009-04-13 18:59:45 ----A---- C:\Windows\system32\rstrui.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\wpd_ci.dll
2009-04-13 18:59:44 ----A---- C:\Windows\system32\winresume.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\winload.exe
2009-04-13 18:59:44 ----A---- C:\Windows\system32\kd1394.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\drvinst.exe
2009-04-13 18:59:43 ----A---- C:\Windows\system32\ci.dll
2009-04-13 18:59:43 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\oleaut32.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\nshhttp.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\lodctr.exe
2009-04-13 18:59:42 ----A---- C:\Windows\system32\kbd106n.dll
2009-04-13 18:59:42 ----A---- C:\Windows\system32\dpx.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\unlodctr.exe
2009-04-13 18:59:41 ----A---- C:\Windows\system32\schedsvc.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\prflbmsg.dll
2009-04-13 18:59:41 ----A---- C:\Windows\system32\loadperf.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\dispci.dll
2009-04-13 18:59:40 ----A---- C:\Windows\system32\batt.dll
2009-04-13 18:57:23 ----A---- C:\Windows\system32\LAPRXY.DLL
2009-04-13 18:57:23 ----A---- C:\Windows\system32\asferror.dll
2009-04-13 18:57:22 ----A---- C:\Windows\system32\WMASF.DLL
2009-04-13 18:56:47 ----A---- C:\Windows\system32\slwmi.dll
2009-04-13 18:56:47 ----A---- C:\Windows\system32\SLC.dll
2009-04-13 18:56:47 ----A---- C:\Windows\system32\mcbuilder.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLUINotify.dll
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLUI.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLLUA.exe
2009-04-13 18:56:46 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-04-13 18:56:45 ----A---- C:\Windows\system32\SLsvc.exe
2009-04-13 18:56:45 ----A---- C:\Windows\system32\slcinst.dll
2009-04-13 18:56:00 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-04-13 18:56:00 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-04-13 18:55:59 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-04-13 18:54:42 ----A---- C:\Windows\system32\win32spl.dll
2009-04-13 18:54:42 ----A---- C:\Windows\system32\printcom.dll
2009-04-13 18:54:10 ----A---- C:\Windows\system32\wshrm.dll
2009-04-13 18:53:38 ----A---- C:\Windows\system32\sbunattend.exe
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-04-13 18:51:58 ----A---- C:\Windows\system32\dnsapi.dll
2009-04-13 18:51:27 ----A---- C:\Windows\system32\schannel.dll
2009-04-13 18:49:00 ----A---- C:\Windows\system32\icardres.dll
2009-04-13 18:49:00 ----A---- C:\Windows\system32\icardagt.exe
2009-04-13 18:48:59 ----A---- C:\Windows\system32\infocardapi.dll
2009-04-13 18:48:56 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-13 18:48:55 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-04-13 18:48:55 ----A---- C:\Windows\system32\PresentationHost.exe
2009-04-13 18:48:54 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-04-13 18:39:59 ----A---- C:\Windows\system32\netfxperf.dll
2009-04-13 18:39:59 ----A---- C:\Windows\system32\dfshim.dll
2009-04-13 18:39:58 ----A---- C:\Windows\system32\mscoree.dll
2009-04-13 18:39:57 ----A---- C:\Windows\system32\mscories.dll
2009-04-13 18:39:57 ----A---- C:\Windows\system32\mscorier.dll
2009-04-13 18:34:09 ----SHD---- C:\System Volume Information
2009-04-13 18:29:21 ----A---- C:\Windows\system32\mfps.dll
2009-04-13 18:29:21 ----A---- C:\Windows\system32\mf.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\rrinstaller.exe
2009-04-13 18:29:20 ----A---- C:\Windows\system32\mfpmp.exe
2009-04-13 18:29:20 ----A---- C:\Windows\system32\mferror.dll
2009-04-13 18:29:20 ----A---- C:\Windows\system32\logagent.exe
2009-04-13 18:29:19 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-04-13 18:29:04 ----A---- C:\Windows\system32\INETRES.dll
2009-04-13 18:29:04 ----A---- C:\Windows\system32\inetcomm.dll
2009-04-13 18:28:56 ----A---- C:\Windows\system32\connect.dll
2009-04-13 18:28:49 ----A---- C:\Windows\system32\quartz.dll
2009-04-13 18:28:30 ----D---- C:\Program Files\MSXML 4.0
2009-04-13 18:28:08 ----A---- C:\Windows\system32\msxml6r.dll
2009-04-13 18:28:08 ----A---- C:\Windows\system32\msxml6.dll
2009-04-13 17:58:18 ----D---- C:\Users\Kyle\AppData\Roaming\Mozilla
2009-04-13 17:52:42 ----D---- C:\Program Files\Mozilla Firefox
2009-04-13 17:51:56 ----D---- C:\Users\Kyle\AppData\Roaming\Macromedia
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wups2.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wucltux.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wuaueng.dll
2009-04-13 17:48:05 ----A---- C:\Windows\system32\wuauclt.exe
2009-04-13 17:47:00 ----A---- C:\Windows\system32\wups.dll
2009-04-13 17:47:00 ----A---- C:\Windows\system32\wudriver.dll
2009-04-13 17:46:59 ----A---- C:\Windows\system32\wuapi.dll
2009-04-13 17:46:22 ----A---- C:\Windows\system32\wuwebv.dll
2009-04-13 17:46:22 ----A---- C:\Windows\system32\wuapp.exe
2009-04-13 17:41:03 ----D---- C:\Users\Kyle\AppData\Roaming\Google
2009-04-13 17:39:41 ----HD---- C:\Users\Kyle\AppData\Roaming\GTek
2009-04-13 17:39:13 ----D---- C:\Users\Kyle\AppData\Roaming\Identities
2009-04-13 17:38:34 ----SD---- C:\Users\Kyle\AppData\Roaming\Microsoft
2009-04-13 17:38:34 ----D---- C:\Users\Kyle\AppData\Roaming\Media Center Programs
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Templates
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Start Menu
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Favorites
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Documents
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Desktop
2009-04-13 17:35:12 ----SHD---- C:\ProgramData\Application Data
2009-02-24 14:34:16 ----A---- C:\Windows\system32\dpl100.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx11.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx0c.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx0a.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\divx_xx07.dll
2009-02-24 14:34:14 ----A---- C:\Windows\system32\DivX.dll

======List of files/folders modified in the last 2 months======

2009-04-15 16:34:43 ----D---- C:\Windows\Prefetch
2009-04-15 16:34:39 ----D---- C:\Windows\Temp
2009-04-15 14:23:36 ----D---- C:\Windows\System32
2009-04-15 14:23:36 ----D---- C:\Windows\inf
2009-04-15 14:23:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-15 14:22:47 ----SD---- C:\Windows\Downloaded Program Files
2009-04-15 14:21:17 ----D---- C:\Windows
2009-04-15 14:19:13 ----SHD---- C:\Windows\Installer
2009-04-15 14:18:03 ----D---- C:\Program Files\Java
2009-04-15 14:13:42 ----D---- C:\Program Files\Common Files
2009-04-15 13:57:06 ----HD---- C:\ProgramData
2009-04-15 10:58:55 ----D---- C:\Program Files\McAfee
2009-04-15 10:57:47 ----RD---- C:\Program Files
2009-04-15 10:57:47 ----D---- C:\Windows\system32\drivers
2009-04-15 10:47:36 ----D---- C:\Program Files\Dell
2009-04-15 10:44:02 ----D---- C:\Windows\winsxs
2009-04-15 10:43:56 ----D---- C:\Windows\system32\catroot
2009-04-15 10:41:39 ----D---- C:\Program Files\Windows Mail
2009-04-15 10:41:37 ----D---- C:\Windows\system32\wbem
2009-04-15 10:41:36 ----D---- C:\Windows\system32\manifeststore
2009-04-15 10:41:35 ----D---- C:\Windows\AppPatch
2009-04-15 10:41:32 ----D---- C:\Windows\system32\migration
2009-04-15 10:41:32 ----D---- C:\Program Files\Internet Explorer
2009-04-14 21:32:33 ----D---- C:\Windows\system32\catroot2
2009-04-14 19:39:40 ----D---- C:\Windows\system32\WDI
2009-04-14 16:30:42 ----D---- C:\Program Files\Google
2009-04-14 15:43:40 ----D---- C:\Windows\system32\Tasks
2009-04-14 15:38:29 ----RSD---- C:\Windows\assembly
2009-04-14 13:09:26 ----D---- C:\Windows\Microsoft.NET
2009-04-14 12:37:04 ----D---- C:\Windows\system32\NDF
2009-04-14 09:05:21 ----D---- C:\Windows\servicing
2009-04-14 00:31:43 ----D---- C:\ProgramData\NVIDIA
2009-04-13 22:01:48 ----D---- C:\ProgramData\Dell
2009-04-13 20:34:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-13 20:34:00 ----A---- C:\Windows\win.ini
2009-04-13 20:14:06 ----D---- C:\Program Files\MSBuild
2009-04-13 20:13:53 ----D---- C:\Windows\ShellNew
2009-04-13 20:13:40 ----RSD---- C:\Windows\Fonts
2009-04-13 20:13:33 ----SD---- C:\ProgramData\Microsoft
2009-04-13 20:10:24 ----D---- C:\Program Files\Common Files\System
2009-04-13 19:38:45 ----ASH---- C:\Program Files\desktop.ini
2009-04-13 19:38:38 ----D---- C:\Windows\rescache
2009-04-13 19:34:50 ----D---- C:\DELL
2009-04-13 19:33:23 ----D---- C:\Windows\system32\en-US
2009-04-13 19:33:10 ----D---- C:\Windows\ehome
2009-04-13 19:33:09 ----D---- C:\Program Files\Windows Media Player
2009-04-13 19:32:58 ----D---- C:\Windows\system32\SLUI
2009-04-13 19:32:57 ----D---- C:\Program Files\Windows Sidebar
2009-04-13 19:32:55 ----D---- C:\Windows\system32\XPSViewer
2009-04-13 19:13:41 ----D---- C:\Windows\Debug
2009-04-13 18:28:15 ----D---- C:\Windows\SoftwareDistribution
2009-04-13 17:54:33 ----D---- C:\Windows\Logs
2009-04-13 17:39:31 ----SHD---- C:\$Recycle.Bin
2009-04-13 17:38:34 ----RD---- C:\Users
2009-04-06 09:57:24 ----A---- C:\Windows\system32\mrt.exe
2009-02-24 14:35:32 ----N---- C:\Windows\system32\VXBLOCK.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxWave.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxSFS.DLL
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxMas.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\pxdrv.dll
2009-02-24 14:35:32 ----N---- C:\Windows\system32\PxAFS.DLL
2009-02-24 14:35:32 ----N---- C:\Windows\system32\Px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-01-16 213640]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 {2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{2E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; \??\C:\Program Files\Dell\MediaDirect\000.fcl [2007-04-02 13560]
R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-07 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-07 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-07 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-07 155136]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-13 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-13 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-04-13 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-01-16 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-01-16 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-01-16 40552]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 7424]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-04-14 47360]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-12-27 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-28 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-04-13 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 278528]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-13 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-01-16 34216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaNvStor;Intel® Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-28 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2007-12-26 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2007-04-09 44032]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-01-16 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-01-09 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-28 102400]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-01-16 606736]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-26 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-01-17 365072]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

#30 Farbar

Farbar

    Just Curious


  • Security Developer
  • 20,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:02 PM

Posted 16 April 2009 - 02:01 AM

Everything looks good. :thumbup2:
  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
To remove the old restore points:
  • Go to Start > Run then type: Cleanmgr in the box and click "OK".
  • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
  • Click OK and Yes.

Optional Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.
Happy surfing!

Edited by farbar, 16 April 2009 - 02:03 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users