Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CiD Popups


  • This topic is locked This topic is locked
13 replies to this topic

#1 Mrparkers

Mrparkers

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 13 October 2008 - 07:12 PM

Well, I had an old thread on this but I waited a little too long to respond and it got closed. So, I'll repost it with my new HijackThis log. The problem is basically that these annoying popups with 'CiD' in the corner keep popping up on my computer, and I really want to get rid of them. Here's my HijackThis log:

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\HP Bluetooth Laser Mobile Mouse\MulMouse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\java.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Parker Family\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\PARKER~1\DOCUME~1\DAH\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GhostSurfDelSatellite] C:\Users\Parker Family\Documents\Galkon's Pride\GhostSurf 2005\DeleteSatellite.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Users\Parker Family\Documents\Galkon's Pride\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [defy joy] "C:\ProgramData\City Phone Phone.eyojq"
O4 - HKCU\..\Run: [vc log bows face] "C:\ProgramData\Corn Coal Keep.la5j3b"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: HP Bluetooth Laser Mobile Mouse.lnk = C:\Program Files\HP Bluetooth Laser Mobile Mouse\MulMouse.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\PARKER~1\DOCUME~1\DAH\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\PARKER~1\DOCUME~1\DAH\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://access.foley.com/dana-cached/sc/Jun...SetupClient.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Users\Parker Family\Documents\DAH\~\My Server\474\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Users\Parker Family\Documents\DAH\~\My Server\474\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - ~\My Server\474\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecureSrv - Unknown owner - C:\Users\Parker Family\Documents\Server\STUFFZ\Hide My IP 2007\SecureSrv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13076 bytes

Thanks in advance!

Edited by PropagandaPanda, 18 October 2008 - 10:44 AM.
remove code box


BC AdBot (Login to Remove)

 


m

#2 Mrparkers

Mrparkers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 13 October 2008 - 09:07 PM

Just recently my Anti Virus detected something called Packed.Generic.189. Here's a picture

Posted Image

I have no idea what it is, maybe that's contributing to the popups?

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 18 October 2008 - 10:45 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Download and Run Lop S&D
You can find a detailed instructions with visuals here:
http://eric.71.mespages.googlepages.com/lop.sd.en
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 1 followed by Enter to selection option 1, Search.
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.


Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#4 Mrparkers

Mrparkers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 18 October 2008 - 11:18 AM

Hi Pandy

Thanks a lot for helping me. Well to start, my OTViewIt program gave me an error after it took a long time scanning the process 'Apache2.2'. Here's a picture of the error:

Posted Image

Here's my Lop S&D Log:

--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-64 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Parker Family ( Administrator )
BOOT : Normal boot
Antivirus : Norton Security Online 2007 (Activated)
Firewall : Norton Security Online 2007 (Activated)
C:\ (Local Disk) - NTFS - Total : 140 Go Free : 94 Go
D:\ (Local Disk) - NTFS - Total : 8 Go Free : 1 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( Sat 10/18/2008|11:09 )

[ UAC => 0 ]

--------------------\\ Listing folders in Local

[12/23/2007|04:47] C:\Users\PARKER~1\AppData\Local\<DIR> Adobe
[01/10/2008|05:15] C:\Users\PARKER~1\AppData\Local\<DIR> AOL
[01/10/2008|05:15] C:\Users\PARKER~1\AppData\Local\<DIR> AOL OCP
[09/07/2008|11:12] C:\Users\PARKER~1\AppData\Local\<DIR> Apple
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> Application Data
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 AtStart.txt
[10/11/2008|10:36] C:\Users\PARKER~1\AppData\Local\8,704 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 DSwitch.txt
[07/08/2008|08:38] C:\Users\PARKER~1\AppData\Local\109,080 GDIPFONTCACHEV1.DAT
[12/28/2007|01:44] C:\Users\PARKER~1\AppData\Local\<DIR> Google
[11/29/2007|07:42] C:\Users\PARKER~1\AppData\Local\<DIR> Hewlett-Packard
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> History
[12/29/2007|10:23] C:\Users\PARKER~1\AppData\Local\<DIR> HP Guide
[10/16/2008|09:15] C:\Users\PARKER~1\AppData\Local\2,408,786 IconCache.db
[11/29/2007|10:07] C:\Users\PARKER~1\AppData\Local\<DIR> IsolatedStorage
[04/10/2008|09:41] C:\Users\PARKER~1\AppData\Local\<DIR> Microsoft
[03/12/2008|05:04] C:\Users\PARKER~1\AppData\Local\<DIR> Microsoft Help
[03/21/2008|01:57] C:\Users\PARKER~1\AppData\Local\<DIR> Mozilla
[12/15/2007|08:20] C:\Users\PARKER~1\AppData\Local\<DIR> My Games
[08/07/2008|03:16] C:\Users\PARKER~1\AppData\Local\<DIR> Opera
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 QSwitch.txt
[02/02/2008|03:19] C:\Users\PARKER~1\AppData\Local\<DIR> QuickPlay
[10/18/2008|11:07] C:\Users\PARKER~1\AppData\Local\<DIR> Temp
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> Temporary Internet Files
[02/02/2008|03:14] C:\Users\PARKER~1\AppData\Local\<DIR> VirtualStore
[12/28/2007|11:58] C:\Users\PARKER~1\AppData\Local\<DIR> WindowsUpdate

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[10/13/2008 09:49 PM][--a------] C:\Windows\tasks\Norton Security Online - Run Full System Scan - Parker Family.job
[10/16/2008 09:18 AM][--ah-----] C:\Windows\tasks\SA.DAT
[10/16/2008 09:16 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[08/04/2007|09:33] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/13/2008|06:48] C:\ProgramData\<DIR> Adobe
[01/10/2008|05:11] C:\ProgramData\<DIR> AOL
[01/10/2008|05:16] C:\ProgramData\<DIR> AOL OCP
[09/07/2008|11:12] C:\ProgramData\<DIR> Apple
[09/07/2008|11:15] C:\ProgramData\<DIR> Apple Computer
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Application Data
[08/04/2008|07:18] C:\ProgramData\<DIR> CA
[07/05/2008|05:15] C:\ProgramData\16 City Phone Phone.2yj7cax
[07/26/2008|08:29] C:\ProgramData\401,424 City Phone Phone.3533xmk
[07/05/2008|01:01] C:\ProgramData\262,160 City Phone Phone.5qily
[07/05/2008|11:33] C:\ProgramData\36,880 City Phone Phone.82ay5
[07/06/2008|12:02] C:\ProgramData\188,432 City Phone Phone.alzznn3
[07/06/2008|10:53] C:\ProgramData\73,744 City Phone Phone.b7r1i
[07/05/2008|10:56] C:\ProgramData\8,208 City Phone Phone.c6re6kv
[07/05/2008|12:17] C:\ProgramData\307,216 City Phone Phone.e7oqg
[07/26/2008|08:29] C:\ProgramData\348,176 City Phone Phone.eyojq
[07/06/2008|11:15] C:\ProgramData\12,304 City Phone Phone.fm49bl
[07/06/2008|09:26] C:\ProgramData\24,592 City Phone Phone.gct6h
[07/05/2008|11:11] C:\ProgramData\286,736 City Phone Phone.l07tn
[07/06/2008|12:45] C:\ProgramData\24,592 City Phone Phone.o7st4
[07/05/2008|04:53] C:\ProgramData\213,008 City Phone Phone.pwnrt
[07/06/2008|12:23] C:\ProgramData\233,488 City Phone Phone.sre23
[07/05/2008|11:18] C:\ProgramData\213,008 City Phone Phone.uzi1jz
[07/05/2008|11:11] C:\ProgramData\12,304 City Phone Phone.z5auhym
[07/05/2008|11:55] C:\ProgramData\196,624 City Phone Phone.zgm8yy
[07/26/2008|08:30] C:\ProgramData\8,208 Corn Coal Keep.la5j3b
[08/04/2008|07:22] C:\ProgramData\29 counter.cfg
[08/04/2007|09:35] C:\ProgramData\<DIR> CyberLink
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Desktop
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Documents
[05/31/2008|11:44] C:\ProgramData\<DIR> DynDNS
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Favorites
[12/28/2007|01:27] C:\ProgramData\<DIR> Google
[08/04/2008|07:22] C:\ProgramData\<DIR> Gtek
[11/29/2007|07:42] C:\ProgramData\<DIR> Hewlett-Packard
[11/29/2007|08:21] C:\ProgramData\<DIR> HP
[08/04/2007|09:44] C:\ProgramData\320 hpzinstall.log
[06/05/2008|05:05] C:\ProgramData\<DIR> Media Center Programs
[07/26/2008|08:30] C:\ProgramData\<DIR> Memo Drive Vc Log
[09/10/2008|05:40] C:\ProgramData\<DIR> Messenger Plus!
[04/30/2008|03:16] C:\ProgramData\<DIR> Microsoft
[10/16/2008|09:04] C:\ProgramData\<DIR> Microsoft Help
[10/13/2008|06:45] C:\ProgramData\<DIR> NVIDIA
[07/25/2008|09:56] C:\ProgramData\<DIR> Protexis
[08/04/2007|09:13] C:\ProgramData\<DIR> Roxio
[08/04/2007|09:08] C:\ProgramData\<DIR> Sonic
[04/30/2008|03:47] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Start Menu
[10/13/2008|07:57] C:\ProgramData\<DIR> Symantec
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Templates
[01/10/2008|05:11] C:\ProgramData\<DIR> Viewpoint
[02/06/2008|11:15] C:\ProgramData\<DIR> WildTangent
[07/10/2008|09:02] C:\ProgramData\<DIR> WinZip
[07/08/2008|08:29] C:\ProgramData\<DIR> WLInstaller
[07/05/2008|09:27] C:\ProgramData\<DIR> XL Delete
[08/04/2008|06:27] C:\ProgramData\<DIR> Yahoo!
[12/01/2007|08:24] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[08/04/2007|09:33] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[10/13/2008|06:48] C:\Program Files\<DIR> Adobe
[01/10/2008|05:15] C:\Program Files\<DIR> AIM6
[09/07/2008|11:12] C:\Program Files\<DIR> Apple Software Update
[12/23/2007|02:20] C:\Program Files\<DIR> Cat Daddy Games
[07/25/2008|10:40] C:\Program Files\<DIR> Cavaj Java Decompiler
[06/25/2008|10:22] C:\Program Files\<DIR> Citrix
[08/04/2008|06:53] C:\Program Files\<DIR> Common Files
[12/28/2007|11:59] C:\Program Files\<DIR> CONEXANT
[07/24/2008|04:35] C:\Program Files\<DIR> decomp
[12/03/2007|04:47] C:\Program Files\<DIR> Disney
[01/15/2008|09:25] C:\Program Files\<DIR> DivX
[05/31/2008|11:44] C:\Program Files\<DIR> DynDNS Updater
[08/04/2007|09:46] C:\Program Files\<DIR> earthlink totalaccess
[07/05/2008|09:08] C:\Program Files\<DIR> FileDeleter
[12/15/2007|07:26] C:\Program Files\<DIR> Firaxis Games
[12/29/2007|09:31] C:\Program Files\<DIR> Google
[06/05/2008|05:05] C:\Program Files\<DIR> Guild Wars
[02/02/2008|11:36] C:\Program Files\<DIR> Hewlett-Packard
[08/04/2007|10:19] C:\Program Files\<DIR> HP
[12/01/2007|08:25] C:\Program Files\<DIR> HP Bluetooth Laser Mobile Mouse
[01/25/2008|03:43] C:\Program Files\<DIR> HP DeskJet 720C Series
[08/04/2007|09:53] C:\Program Files\<DIR> HP Games
[08/04/2007|10:04] C:\Program Files\<DIR> HPQ
[02/02/2008|11:36] C:\Program Files\<DIR> InstallShield Installation Information
[10/13/2008|06:18] C:\Program Files\<DIR> Internet Explorer
[08/04/2008|07:37] C:\Program Files\<DIR> Java
[06/25/2008|10:06] C:\Program Files\<DIR> Juniper Networks
[12/23/2007|06:09] C:\Program Files\<DIR> Maxis
[09/07/2008|08:28] C:\Program Files\<DIR> Messenger Plus! Live
[12/01/2007|05:58] C:\Program Files\<DIR> Microsoft ActiveSync
[11/02/2006|07:37] C:\Program Files\<DIR> Microsoft Games
[12/01/2007|05:56] C:\Program Files\<DIR> Microsoft Office
[09/10/2008|09:03] C:\Program Files\<DIR> Microsoft Works
[08/04/2007|09:31] C:\Program Files\<DIR> Microsoft.NET
[10/13/2008|06:18] C:\Program Files\<DIR> Movie Maker
[09/24/2008|05:57] C:\Program Files\<DIR> Mozilla Firefox
[11/02/2006|07:37] C:\Program Files\<DIR> MSBuild
[11/29/2007|08:11] C:\Program Files\<DIR> MSXML 4.0
[08/04/2007|09:56] C:\Program Files\<DIR> muvee Technologies
[08/04/2007|09:47] C:\Program Files\<DIR> Online Services
[08/07/2008|03:16] C:\Program Files\<DIR> Opera
[09/07/2008|11:16] C:\Program Files\<DIR> QuickTime
[08/04/2007|10:02] C:\Program Files\<DIR> Real
[11/02/2006|07:37] C:\Program Files\<DIR> Reference Assemblies
[08/04/2007|10:02] C:\Program Files\<DIR> Rhapsody
[08/04/2007|09:13] C:\Program Files\<DIR> Roxio
[08/04/2008|07:38] C:\Program Files\<DIR> Sun
[10/13/2008|07:57] C:\Program Files\<DIR> Symantec
[08/04/2007|08:35] C:\Program Files\<DIR> Synaptics
[02/02/2008|02:50] C:\Program Files\<DIR> SystemRequirementsLab
[11/02/2006|08:01] C:\Program Files\<DIR> Uninstall Information
[01/10/2008|05:12] C:\Program Files\<DIR> Viewpoint
[08/04/2007|09:58] C:\Program Files\<DIR> Vongo
[11/29/2007|07:38] C:\Program Files\<DIR> WIDCOMM
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Calendar
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Collaboration
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Defender
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Journal
[04/06/2008|12:16] C:\Program Files\<DIR> Windows Live
[10/17/2008|04:02] C:\Program Files\<DIR> Windows Live Safety Center
[10/16/2008|09:15] C:\Program Files\<DIR> Windows Mail
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|07:37] C:\Program Files\<DIR> Windows NT
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Photo Gallery
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Sidebar
[07/11/2008|01:36] C:\Program Files\<DIR> WinRAR
[07/11/2008|01:31] C:\Program Files\<DIR> WinZip
[08/04/2008|05:53] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/13/2008|06:48] C:\Program Files\Common Files\<DIR> Adobe
[01/21/2008|09:39] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[01/10/2008|05:11] C:\Program Files\Common Files\<DIR> AOL
[08/04/2007|09:31] C:\Program Files\Common Files\<DIR> DESIGNER
[08/04/2007|09:43] C:\Program Files\Common Files\<DIR> HP
[08/04/2007|10:01] C:\Program Files\Common Files\<DIR> InstallShield
[08/04/2007|10:23] C:\Program Files\Common Files\<DIR> Java
[08/04/2007|10:04] C:\Program Files\Common Files\<DIR> LightScribe
[08/06/2008|03:38] C:\Program Files\Common Files\<DIR> microsoft shared
[08/04/2007|09:57] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/04/2007|09:12] C:\Program Files\Common Files\<DIR> Roxio Shared
[11/02/2006|06:18] C:\Program Files\Common Files\<DIR> Services
[08/04/2007|09:12] C:\Program Files\Common Files\<DIR> Sonic Shared
[11/02/2006|06:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/04/2007|09:14] C:\Program Files\Common Files\<DIR> SureThing Shared
[12/29/2007|03:16] C:\Program Files\Common Files\<DIR> SWF Studio
[08/04/2008|06:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[10/13/2008|06:18] C:\Program Files\Common Files\<DIR> System
[07/08/2008|08:36] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 77 Processes )

iexplore.exe ~ [PID:3972]

--------------------\\ Searching with S_Lop

C:\ProgramData\City Phone Phone.5qily
C:\ProgramData\City Phone Phone.82ay5
C:\ProgramData\City Phone Phone.b7r1i
C:\ProgramData\City Phone Phone.e7oqg
C:\ProgramData\City Phone Phone.eyojq
C:\ProgramData\City Phone Phone.gct6h
C:\ProgramData\City Phone Phone.l07tn
C:\ProgramData\City Phone Phone.o7st4
C:\ProgramData\City Phone Phone.pwnrt
C:\ProgramData\City Phone Phone.sre23
C:\ProgramData\City Phone Phone.fm49bl
C:\ProgramData\City Phone Phone.uzi1jz
C:\ProgramData\City Phone Phone.zgm8yy
C:\ProgramData\Corn Coal Keep.la5j3b
C:\ProgramData\City Phone Phone.2yj7cax
C:\ProgramData\City Phone Phone.3533xmk
C:\ProgramData\City Phone Phone.alzznn3
C:\ProgramData\City Phone Phone.c6re6kv
C:\ProgramData\City Phone Phone.z5auhym

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\Memo Drive Vc Log
C:\ProgramData\Memo Drive Vc Log\Proc Rdr.exe
C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies\parker_family@adopt.euroclick[1].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"defy joy"="\"C:\\ProgramData\\City Phone Phone.eyojq\""
"vc log bows face"="\"C:\\ProgramData\\Corn Coal Keep.la5j3b\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:09:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..




[F:149][D:19]-> C:\Users\PARKER~1\AppData\Local\Temp
[F:86][D:1]-> C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1643][D:4]-> C:\Users\PARKER~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:500][D:9]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/18/2008|11:12 - Option : [1]

--------------------\\ Scan completed at 11:12:40
[ UAC => 1 ]

My OT program is still working on the 'Scanning Application Event Log'.

Thanks again for helping me!

Edited by PropagandaPanda, 18 October 2008 - 11:23 AM.
Remove Code tags


#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 18 October 2008 - 11:26 AM

Hello Mrparkers.

First of all, is this topic here:
http://www.bleepingcomputer.com/forums/ind...&pid=904288
Regarding the same computer?

Did you run OTViewIt with Right click>Run as Administrator?
---
Run Lop S&D
You can find a detailed instructions with visuals here:
http://eric.71.mespages.googlepages.com/lop.sd.en
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 2 followed by Enter to selection option "2 - Fix + Hosts".
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.
Download and Run RSIT
If OTViewIt is stuck, close it and run this instead.
  • Download Random's System Information Tool by random/random to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both C:\rsit\log.txt (< and
    C:\rsit\info.txt (<


Please post back with:
-the new LOP S&D log
-the RSIT logs

With Regards,
The Panda

#6 Mrparkers

Mrparkers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 18 October 2008 - 11:24 PM

Yes, that's the same computer. I forgot about my topic there because the popups started going away, but they came back again and now I want to get rid of them permanently. I ran OTViewIt again, and it worked this time. Here's my OTViewIt log:

OTViewIt logfile created on: 10/18/2008 11:06:21 AM - Run 2
OTViewIt by OldTimer - Version 1.0.16.0 Folder = C:\Users\Parker Family\Desktop
Windows Vista An unknown product Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 36.88% Memory free
4.00 Gb Paging File | 1.94 Gb Available in Paging File | 48.47% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.63 Gb Total Space | 94.46 Gb Free Space | 67.17% Space Free | Partition Type: NTFS
Drive D: | 8.42 Gb Total Space | 1.80 Gb Free Space | 21.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PARKERFAMILY_LA
Current User Name: Parker Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 02:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 02:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/01/19 02:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2008/01/19 02:33:39 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
[2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
[2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
[2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/04/10 21:17:10 | 00,407,136 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
[2008/04/23 11:57:02 | 00,061,440 | ---- | M] () -- C:\Program Files\DynDNS Updater\DynUpSvc.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/07/10 07:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2008/01/28 11:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\SDWinSec.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/08/04 18:03:23 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[2008/01/19 02:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/01/19 02:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2007/09/15 03:50:54 | 01,021,224 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/02/13 13:38:36 | 00,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[2007/01/10 18:12:08 | 00,317,128 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[2007/09/15 03:29:10 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/10/26 15:42:48 | 00,509,224 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YOP\yop.exe
[2007/01/10 00:59:52 | 00,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/19 02:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2007/12/28 17:29:01 | 00,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[2008/01/28 11:43:40 | 02,097,488 | RHS- | M] (Safer Networking Limited) -- C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\TeaTimer.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/03/29 14:11:50 | 00,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/04/23 11:57:00 | 00,065,536 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe
[2007/07/24 20:00:12 | 00,344,064 | ---- | M] () -- C:\Program Files\HP Bluetooth Laser Mobile Mouse\MulMouse.exe
[2008/01/19 02:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/11/02 04:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/01/19 02:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/01/19 02:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2007/10/26 15:42:40 | 00,628,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Yahoo!\YOP\SSDK02.exe
[2007/03/29 14:11:48 | 01,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/01/19 02:33:40 | 00,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2008/01/19 02:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2008/09/24 17:57:53 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/05/27 00:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/01/19 02:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2008/01/19 02:33:04 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2008/06/10 01:21:01 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2008/05/27 00:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/10/18 10:48:03 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Parker Family\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/01/21 21:39:14 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
File not found -- -- (Apache2.2 [Auto | Stopped])
[2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
[2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2007/04/23 20:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Disabled | Stopped])
[2008/01/05 06:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/04/23 20:11:44 | 00,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched [Disabled | Stopped])
[2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Running])
[2007/01/09 16:55:34 | 00,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb [On_Demand | Stopped])
[2007/01/12 22:40:58 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/01/19 02:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/01/19 02:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2007/04/10 21:17:10 | 00,407,136 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService [Auto | Running])
[2008/04/23 11:57:02 | 00,061,440 | ---- | M] () -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater [Auto | Running])
[2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
File not found -- -- (FileZilla Server [On_Demand | Stopped])
[2007/10/26 19:46:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/01/29 12:09:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [Disabled | Stopped])
[2008/01/19 02:34:25 | 00,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
[2007/12/28 17:28:59 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2007/09/19 18:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe -- (HP Health Check Service [Disabled | Stopped])
[2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Disabled | Stopped])
[2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/01/14 02:11:06 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
[2007/04/19 15:35:46 | 00,075,304 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
[2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
[2007/01/10 00:59:32 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
[2006/11/02 08:04:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
File not found -- -- (mysql [Auto | Stopped])
[2007/10/27 16:50:54 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/02/12 11:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2008/01/19 02:36:17 | 00,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll -- (RpcSs [Unknown | Running])
[2008/01/28 11:43:32 | 00,810,320 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2008/01/19 02:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/03/25 19:36:14 | 00,024,643 | ---- | M] () -- C:\Windows\System32\SecureSrv.log -- (SecureSrv [On_Demand | Stopped])
[2008/01/19 02:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 04:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2007/02/17 09:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/08/04 18:03:23 | 01,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])
[2007/01/05 03:19:28 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Running])
[2008/01/19 02:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/19 02:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2007/03/29 15:59:42 | 00,176,128 | ---- | M] (Starz Entertainment Group LLC) -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service [Disabled | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 00:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/07/10 07:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

========== Driver Services ==========

[2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 04:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 04:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2008/01/19 00:27:20 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [On_Demand | Running])
[2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2007/10/13 00:50:00 | 01,044,984 | ---- | M] (Broadcom Corp.) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV [On_Demand | Stopped])
[2007/10/13 00:50:00 | 01,044,984 | ---- | M] (Broadcom Corp.) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX [On_Demand | Running])
[2008/01/19 00:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2008/01/19 00:53:38 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2006/11/02 03:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/19 00:53:44 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2008/04/28 20:42:23 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/28 20:42:21 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
[2007/04/18 03:51:12 | 00,079,664 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Running])
[2007/04/18 03:51:14 | 00,081,200 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Running])
[2007/04/18 03:51:14 | 00,016,432 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid [On_Demand | Running])
[2006/11/02 03:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 02:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 04:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 03:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 00:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2007/04/10 18:05:34 | 00,023,552 | ---- | M] (Juniper Networks) -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt [On_Demand | Running])
[2008/08/01 20:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr [System | Running])
[2008/01/19 02:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2008/09/02 03:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2008/09/02 03:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/19 00:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 02:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 00:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 04:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/03/09 21:09:52 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])
[2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2007/06/26 09:38:14 | 00,163,328 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService [On_Demand | Running])
[2008/01/18 23:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/01/19 00:53:37 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [On_Demand | Running])
[2006/11/02 03:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2007/06/20 04:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/06/20 04:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2006/10/18 21:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2008/09/12 02:33:24 | 00,270,384 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20081014.001\IDSvix86.sys -- (IDSvix86 [System | Running])
[2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 03:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 02:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2008/01/19 00:49:17 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2008/01/19 00:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 00:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/19 00:52:19 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 04:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 00:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/05/08 14:21:56 | 00,211,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 00:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 04:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 04:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 02:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 02:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2007/07/20 15:20:46 | 00,009,728 | ---- | M] (Waytech Development, Inc.) -- C:\Windows\System32\drivers\N558.sys -- (n558 [On_Demand | Running])
[2008/05/19 21:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2008/08/20 03:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081017.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2008/08/20 03:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20081017.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 00:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/03/06 23:15:58 | 01,059,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
[2007/09/19 04:05:00 | 07,626,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2007/02/16 18:50:32 | 00,012,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu [On_Demand | Running])
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 04:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 04:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/04 20:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/02/02 05:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 00:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2008/01/19 00:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 01:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 00:53:39 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2007/02/24 09:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/01/23 11:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/01/23 12:03:28 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2008/01/19 00:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 04:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/19 00:32:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 00:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 03:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 03:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 03:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 04:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 00:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/19 02:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [System | Running])
[2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/01/19 00:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 00:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2007/01/09 17:32:13 | 00,012,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])
[2008/08/04 19:02:41 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/01/09 17:32:13 | 00,145,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])
[2007/01/09 17:32:13 | 00,040,120 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])
[2007/01/09 17:32:13 | 00,038,200 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV [On_Demand | Running])
[2007/01/09 17:32:13 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/01/09 17:32:13 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2007/09/15 03:50:56 | 00,191,408 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/01/19 00:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2008/01/19 00:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2008/01/19 01:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2008/01/19 00:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 00:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 04:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 04:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 00:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 03:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/19 00:53:38 | 00,134,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys -- (usbvideo [On_Demand | Running])
[2006/11/02 03:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 03:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 02:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 02:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 03:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 04:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 02:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2007/06/20 04:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/01/19 00:32:47 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/19 00:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [System | Running])
[2007/07/10 07:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage
"StartPageCache"=

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = <local>

========== (O1) Hosts File ==========

HOSTS File = (936 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"GhostSurfDelSatellite"=C:\Users\Parker Family\Documents\Galkon's Pride\GhostSurf 2005\DeleteSatellite.exe File not found
"hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
"WAWifiMessage"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.)
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"defy joy"="C:\ProgramData\City Phone Phone.eyojq" File not found
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NudgeMania"=C:\Users\Parker Family\Documents\Galkon's Pride\NudgeMania\NudgeMania.exe File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
"vc log bows face"="C:\ProgramData\Corn Coal Keep.la5j3b" File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= File not found
"defy joy"="C:\ProgramData\City Phone Phone.eyojq" File not found
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NudgeMania"=C:\Users\Parker Family\Documents\Galkon's Pride\NudgeMania\NudgeMania.exe File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
"vc log bows face"="C:\ProgramData\Corn Coal Keep.la5j3b" File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunOnce Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=%WINDIR%\SMINST\launcher.exe (soft thinks)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 13:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 13:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 15:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2007/01/23 13:57:52 | 00,002,758 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %UserProfile%\Documents\DAH\Spybot - Search & Destroy\SDHelper.dll [2008/01/28 11:43:28 | 01,554,256 | ---- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
42 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
42 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
42 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
42 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
42 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
Range1: ":Range"=127.0.0.1 -- http in Local intranet |

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/5/b...heckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{54B52E52-8000-4413-BD67-FC7FE24B59F2}: http://simcity.ea.com/update/EARTPX.cab -- EARTPatchX Class
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab -- System Requirements Lab Class
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://download.divx.com/player/DivXBrowserPlugin.cab -- DivXBrowserPlugin Object
{6B75345B-AA36-438A-BBE6-4078B4C6984D}: http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab -- HpProductDetection Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer
{C36661D7-3590-45B1-80B5-520839E94DAD}: http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab -- MaxisSimCity4PatcherX Control
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{E6187999-9FEC-46A1-A20F-F4CA977D5643}: http://messenger.zone.msn.com/binary/Chess.cab57176.cab -- ZoneChess Object
{F27237D7-93C8-44C2-AC6E-D6057B9A918F}: https://access.foley.com/dana-cached/sc/Jun...SetupClient.cab -- JuniperSetupClient Control

========== (O17) DNS Name Servers ==========

{1BC47C75-1E78-4B24-A6A2-ED0D1E08A14B} (Servers: | Description: Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter)
{83F8A98A-64F8-4232-9E5E-06CDB1303AC4} (Servers: | Description: )
{B0717666-99DE-4E14-B322-505B7C9031E4} (Servers: | Description: NVIDIA nForce Networking Controller)
{E945B6CA-E595-4618-9E4F-55416B3DB421} (Servers: | Description: )
{F04A5B5B-52C2-4F42-8D9A-126D1156B5F4} (Servers: | Description: )

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 02:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 02:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
[2007/08/04 21:57:23 | 00,000,074 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

AUTOMODE [@echo off | IF EXIST C:\ST_RP\MANUALMODE ECHO MANUAL BATCH MODE ALREADY SET ! | IF NOT EXIST C:\ST_RP\MANUALMODE ECHO SET TO MANUAL BATCH EXECUTION ! | IF NOT EXIST C:\ST_RP\MANUALMODE IF EXIST C:\ST_RP\AUTOMODE DEL C:\ST_RP\AUTOMODE /F > NUL | IF NOT EXIST C:\ST_RP\MANUALMODE COPY C:\ST_RP\SET_AUTO_MODE.CMD C:\ST_RP\MANUALMODE > NUL | ECHO. | ]
[2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () -- D:\AUTOMODE -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9d9da6-8ee2-11dd-9bac-001e3766da05}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf9d9da6-8ee2-11dd-9bac-001e3766da05}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found



Continued OTViewIt log:

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Users\Parker Family\Documents\*.tmp files]
[2008/10/18 11:08:04 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/10/18 11:07:37 | 00,522,214 | ---- | C] () -- C:\Users\Parker Family\Desktop\LopSD.exe
[2008/10/18 10:48:18 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Users\Parker Family\Desktop\OTViewIt.exe
[2008/10/16 15:10:38 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/10/15 21:10:53 | 02,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/15 21:10:49 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2008/10/15 21:10:47 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2008/10/15 21:10:46 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2008/10/15 21:10:42 | 03,578,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/15 21:10:41 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/15 21:10:41 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/15 21:10:40 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/15 21:10:40 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/15 21:10:39 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/15 21:10:37 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2008/10/15 21:10:37 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/14 19:58:14 | 00,011,109 | ---- | C] () -- C:\Users\Parker Family\Desktop\New Godswords.zip
[2008/10/14 18:15:39 | 00,005,011 | ---- | C] () -- C:\Users\Parker Family\Desktop\Godbow Drop Package.rar
[2008/10/14 18:06:52 | 00,060,737 | ---- | C] () -- C:\Users\Parker Family\Desktop\gzip.zip
[2008/10/14 17:57:52 | 00,004,979 | ---- | C] () -- C:\Users\Parker Family\Desktop\Godbow Package.rar
[2008/10/14 09:01:48 | 00,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/14 09:01:48 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/14 09:01:48 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2008/10/14 09:01:47 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2008/10/14 09:01:40 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2008/10/14 09:01:39 | 00,754,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2008/10/14 09:01:39 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2008/10/14 09:01:39 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2008/10/14 09:01:39 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2008/10/14 09:01:39 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2008/10/14 09:01:39 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2008/10/14 09:01:39 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2008/10/14 09:01:39 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2008/10/14 09:01:38 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2008/10/14 09:01:37 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2008/10/14 09:01:37 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2008/10/14 09:01:37 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2008/10/14 09:01:37 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2008/10/14 09:01:37 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2008/10/14 09:01:37 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2008/10/14 09:01:37 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2008/10/14 09:01:36 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2008/10/14 09:01:36 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2008/10/14 09:01:36 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2008/10/14 09:01:36 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2008/10/14 09:01:35 | 01,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2008/10/14 09:01:35 | 01,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2008/10/14 09:01:34 | 00,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2008/10/14 09:01:34 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2008/10/14 09:01:34 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2008/10/14 07:00:19 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2008/10/13 23:15:25 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/10/13 23:15:23 | 00,891,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2008/10/13 23:15:23 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2008/10/13 23:15:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2008/10/13 23:15:21 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2008/10/13 23:15:21 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2008/10/13 23:15:21 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2008/10/13 23:15:21 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2008/10/13 23:15:20 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2008/10/13 23:15:20 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2008/10/13 23:15:17 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2008/10/13 23:15:17 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2008/10/13 23:15:17 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2008/10/13 23:15:17 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2008/10/13 23:15:16 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2008/10/13 23:15:16 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2008/10/13 23:15:16 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2008/10/13 23:15:16 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2008/10/13 18:48:17 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2008/10/13 18:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/10/13 18:15:35 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2008/10/13 07:57:03 | 00,023,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\COH_Mon.sys
[2008/10/13 07:57:03 | 00,010,537 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.cat
[2008/10/13 07:57:03 | 00,000,706 | ---- | C] () -- C:\Windows\System32\drivers\COH_Mon.inf
[2008/10/08 19:00:03 | 00,006,082 | ---- | C] () -- C:\Users\Parker Family\Desktop\Barrowsb.dat.gz
[2008/10/01 21:52:16 | 00,000,000 | ---D | C] -- C:\Users\Parker Family\AppData\Roaming\U3
[2008/09/25 15:37:54 | 00,000,000 | ---D | C] -- C:\Users\Parker Family\Documents\Debate
[2008/09/23 23:21:38 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2008/09/23 23:21:37 | 02,623,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/09/23 23:21:28 | 00,051,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2008/09/23 23:21:27 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2008/09/23 23:21:26 | 00,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2008/09/23 23:21:25 | 02,091,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2008/09/23 23:21:25 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2008/09/23 23:21:24 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2008/09/23 23:21:24 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sstpsvc.dll
[2008/09/23 23:21:22 | 00,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2008/09/23 23:21:22 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2008/09/23 23:21:22 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2008/09/23 23:21:22 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2008/09/23 23:21:21 | 01,076,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2008/09/23 23:21:21 | 01,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2008/09/23 23:21:18 | 00,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2008/09/23 23:21:18 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2008/09/23 23:21:18 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2008/09/23 23:21:16 | 00,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2008/09/23 23:21:14 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2008/09/23 23:21:13 | 01,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2008/09/23 23:21:13 | 01,081,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2008/09/23 23:21:13 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2008/09/23 23:21:12 | 01,675,370 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2008/09/23 23:21:12 | 00,889,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2008/09/23 23:21:12 | 00,206,830 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2008/09/23 23:21:11 | 00,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2008/09/23 23:21:11 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2008/09/23 23:21:11 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2008/09/23 23:21:10 | 08,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2008/09/23 23:21:10 | 01,190,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2008/09/23 23:21:10 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2008/09/23 23:21:10 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2008/09/23 23:21:10 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2008/09/23 23:21:09 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2008/09/23 23:21:09 | 01,332,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2008/09/23 23:21:09 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2008/09/23 23:21:09 | 01,203,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2008/09/23 23:21:08 | 01,013,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2008/09/23 23:21:08 | 00,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2008/09/23 23:21:08 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2008/09/23 23:21:08 | 00,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2008/09/23 23:21:07 | 00,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2008/09/23 23:21:07 | 00,412,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2008/09/23 23:21:07 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2008/09/23 23:21:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2008/09/23 23:21:06 | 00,382,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2008/09/23 23:21:06 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2008/09/23 23:21:05 | 10,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2008/09/23 23:21:04 | 02,867,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2008/09/23 23:21:04 | 01,532,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2008/09/23 23:21:04 | 01,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2008/09/23 23:21:04 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2008/09/23 23:21:04 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2008/09/23 23:21:03 | 01,052,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2008/09/23 23:21:03 | 00,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2008/09/23 23:21:03 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2008/09/23 23:21:03 | 00,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2008/09/23 23:21:02 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2008/09/23 23:21:02 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2008/09/23 23:21:01 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2008/09/23 23:21:01 | 01,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2008/09/23 23:21:01 | 00,393,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2008/09/23 23:21:01 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL
[2008/09/23 23:21:01 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2008/09/23 23:21:00 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2008/09/23 23:21:00 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2008/09/23 23:21:00 | 00,557,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2008/09/23 23:20:59 | 00,680,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2008/09/23 23:20:59 | 00,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2008/09/23 23:20:59 | 00,529,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2008/09/23 23:20:59 | 00,376,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2008/09/23 23:20:59 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2008/09/23 23:20:59 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2008/09/23 23:20:59 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2008/09/23 23:20:59 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DfsShlEx.dll
[2008/09/23 23:20:58 | 02,011,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2008/09/23 23:20:58 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2008/09/23 23:20:58 | 00,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2008/09/23 23:20:58 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2008/09/23 23:20:58 | 00,596,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2008/09/23 23:20:58 | 00,445,952 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2008/09/23 23:20:58 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2008/09/23 23:20:57 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2008/09/23 23:20:57 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2008/09/23 23:20:56 | 01,788,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2008/09/23 23:20:56 | 01,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2008/09/23 23:20:56 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2008/09/23 23:20:56 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2008/09/23 23:20:56 | 00,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2008/09/23 23:20:55 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2008/09/23 23:20:55 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2008/09/23 23:20:55 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2008/09/23 23:20:55 | 00,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2008/09/23 23:20:55 | 00,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2008/09/23 23:20:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2008/09/23 23:20:55 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2008/09/23 23:20:54 | 02,085,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2008/09/23 23:20:54 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2008/09/23 23:20:54 | 00,531,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.dll
[2008/09/23 23:20:53 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2008/09/23 23:20:53 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XPSSHHDR.dll
[2008/09/23 23:20:53 | 00,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2008/09/23 23:20:53 | 00,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtckrm.dll
[2008/09/23 23:20:53 | 00,227,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2008/09/23 23:20:52 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2008/09/23 23:20:52 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2008/09/23 23:20:52 | 00,882,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2008/09/23 23:20:52 | 00,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2008/09/23 23:20:52 | 00,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2008/09/23 23:20:52 | 00,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2008/09/23 23:20:52 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2008/09/23 23:20:51 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2008/09/23 23:20:51 | 00,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2008/09/23 23:20:51 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2008/09/23 23:20:51 | 00,247,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2008/09/23 23:20:51 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2008/09/23 23:20:51 | 00,132,148 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2008/09/23 23:20:51 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2008/09/23 23:20:51 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2008/09/23 23:20:50 | 01,208,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2008/09/23 23:20:50 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2008/09/23 23:20:50 | 00,015,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys
[2008/09/23 23:20:48 | 00,977,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2008/09/23 23:20:48 | 00,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2008/09/23 23:20:48 | 00,441,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2008/09/23 23:20:48 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2008/09/23 23:20:48 | 00,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2008/09/23 23:20:47 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2008/09/23 23:20:47 | 00,563,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2008/09/23 23:20:47 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2008/09/23 23:20:47 | 00,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2008/09/23 23:20:47 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2008/09/23 23:20:46 | 01,590,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2008/09/23 23:20:46 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2008/09/23 23:20:46 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2008/09/23 23:20:46 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2008/09/23 23:20:46 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/09/23 23:20:46 | 00,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2008/09/23 23:20:46 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2008/09/23 23:20:46 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2008/09/23 23:20:46 | 00,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2008/09/23 23:20:46 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecsvc.dll
[2008/09/23 23:20:45 | 00,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2008/09/23 23:20:45 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2008/09/23 23:20:45 | 00,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2008/09/23 23:20:45 | 00,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2008/09/23 23:20:45 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2008/09/23 23:20:45 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2008/09/23 23:20:45 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2008/09/23 23:20:45 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2008/09/23 23:20:45 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2008/09/23 23:20:45 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2008/09/23 23:20:45 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
[2008/09/23 23:20:44 | 03,216,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2008/09/23 23:20:44 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2008/09/23 23:20:44 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2008/09/23 23:20:44 | 00,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2008/09/23 23:20:44 | 00,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2008/09/23 23:20:44 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2008/09/23 23:20:44 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2008/09/23 23:20:44 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2008/09/23 23:20:44 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2008/09/23 23:20:43 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2008/09/23 23:20:43 | 00,450,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2008/09/23 23:20:43 | 00,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2008/09/23 23:20:43 | 00,223,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2008/09/23 23:20:43 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2008/09/23 23:20:43 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2008/09/23 23:20:43 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2008/09/23 23:20:43 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2008/09/23 23:20:43 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2008/09/23 23:20:43 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2008/09/23 23:20:43 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2008/09/23 23:20:43 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2008/09/23 23:20:42 | 00,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2008/09/23 23:20:42 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2008/09/23 23:20:42 | 00,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2008/09/23 23:20:42 | 00,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2008/09/23 23:20:42 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2008/09/23 23:20:42 | 00,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2008/09/23 23:20:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2008/09/23 23:20:41 | 00,181,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2008/09/23 23:20:41 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2008/09/23 23:20:41 | 00,143,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2008/09/23 23:20:41 | 00,016,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2008/09/23 23:20:39 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2008/09/23 23:20:39 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2008/09/23 23:20:39 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2008/09/23 23:20:38 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2008/09/23 23:20:38 | 00,647,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2008/09/23 23:20:38 | 00,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2008/09/23 23:20:38 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2008/09/23 23:20:38 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2008/09/23 23:20:38 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2008/09/23 23:20:38 | 00,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2008/09/23 23:20:38 | 00,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2008/09/23 23:20:38 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2008/09/23 23:20:38 | 00,266,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2008/09/23 23:20:38 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2008/09/23 23:20:38 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2008/09/23 23:20:38 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlasvc.dll
[2008/09/23 23:20:38 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2008/09/23 23:20:38 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2008/09/23 23:20:37 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2008/09/23 23:20:37 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2008/09/23 23:20:37 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2008/09/23 23:20:37 | 00,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2008/09/23 23:20:37 | 00,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2008/09/23 23:20:37 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2008/09/23 23:20:37 | 00,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2008/09/23 23:20:37 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2008/09/23 23:20:37 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2008/09/23 23:20:37 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2008/09/23 23:20:37 | 00,151,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2008/09/23 23:20:37 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2008/09/23 23:20:36 | 00,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2008/09/23 23:20:36 | 00,756,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2008/09/23 23:20:36 | 00,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2008/09/23 23:20:36 | 00,503,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2008/09/23 23:20:36 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2008/09/23 23:20:36 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2008/09/23 23:20:36 | 00,294,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2008/09/23 23:20:36 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2008/09/23 23:20:36 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2008/09/23 23:20:36 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2008/09/23 23:20:36 | 00,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2008/09/23 23:20:36 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2008/09/23 23:20:36 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2008/09/23 23:20:35 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2008/09/23 23:20:35 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2008/09/23 23:20:35 | 00,806,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2008/09/23 23:20:35 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2008/09/23 23:20:35 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2008/09/23 23:20:35 | 00,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2008/09/23 23:20:35 | 00,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2008/09/23 23:20:35 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2008/09/23 23:20:35 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2008/09/23 23:20:35 | 00,131,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2008/09/23 23:20:35 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2008/09/23 23:20:35 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspptp.sys
[2008/09/23 23:20:34 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2008/09/23 23:20:34 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprofm.dll
[2008/09/23 23:20:34 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2008/09/23 23:20:34 | 00,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2008/09/23 23:20:34 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2008/09/23 23:20:34 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2008/09/23 23:20:34 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasl2tp.sys
[2008/09/23 23:20:34 | 00,056,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2008/09/23 23:20:33 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2008/09/23 23:20:31 | 01,855,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2008/09/23 23:20:31 | 00,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2008/09/23 23:20:31 | 00,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2008/09/23 23:20:31 | 00,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2008/09/23 23:20:31 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2008/09/23 23:20:31 | 00,242,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2008/09/23 23:20:31 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2008/09/23 23:20:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2008/09/23 23:20:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2008/09/23 23:20:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2008/09/23 23:20:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2008/09/23 23:20:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2008/09/23 23:20:31 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2008/09/23 23:20:30 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2008/09/23 23:20:30 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2008/09/23 23:20:30 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2008/09/23 23:20:30 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2008/09/23 23:20:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2008/09/23 23:20:30 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2008/09/23 23:20:30 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2008/09/23 23:20:29 | 01,067,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2008/09/23 23:20:29 | 00,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2008/09/23 23:20:29 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2008/09/23 23:20:29 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2008/09/23 23:20:29 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2008/09/23 23:20:29 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2008/09/23 23:20:29 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2008/09/23 23:20:29 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2008/09/23 23:20:29 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2008/09/23 23:20:29 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys
[2008/09/23 23:20:29 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapsvc.dll
[2008/09/23 23:20:29 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2008/09/23 23:20:28 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2008/09/23 23:20:28 | 00,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2008/09/23 23:20:28 | 00,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2008/09/23 23:20:28 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2008/09/23 23:20:28 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2008/09/23 23:20:28 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2008/09/23 23:20:28 | 00,101,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2008/09/23 23:20:27 | 03,173,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2008/09/23 23:20:27 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2008/09/23 23:20:27 | 01,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pla.dll
[2008/09/23 23:20:27 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2008/09/23 23:20:27 | 00,192,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2008/09/23 23:20:27 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2008/09/23 23:20:26 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2008/09/23 23:20:26 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2008/09/23 23:20:26 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2008/09/23 23:20:26 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2008/09/23 23:20:26 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2008/09/23 23:20:26 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
[2008/09/23 23:20:25 | 01,823,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2008/09/23 23:20:25 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2008/09/23 23:20:25 | 00,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2008/09/23 23:20:25 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2008/09/23 23:20:25 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2008/09/23 23:20:25 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2008/09/23 23:20:25 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2008/09/23 23:20:25 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2008/09/23 23:20:24 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2008/09/23 23:20:24 | 00,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2008/09/23 23:20:24 | 00,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2008/09/23 23:20:24 | 00,251,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2008/09/23 23:20:24 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2008/09/23 23:20:24 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2008/09/23 23:20:24 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2008/09/23 23:20:23 | 04,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2008/09/23 23:20:23 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2008/09/23 23:20:23 | 00,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2008/09/23 23:20:23 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2008/09/23 23:20:23 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2008/09/23 23:20:23 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2008/09/23 23:20:23 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2008/09/23 23:20:23 | 00,240,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
[2008/09/23 23:20:23 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2008/09/23 23:20:23 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2008/09/23 23:20:23 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SessEnv.dll
[2008/09/23 23:20:23 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2008/09/23 23:20:23 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2008/09/23 23:20:22 | 01,291,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comres.dll
[2008/09/23 23:20:22 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2008/09/23 23:20:22 | 00,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2008/09/23 23:20:22 | 00,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2008/09/23 23:20:22 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2008/09/23 23:20:22 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2008/09/23 23:20:22 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2008/09/23 23:20:22 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2008/09/23 23:20:22 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpdd.dll
[2008/09/23 23:20:22 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2008/09/23 23:20:22 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2008/09/23 23:20:22 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2008/09/23 23:20:22 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2008/09/23 23:20:22 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll
[2008/09/23 23:20:22 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2008/09/23 23:20:21 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2008/09/23 23:20:21 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2008/09/23 23:20:21 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2008/09/23 23:20:21 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2008/09/23 23:20:21 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2008/09/23 23:20:21 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll
[2008/09/23 23:20:21 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2008/09/23 23:20:21 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2008/09/23 23:20:21 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2008/09/23 23:20:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2008/09/23 23:20:20 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2008/09/23 23:20:20 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll
[2008/09/23 23:20:20 | 00,123,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2008/09/23 23:20:20 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2008/09/23 23:20:20 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2008/09/23 23:20:19 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2008/09/23 23:20:19 | 00,175,508 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2008/09/23 23:20:19 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2008/09/23 23:20:19 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2008/09/23 23:20:19 | 00,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2008/09/23 23:20:17 | 01,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2008/09/23 23:20:17 | 01,186,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2008/09/23 23:20:17 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2008/09/23 23:20:17 | 00,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2008/09/23 23:20:17 | 00,336,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2008/09/23 23:20:17 | 00,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\telnet.exe
[2008/09/23 23:20:17 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2008/09/23 23:20:17 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2008/09/23 23:20:17 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2008/09/23 23:20:17 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2008/09/23 23:20:17 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/09/23 23:20:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2008/09/23 23:20:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/09/23 23:20:16 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2008/09/23 23:20:16 | 00,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2008/09/23 23:20:16 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2008/09/23 23:20:16 | 00,354,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2008/09/23 23:20:16 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2008/09/23 23:20:16 | 00,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2008/09/23 23:20:16 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2008/09/23 23:20:16 | 00,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2008/09/23 23:20:16 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2008/09/23 23:20:16 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2008/09/23 23:20:16 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2008/09/23 23:20:16 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2008/09/23 23:20:16 | 00,052,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys
[2008/09/23 23:20:16 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2008/09/23 23:20:15 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2008/09/23 23:20:15 | 00,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2008/09/23 23:20:15 | 00,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2008/09/23 23:20:15 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2008/09/23 23:20:15 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdsvc.dll
[2008/09/23 23:20:15 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2008/09/23 23:20:15 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2008/09/23 23:20:15 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2008/09/23 23:20:15 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2008/09/23 23:20:15 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2008/09/23 23:20:14 | 01,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2008/09/23 23:20:14 | 00,936,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2008/09/23 23:20:14 | 00,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2008/09/23 23:20:14 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2008/09/23 23:20:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2008/09/23 23:20:13 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2008/09/23 23:20:13 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2008/09/23 23:20:13 | 00,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2008/09/23 23:20:13 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2008/09/23 23:20:13 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2008/09/23 23:20:13 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2008/09/23 23:20:13 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2008/09/23 23:20:13 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2008/09/23 23:20:13 | 00,127,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2008/09/23 23:20:13 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2008/09/23 23:20:13 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
[2008/09/23 23:20:13 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2008/09/23 23:20:13 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2008/09/23 23:20:12 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2008/09/23 23:20:12 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2008/09/23 23:20:12 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2008/09/23 23:20:12 | 00,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2008/09/23 23:20:12 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2008/09/23 23:20:12 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netman.dll
[2008/09/23 23:20:12 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysdm.cpl
[2008/09/23 23:20:12 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2008/09/23 23:20:12 | 00,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
[2008/09/23 23:20:12 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2008/09/23 23:20:12 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2008/09/23 23:20:12 | 00,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2008/09/23 23:20:11 | 00,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
[2008/09/23 23:20:11 | 00,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll
[2008/09/23 23:20:11 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2008/09/23 23:20:11 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2008/09/23 23:20:11 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2008/09/23 23:20:11 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2008/09/23 23:20:11 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2008/09/23 23:20:11 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2008/09/23 23:20:11 | 00,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2008/09/23 23:20:11 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2008/09/23 23:20:11 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2008/09/23 23:20:11 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPBusEnum.dll
[2008/09/23 23:20:11 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2008/09/23 23:20:11 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KMSVC.DLL
[2008/09/23 23:20:11 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2008/09/23 23:20:11 | 00,049,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2008/09/23 23:20:10 | 00,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2008/09/23 23:20:10 | 00,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll
[2008/09/23 23:20:10 | 00,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2008/09/23 23:20:10 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2008/09/23 23:20:10 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2008/09/23 23:20:10 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2008/09/23 23:20:10 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2008/09/23 23:20:10 | 00,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2008/09/23 23:20:10 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2008/09/23 23:20:10 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2008/09/23 23:20:10 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2008/09/23 23:20:10 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2008/09/23 23:20:09 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2008/09/23 23:20:09 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2008/09/23 23:20:09 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2008/09/23 23:20:09 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2008/09/23 23:20:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2008/09/23 23:20:09 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2008/09/23 23:20:08 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2008/09/23 23:20:08 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2008/09/23 23:20:08 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2008/09/23 23:20:08 | 00,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2008/09/23 23:20:08 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
[2008/09/23 23:20:08 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2008/09/23 23:20:08 | 00,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2008/09/23 23:20:08 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
[2008/09/23 23:20:08 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2008/09/23 23:20:08 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2008/09/23 23:20:08 | 00,057,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys
[2008/09/23 23:20:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2008/09/23 23:20:08 | 00,016,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys
[2008/09/23 23:20:07 | 00,939,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2008/09/23 23:20:07 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2008/09/23 23:20:07 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2008/09/23 23:20:07 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2008/09/23 23:20:07 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2008/09/23 23:20:07 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2008/09/23 23:20:07 | 00,058,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys
[2008/09/23 23:20:07 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys
[2008/09/23 23:20:06 | 00,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2008/09/23 23:20:06 | 00,289,467 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2008/09/23 23:20:06 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2008/09/23 23:20:06 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2008/09/23 23:20:06 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2008/09/23 23:20:06 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2008/09/23 23:20:06 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2008/09/23 23:20:06 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2008/09/23 23:20:05 | 08,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2008/09/23 23:20:05 | 00,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll
[2008/09/23 23:20:04 | 02,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2008/09/23 23:20:04 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2008/09/23 23:20:04 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwave.dll
[2008/09/23 23:20:04 | 00,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2008/09/23 23:20:04 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2008/09/23 23:20:04 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2008/09/23 23:20:04 | 00,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2008/09/23 23:20:04 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2008/09/23 23:20:04 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2008/09/23 23:20:04 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll
[2008/09/23 23:20:03 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2008/09/23 23:20:03 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2008/09/23 23:20:03 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2008/09/23 23:20:03 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2008/09/23 23:20:03 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2008/09/23 23:20:03 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2008/09/23 23:20:03 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2008/09/23 23:20:03 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
[2008/09/23 23:20:03 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2008/09/23 23:20:03 | 00,054,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2008/09/23 23:20:03 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2008/09/23 23:20:03 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2008/09/23 23:20:03 | 00,028,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2008/09/23 23:20:02 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2008/09/23 23:20:02 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2008/09/23 23:20:02 | 00,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx
[2008/09/23 23:20:02 | 00,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
[2008/09/23 23:20:02 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
[2008/09/23 23:20:02 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2008/09/23 23:20:02 | 00,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2008/09/23 23:20:02 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2008/09/23 23:20:02 | 00,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2008/09/23 23:20:02 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2008/09/23 23:20:02 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdrsvc.dll
[2008/09/23 23:20:02 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2008/09/23 23:20:02 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2008/09/23 23:20:02 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2008/09/23 23:20:02 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2008/09/23 23:20:01 | 01,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2008/09/23 23:20:01 | 00,842,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2008/09/23 23:20:01 | 00,261,163 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2008/09/23 23:20:01 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnphost.dll
[2008/09/23 23:20:01 | 00,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2008/09/23 23:20:01 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2008/09/23 23:20:01 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2008/09/23 23:20:01 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2008/09/23 23:20:01 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2008/09/23 23:20:01 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2008/09/23 23:20:01 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2008/09/23 23:20:01 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
[2008/09/23 23:20:01 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2008/09/23 23:20:01 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2008/09/23 23:20:01 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2008/09/23 23:20:00 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2008/09/23 23:20:00 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2008/09/23 23:20:00 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2008/09/23 23:20:00 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2008/09/23 23:20:00 | 00,163,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2008/09/23 23:20:00 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2008/09/23 23:20:00 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2008/09/23 23:20:00 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2008/09/23 23:20:00 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2008/09/23 23:20:00 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2008/09/23 23:20:00 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2008/09/23 23:20:00 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2008/09/23 23:20:00 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2008/09/23 23:20:00 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll
[2008/09/23 23:19:59 | 00,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2008/09/23 23:19:59 | 00,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2008/09/23 23:19:59 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2008/09/23 23:19:59 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2008/09/23 23:19:59 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2008/09/23 23:19:59 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2008/09/23 23:19:59 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2008/09/23 23:19:59 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2008/09/23 23:19:59 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2008/09/23 23:19:59 | 00,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2008/09/23 23:19:59 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2008/09/23 23:19:59 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprdim.dll
[2008/09/23 23:19:59 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2008/09/23 23:19:59 | 00,055,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2008/09/23 23:19:59 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2008/09/23 23:19:59 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2008/09/23 23:19:59 | 00,036,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2008/09/23 23:19:59 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2008/09/23 23:19:58 | 00,632,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2008/09/23 23:19:58 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2008/09/23 23:19:58 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
[2008/09/23 23:19:58 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2008/09/23 23:19:58 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll
[2008/09/23 23:19:58 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2008/09/23 23:19:58 | 00,029,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2008/09/23 23:19:58 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2008/09/23 23:19:57 | 02,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2008/09/23 23:19:57 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2008/09/23 23:19:57 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2008/09/23 23:19:57 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2008/09/23 23:19:57 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2008/09/23 23:19:57 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2008/09/23 23:19:57 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2008/09/23 23:19:57 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2008/09/23 23:19:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2008/09/23 23:19:57 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2008/09/23 23:19:57 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2008/09/23 23:19:57 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2008/09/23 23:19:57 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2008/09/23 23:19:57 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2008/09/23 23:19:57 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2008/09/23 23:19:57 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll
[2008/09/23 23:19:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2008/09/23 23:19:57 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2008/09/23 23:19:57 | 00,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2008/09/23 23:19:57 | 00,020,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\compbatt.sys
[2008/09/23 23:19:56 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2008/09/23 23:19:55 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2008/09/23 23:19:55 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2008/09/23 23:19:54 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2008/09/23 23:19:53 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2008/09/23 23:19:53 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2008/09/23 23:19:53 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2008/09/23 23:19:53 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2008/09/23 23:19:53 | 00,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstask.dll
[2008/09/23 23:19:53 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
[2008/09/23 23:19:53 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2008/09/23 23:19:53 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssdpsrv.dll
[2008/09/23 23:19:53 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll
[2008/09/23 23:19:53 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2008/09/23 23:19:53 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2008/09/23 23:19:53 | 00,019,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2008/09/23 23:19:52 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2008/09/23 23:19:52 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2008/09/23 23:19:52 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2008/09/23 23:19:52 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2008/09/23 23:19:52 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2008/09/23 23:19:52 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2008/09/23 23:19:52 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2008/09/23 23:19:52 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2008/09/23 23:19:52 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2008/09/23 23:19:52 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll
[2008/09/23 23:19:52 | 00,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2008/09/23 23:19:52 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys
[2008/09/23 23:19:52 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2008/09/23 23:19:52 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2008/09/23 23:19:52 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2008/09/23 23:19:52 | 00,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2008/09/23 23:19:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2008/09/23 23:19:52 | 00,031,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys
[2008/09/23 23:19:52 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2008/09/23 23:19:52 | 00,021,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys
[2008/09/23 23:19:51 | 01,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll
[2008/09/23 23:19:51 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2008/09/23 23:19:51 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2008/09/23 23:19:51 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2008/09/23 23:19:51 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2008/09/23 23:19:51 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2008/09/23 23:19:51 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2008/09/23 23:19:51 | 00,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2008/09/23 23:19:51 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2008/09/23 23:19:51 | 00,134,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbvideo.sys
[2008/09/23 23:19:51 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2008/09/23 23:19:51 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
[2008/09/23 23:19:51 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2008/09/23 23:19:51 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2008/09/23 23:19:51 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2008/09/23 23:19:51 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2008/09/23 23:19:51 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2008/09/23 23:19:50 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2008/09/23 23:19:50 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2008/09/23 23:19:50 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2008/09/23 23:19:50 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2008/09/23 23:19:50 | 00,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2008/09/23 23:19:50 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2008/09/23 23:19:50 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2008/09/23 23:19:50 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2008/09/23 23:19:50 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2008/09/23 23:19:50 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
[2008/09/23 23:19:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2008/09/23 23:19:50 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2008/09/23 23:19:50 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2008/09/23 23:19:50 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2008/09/23 23:19:50 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2008/09/23 23:19:50 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2008/09/23 23:19:50 | 00,080,047 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2008/09/23 23:19:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2008/09/23 23:19:50 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2008/09/23 23:19:50 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2008/09/23 23:19:50 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll
[2008/09/23 23:19:50 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2008/09/23 23:19:49 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2008/09/23 23:19:49 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2008/09/23 23:19:49 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2008/09/23 23:19:49 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2008/09/23 23:19:49 | 00,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2008/09/23 23:19:49 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2008/09/23 23:19:49 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll
[2008/09/23 23:19:49 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2008/09/23 23:19:49 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2008/09/23 23:19:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2008/09/23 23:19:49 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys
[2008/09/23 23:19:49 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2008/09/23 23:19:49 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2008/09/23 23:19:49 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2008/09/23 23:19:49 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2008/09/23 23:19:49 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2008/09/23 23:19:48 | 01,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2008/09/23 23:19:48 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2008/09/23 23:19:48 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2008/09/23 23:19:48 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2008/09/23 23:19:48 | 00,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2008/09/23 23:19:48 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2008/09/23 23:19:48 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys
[2008/09/23 23:19:48 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabview.dll
[2008/09/23 23:19:48 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\trkwks.dll
[2008/09/23 23:19:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2008/09/23 23:19:48 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mcx2Svc.dll
[2008/09/23 23:19:48 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2008/09/23 23:19:48 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2008/09/23 23:19:48 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2008/09/23 23:19:48 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2008/09/23 23:19:48 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2008/09/23 23:19:47 | 00,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2008/09/23 23:19:47 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2008/09/23 23:19:47 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2008/09/23 23:19:47 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2008/09/23 23:19:47 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2008/09/23 23:19:47 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2008/09/23 23:19:47 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2008/09/23 23:19:46 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2008/09/23 23:19:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2008/09/23 23:19:46 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2008/09/23 23:19:45 | 00,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsquery.dll
[2008/09/23 23:19:45 | 00,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2008/09/23 23:19:45 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2008/09/23 23:19:45 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2008/09/23 23:19:45 | 00,083,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys
[2008/09/23 23:19:45 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2008/09/23 23:19:45 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcss.dll
[2008/09/23 23:19:45 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2008/09/23 23:19:43 | 01,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2008/09/23 23:19:43 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2008/09/23 23:19:43 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2008/09/23 23:19:43 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2008/09/23 23:19:43 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2008/09/23 23:19:43 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll
[2008/09/23 23:19:42 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2008/09/23 23:19:42 | 02,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2008/09/23 23:19:42 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2008/09/23 23:19:42 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2008/09/23 23:19:42 | 00,349,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2008/09/23 23:19:42 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2008/09/23 23:19:42 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2008/09/23 23:19:42 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2008/09/23 23:19:42 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2008/09/23 23:19:42 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiexe.dll
[2008/09/23 23:19:42 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll
[2008/09/23 23:19:42 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2008/09/23 23:19:42 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2008/09/23 23:19:42 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2008/09/23 23:19:42 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
[2008/09/23 23:19:42 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2008/09/23 23:19:42 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2008/09/23 23:19:42 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2008/09/23 23:19:41 | 00,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2008/09/23 23:19:41 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2008/09/23 23:19:41 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2008/09/23 23:19:41 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2008/09/23 23:19:41 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2008/09/23 23:19:41 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2008/09/23 23:19:41 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2008/09/23 23:19:41 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll
[2008/09/23 23:19:41 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2008/09/23 23:19:41 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2008/09/23 23:19:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2008/09/23 23:19:41 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2008/09/23 23:19:41 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2008/09/23 23:19:41 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2008/09/23 23:19:41 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2008/09/23 23:19:41 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
[2008/09/23 23:19:41 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll
[2008/09/23 23:19:41 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2008/09/23 23:19:41 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2008/09/23 23:19:41 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2008/09/23 23:19:40 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2008/09/23 23:19:40 | 00,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll
[2008/09/23 23:19:40 | 00,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2008/09/23 23:19:40 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2008/09/23 23:19:40 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2008/09/23 23:19:40 | 00,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2008/09/23 23:19:40 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2008/09/23 23:19:40 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2008/09/23 23:19:40 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\regedit.exe
[2008/09/23 23:19:40 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2008/09/23 23:19:40 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2008/09/23 23:19:40 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\alg.exe
[2008/09/23 23:19:40 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2008/09/23 23:19:40 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2008/09/23 23:19:40 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssec.dll
[2008/09/23 23:19:39 | 01,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2008/09/23 23:19:39 | 00,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
[2008/09/23 23:19:39 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2008/09/23 23:19:39 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msieftp.dll
[2008/09/23 23:19:39 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2008/09/23 23:19:39 | 00,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2008/09/23 23:19:39 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2008/09/23 23:19:39 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2008/09/23 23:19:39 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2008/09/23 23:19:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2008/09/23 23:19:39 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2008/09/23 23:19:39 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2008/09/23 23:19:39 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2008/09/23 23:19:39 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2008/09/23 23:19:39 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbssvc.dll
[2008/09/23 23:19:39 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2008/09/23 23:19:39 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2008/09/23 23:19:39 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
[2008/09/23 23:19:39 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2008/09/23 23:19:39 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2008/09/23 23:19:38 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2008/09/23 23:19:38 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2008/09/23 23:19:38 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2008/09/23 23:19:38 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2008/09/23 23:19:38 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2008/09/23 23:19:38 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll
[2008/09/23 23:19:38 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2008/09/23 23:19:38 | 00,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2008/09/23 23:19:38 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2008/09/23 23:19:38 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2008/09/23 23:19:38 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2008/09/23 23:19:38 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2008/09/23 23:19:38 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2008/09/23 23:19:38 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2008/09/23 23:19:38 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2008/09/23 23:19:38 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe
[2008/09/23 23:19:37 | 02,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2008/09/23 23:19:37 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodev.dll
[2008/09/23 23:19:37 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2008/09/23 23:19:37 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2008/09/23 23:19:37 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
[2008/09/23 23:19:37 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2008/09/23 23:19:37 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcshext.dll
[2008/09/23 23:19:37 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2008/09/23 23:19:37 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2008/09/23 23:19:37 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2008/09/23 23:19:37 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2008/09/23 23:19:37 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2008/09/23 23:19:37 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2008/09/23 23:19:37 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2008/09/23 23:19:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2008/09/23 23:19:37 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2008/09/23 23:19:37 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
[2008/09/23 23:19:37 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2008/09/23 23:19:37 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appinfo.dll
[2008/09/23 23:19:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2008/09/23 23:19:37 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2008/09/23 23:19:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2008/09/23 23:19:36 | 00,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2008/09/23 23:19:36 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browser.dll
[2008/09/23 23:19:36 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2008/09/23 23:19:36 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
[2008/09/23 23:19:34 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2008/09/23 23:19:34 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsuiext.dll
[2008/09/23 23:19:34 | 00,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2008/09/23 23:19:34 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2008/09/23 23:19:34 | 00,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2008/09/23 23:19:34 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2008/09/23 23:19:34 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2008/09/23 23:19:34 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2008/09/23 23:19:34 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2008/09/23 23:19:34 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquoui.dll
[2008/09/23 23:19:34 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2008/09/23 23:19:34 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2008/09/23 23:19:34 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2008/09/23 23:19:34 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2008/09/23 23:19:34 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2008/09/23 23:19:34 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2008/09/23 23:19:34 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2008/09/23 23:19:34 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2008/09/23 23:19:34 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFSvc.dll
[2008/09/23 23:19:34 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2008/09/23 23:19:34 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys
[2008/09/23 23:19:34 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2008/09/23 23:19:34 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2008/09/23 23:19:34 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2008/09/23 23:19:34 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2008/09/23 23:19:34 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2008/09/23 23:19:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2008/09/23 23:19:34 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2008/09/23 23:19:33 | 00,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2008/09/23 23:19:33 | 00,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiashext.dll
[2008/09/23 23:19:33 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2008/09/23 23:19:33 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2008/09/23 23:19:33 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2008/09/23 23:19:33 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2008/09/23 23:19:33 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shimgvw.dll
[2008/09/23 23:19:33 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2008/09/23 23:19:33 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
[2008/09/23 23:19:33 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2008/09/23 23:19:33 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2008/09/23 23:19:33 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2008/09/23 23:19:33 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2008/09/23 23:19:33 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Sens.dll
[2008/09/23 23:19:33 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2008/09/23 23:19:33 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2008/09/23 23:19:33 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2008/09/23 23:19:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\seclogon.dll
[2008/09/23 23:19:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2008/09/23 23:19:33 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2008/09/23 23:19:32 | 01,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2008/09/23 23:19:32 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2008/09/23 23:19:32 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2008/09/23 23:19:32 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2008/09/23 23:19:32 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2008/09/23 23:19:32 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2008/09/23 23:19:32 | 00,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2008/09/23 23:19:32 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2008/09/23 23:19:32 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2008/09/23 23:19:32 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2008/09/23 23:19:32 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2008/09/23 23:19:32 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2008/09/23 23:19:32 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2008/09/23 23:19:32 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2008/09/23 23:19:32 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2008/09/23 23:19:32 | 00,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2008/09/23 23:19:32 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2008/09/23 23:19:32 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2008/09/23 23:19:32 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2008/09/23 23:19:32 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2008/09/23 23:19:32 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2008/09/23 23:19:32 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2008/09/23 23:19:32 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2008/09/23 23:19:31 | 00,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2008/09/23 23:19:31 | 00,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2008/09/23 23:19:31 | 00,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2008/09/23 23:19:31 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2008/09/23 23:19:31 | 00,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2008/09/23 23:19:31 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2008/09/23 23:19:31 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2008/09/23 23:19:31 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2008/09/23 23:19:31 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2008/09/23 23:19:31 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2008/09/23 23:19:31 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2008/09/23 23:19:31 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2008/09/23 23:19:31 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2008/09/23 23:19:31 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll
[2008/09/23 23:19:31 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
[2008/09/23 23:19:31 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2008/09/23 23:19:31 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcasvc.dll
[2008/09/23 23:19:31 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2008/09/23 23:19:31 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2008/09/23 23:19:31 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2008/09/23 23:19:31 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2008/09/23 23:19:31 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2008/09/23 23:19:31 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll
[2008/09/23 23:19:30 | 01,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2008/09/23 23:19:30 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2008/09/23 23:19:30 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2008/09/23 23:19:30 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2008/09/23 23:19:30 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2008/09/23 23:19:30 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2008/09/23 23:19:30 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2008/09/23 23:19:30 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2008/09/23 23:19:30 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2008/09/23 23:19:30 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2008/09/23 23:19:30 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2008/09/23 23:19:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2008/09/23 23:19:30 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2008/09/23 23:19:30 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2008/09/23 23:19:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2008/09/23 23:19:30 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2008/09/23 23:19:30 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2008/09/23 23:19:30 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2008/09/23 23:19:30 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2008/09/23 23:19:30 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2008/09/23 23:19:30 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2008/09/23 23:19:30 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
[2008/09/23 23:19:30 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2008/09/23 23:19:30 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2008/09/23 23:19:30 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll
[2008/09/23 23:19:30 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2008/09/23 23:19:30 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nsisvc.dll
[2008/09/23 23:19:30 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2008/09/23 23:19:30 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2008/09/23 23:19:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdPHost.dll
[2008/09/23 23:19:29 | 01,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2008/09/23 23:19:29 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2008/09/23 23:19:29 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2008/09/23 23:19:29 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2008/09/23 23:19:29 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2008/09/23 23:19:29 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2008/09/23 23:19:29 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rshx32.dll
[2008/09/23 23:19:29 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2008/09/23 23:19:29 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2008/09/23 23:19:29 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll
[2008/09/23 23:19:29 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2008/09/23 23:19:29 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll
[2008/09/23 23:19:27 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2008/09/23 23:19:27 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2008/09/23 23:19:27 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll
[2008/09/23 23:19:27 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2008/09/23 23:19:27 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys
[2008/09/23 23:19:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2008/09/23 23:19:27 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2008/09/23 23:19:27 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2008/09/23 23:19:27 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2008/09/23 23:19:27 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe
[2008/09/23 23:19:27 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2008/09/23 23:19:27 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2008/09/23 23:19:26 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2008/09/23 23:19:26 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2008/09/23 23:19:26 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2008/09/23 23:19:26 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpshell.dll
[2008/09/23 23:19:26 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2008/09/23 23:19:26 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2008/09/23 23:19:26 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2008/09/23 23:19:26 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2008/09/23 23:19:26 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2008/09/23 23:19:26 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2008/09/23 23:19:26 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2008/09/23 23:19:26 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2008/09/23 23:19:26 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll
[2008/09/23 23:19:26 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2008/09/23 23:19:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2008/09/23 23:19:26 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2008/09/23 23:19:26 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2008/09/23 23:19:25 | 01,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2008/09/23 23:19:25 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2008/09/23 23:19:25 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2008/09/23 23:19:25 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2008/09/23 23:19:25 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2008/09/23 23:19:25 | 00,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2008/09/23 23:19:25 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2008/09/23 23:19:25 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2008/09/23 23:19:25 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll
[2008/09/23 23:19:25 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\remotepg.dll
[2008/09/23 23:19:25 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2008/09/23 23:19:25 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2008/09/23 23:19:25 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
[2008/09/23 23:19:25 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2008/09/23 23:19:25 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2008/09/23 23:19:25 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2008/09/23 23:19:25 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2008/09/23 23:19:25 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2008/09/23 23:19:25 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2008/09/23 23:19:25 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2008/09/23 23:19:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2008/09/23 23:19:24 | 00,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2008/09/23 23:19:24 | 00,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2008/09/23 23:19:24 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2008/09/23 23:19:24 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2008/09/23 23:19:24 | 00,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll
[2008/09/23 23:19:24 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2008/09/23 23:19:24 | 00,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2008/09/23 23:19:24 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2008/09/23 23:19:24 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll
[2008/09/23 23:19:24 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2008/09/23 23:19:24 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2008/09/23 23:19:24 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2008/09/23 23:19:24 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2008/09/23 23:19:24 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2008/09/23 23:19:24 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2008/09/23 23:19:24 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2008/09/23 23:19:24 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2008/09/23 23:19:24 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2008/09/23 23:19:24 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2008/09/23 23:19:24 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2008/09/23 23:19:24 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2008/09/23 23:19:24 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2008/09/23 23:19:24 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll
[2008/09/23 23:19:24 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2008/09/23 23:19:24 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2008/09/23 23:19:24 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2008/09/23 23:19:24 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2008/09/23 23:19:23 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2008/09/23 23:19:23 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtc.exe
[2008/09/23 23:19:23 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2008/09/23 23:19:23 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2008/09/23 23:19:23 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2008/09/23 23:19:23 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2008/09/23 23:19:23 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2008/09/23 23:19:23 | 00,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2008/09/23 23:19:22 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2008/09/23 23:19:22 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2008/09/23 23:19:22 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2008/09/23 23:19:22 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2008/09/23 23:19:22 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2008/09/23 23:19:22 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2008/09/23 23:19:22 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasauto.dll
[2008/09/23 23:19:22 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2008/09/23 23:19:22 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2008/09/23 23:19:22 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2008/09/23 23:19:22 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2008/09/23 23:19:22 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2008/09/23 23:19:22 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2008/09/23 23:19:22 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2008/09/23 23:19:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2008/09/23 23:19:22 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2008/09/23 23:19:22 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2008/09/23 23:19:22 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2008/09/23 23:19:21 | 00,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2008/09/23 23:19:21 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2008/09/23 23:19:21 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2008/09/23 23:19:21 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itss.dll
[2008/09/23 23:19:21 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/09/23 23:19:21 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2008/09/23 23:19:21 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2008/09/23 23:19:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2008/09/23 23:19:21 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2008/09/23 23:19:21 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll
[2008/09/23 23:19:21 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2008/09/23 23:19:21 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2008/09/23 23:19:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2008/09/23 23:19:21 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2008/09/23 23:19:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2008/09/23 23:19:21 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2008/09/23 23:19:21 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2008/09/23 23:19:21 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2008/09/23 23:19:20 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2008/09/23 23:19:20 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2008/09/23 23:19:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll
[2008/09/23 23:19:19 | 05,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2008/09/23 23:19:19 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2008/09/23 23:19:19 | 00,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2008/09/23 23:19:19 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mydocs.dll
[2008/09/23 23:19:19 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2008/09/23 23:19:19 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2008/09/23 23:19:19 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2008/09/23 23:19:19 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2008/09/23 23:19:19 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2008/09/23 23:19:19 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2008/09/23 23:19:19 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll
[2008/09/23 23:19:19 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2008/09/23 23:19:19 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2008/09/23 23:19:19 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2008/09/23 23:19:19 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2008/09/23 23:19:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll
[2008/09/23 23:19:19 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2008/09/23 23:19:19 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2008/09/23 23:19:19 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2008/09/23 23:19:18 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2008/09/23 23:19:18 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2008/09/23 23:19:18 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2008/09/23 23:19:18 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2008/09/23 23:19:18 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2008/09/23 23:19:18 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2008/09/23 23:19:18 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2008/09/23 23:19:18 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2008/09/23 23:19:18 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2008/09/23 23:19:18 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2008/09/23 23:19:18 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2008/09/23 23:19:18 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll
[2008/09/23 23:19:18 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys
[2008/09/23 23:19:18 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys
[2008/09/23 23:19:18 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2008/09/23 23:19:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll
[2008/09/23 23:19:18 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2008/09/23 23:19:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2008/09/23 23:19:18 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2008/09/23 23:19:18 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2008/09/23 23:19:18 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2008/09/23 23:19:18 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2008/09/23 23:19:18 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2008/09/23 23:19:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2008/09/23 23:19:18 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2008/09/23 23:19:18 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\asyncmac.sys
[2008/09/23 23:19:18 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2008/09/23 23:19:18 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2008/09/23 23:19:18 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2008/09/23 23:19:18 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll
[2008/09/23 23:19:18 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2008/09/23 23:19:18 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2008/09/23 23:19:18 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2008/09/23 23:19:18 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
[2008/09/23 23:19:17 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2008/09/23 23:19:17 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2008/09/23 23:19:17 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2008/09/23 23:19:17 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2008/09/23 23:19:17 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2008/09/23 23:19:17 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2008/09/23 23:19:17 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll
[2008/09/23 23:19:17 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2008/09/23 23:19:17 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2008/09/23 23:19:17 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2008/09/23 23:19:17 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2008/09/23 23:19:17 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2008/09/23 23:19:17 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2008/09/23 23:19:17 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll
[2008/09/23 23:19:17 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2008/09/23 23:19:17 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys
[2008/09/23 23:19:17 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2008/09/23 23:19:17 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2008/09/23 23:19:17 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2008/09/23 23:19:17 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
[2008/09/23 23:19:17 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll
[2008/09/23 23:19:17 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
[2008/09/23 23:19:16 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2008/09/23 23:19:16 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll
[2008/09/23 23:19:16 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2008/09/23 23:19:16 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2008/09/23 23:19:16 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys
[2008/09/23 23:19:16 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys
[2008/09/23 23:19:16 | 00,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2008/09/23 23:19:16 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psbase.dll
[2008/09/23 23:19:16 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2008/09/23 23:19:16 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2008/09/23 23:19:16 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2008/09/23 23:19:16 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys
[2008/09/23 23:19:16 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2008/09/23 23:19:16 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2008/09/23 23:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2008/09/23 23:19:15 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2008/09/23 23:19:15 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2008/09/23 23:19:15 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys
[2008/09/23 23:19:15 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2008/09/23 23:19:15 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2008/09/23 23:19:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2008/09/23 23:19:15 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2008/09/23 23:19:15 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys
[2008/09/23 23:19:15 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2008/09/23 23:19:15 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2008/09/23 23:19:15 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2008/09/23 23:19:15 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2008/09/23 23:19:15 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
[2008/09/23 23:19:15 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2008/09/23 23:19:15 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2008/09/23 23:19:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2008/09/23 23:19:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
[2008/09/23 23:19:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2008/09/23 23:19:14 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2008/09/23 23:19:14 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2008/09/23 23:19:14 | 00,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2008/09/23 23:19:14 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipfltdrv.sys
[2008/09/23 23:19:14 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2008/09/23 23:19:14 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2008/09/23 23:19:14 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2008/09/23 23:19:14 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2008/09/23 23:19:14 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2008/09/23 23:19:14 | 00,009,987 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2008/09/23 23:19:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2008/09/23 23:19:13 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2008/09/23 23:19:13 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2008/09/23 23:19:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2008/09/23 23:19:12 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2008/09/23 23:19:12 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2008/09/23 23:19:12 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2008/09/23 23:19:12 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2008/09/23 23:19:12 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll
[2008/09/23 23:19:12 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2008/09/23 23:19:11 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2008/09/23 23:19:11 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2008/09/23 23:19:11 | 00,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2008/09/23 23:19:11 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2008/09/23 23:19:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2008/09/23 23:19:11 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2008/09/23 23:19:11 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2008/09/23 23:19:11 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2008/09/23 23:19:11 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys
[2008/09/23 23:19:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll
[2008/09/23 23:19:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2008/09/23 23:19:11 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll
[2008/09/23 23:19:11 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2008/09/23 23:19:11 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys
[2008/09/23 23:19:10 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2008/09/23 23:19:10 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2008/09/23 23:19:10 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2008/09/23 23:19:10 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2008/09/23 23:19:10 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2008/09/23 23:19:10 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys
[2008/09/23 23:19:10 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\modem.sys
[2008/09/23 23:19:10 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys
[2008/09/23 23:19:10 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2008/09/23 23:19:10 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2008/09/23 23:19:10 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2008/09/23 23:19:10 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LogonUI.exe
[2008/09/23 23:19:10 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2008/09/23 23:19:10 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2008/09/23 23:19:09 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
[2008/09/23 23:19:09 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2008/09/23 23:19:08 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2008/09/23 23:19:07 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2008/09/23 23:19:06 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll
[2008/09/23 23:19:06 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys
[2008/09/23 23:19:06 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2008/09/23 23:19:06 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2008/09/23 23:19:06 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2008/09/23 23:19:06 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2008/09/23 23:19:06 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2008/09/23 23:19:05 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys
[2008/09/23 23:19:05 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2008/09/23 23:19:04 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2008/09/23 23:19:04 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2008/09/23 23:19:04 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll
[2008/09/23 23:19:04 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2008/09/23 23:19:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2008/09/23 23:19:04 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys
[2008/09/23 23:19:04 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008/09/23 23:19:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys
[2008/09/23 23:19:04 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2008/09/23 23:19:03 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll
[2008/09/23 23:19:03 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2008/09/23 23:19:03 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\CmBatt.sys
[2008/09/23 23:19:03 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2008/09/23 23:19:03 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rasacd.sys
[2008/09/23 23:19:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll
[2008/09/23 23:19:03 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rootmdm.sys
[2008/09/23 23:19:03 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2008/09/23 23:19:02 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2008/09/23 23:19:02 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2008/09/23 23:19:02 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2008/09/23 23:19:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2008/09/23 23:19:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2008/09/23 23:19:02 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys
[2008/09/23 23:19:02 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2008/09/23 23:19:02 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys
[2008/09/23 23:19:01 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2008/09/23 23:19:01 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2008/09/23 23:19:01 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys
[2008/09/23 23:19:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys
[2008/09/23 23:19:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys
[2008/09/23 23:19:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmkaud.sys
[2008/09/23 23:19:01 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys
[2008/09/23 23:19:00 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2008/09/23 23:19:00 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2008/09/23 23:19:00 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2008/09/23 23:19:00 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2008/09/23 23:19:00 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2008/09/23 23:19:00 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys
[2008/09/23 23:19:00 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2008/09/23 23:19:00 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys
[2008/09/23 23:19:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2008/09/23 23:19:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2008/09/23 23:19:00 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2008/09/23 23:18:59 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2008/09/23 23:18:59 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2008/09/23 23:18:59 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys
[2008/09/23 23:18:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2008/09/23 23:18:59 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2008/09/23 23:18:58 | 00,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2008/09/23 23:18:58 | 00,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2008/09/23 23:18:58 | 00,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2008/09/23 23:18:57 | 00,000,150 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2008/09/23 23:18:54 | 00,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2008/09/23 23:18:54 | 00,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2008/09/23 23:18:54 | 00,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2008/09/23 23:18:21 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
[2008/09/23 23:18:20 | 00,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2008/09/23 23:18:14 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2008/09/23 23:18:14 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2008/09/23 23:18:08 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2008/09/23 23:18:07 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2008/09/23 23:17:50 | 00,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2008/09/23 23:17:50 | 00,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2008/09/23 23:17:50 | 00,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2008/09/23 23:17:50 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Users\Parker Family\Documents\*.tmp files]
[2008/10/18 11:07:36 | 00,522,214 | ---- | M] () -- C:\Users\Parker Family\Desktop\LopSD.exe
[2008/10/18 10:48:03 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Users\Parker Family\Desktop\OTViewIt.exe
[2008/10/18 09:18:18 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2008/10/18 09:18:18 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2008/10/18 07:18:19 | 00,000,523 | ---- | M] () -- C:\Users\Parker Family\Documents\My Sharing Folders.lnk
[2008/10/16 15:10:40 | 00,001,967 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Messenger .lnk
[2008/10/16 15:09:38 | 00,028,095 | ---- | M] () -- C:\Users\Parker Family\AppData\Roaming\nvModes.001
[2008/10/16 15:09:26 | 00,002,349 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
[2008/10/16 09:22:48 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/10/16 09:22:48 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2008/10/16 09:22:48 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2008/10/16 09:18:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2008/10/16 09:18:10 | 00,397,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2008/10/16 09:18:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2008/10/16 09:17:29 | 20,791,50080 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/16 09:16:15 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2008/10/16 09:15:24 | 02,408,786 | -H-- | M] () -- C:\Users\Parker Family\AppData\Local\IconCache.db
[2008/10/16 09:09:05 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2008/10/14 18:06:54 | 00,060,737 | ---- | M] () -- C:\Users\Parker Family\Desktop\gzip.zip
[2008/10/14 17:57:50 | 00,004,979 | ---- | M] () -- C:\Users\Parker Family\Desktop\Godbow Package.rar
[2008/10/14 07:00:19 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2008/10/13 21:49:05 | 00,000,516 | ---- | M] () -- C:\Windows\tasks\Norton Security Online - Run Full System Scan - Parker Family.job
[2008/10/13 18:48:17 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2008/10/13 18:31:31 | 00,000,280 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
[2008/10/13 18:31:31 | 00,000,174 | -HS- | M] () -- C:\Users\Public\Desktop\desktop.ini
[2008/10/13 18:31:31 | 00,000,174 | -HS- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/10/13 17:51:14 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2008/10/13 17:51:12 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2008/10/11 10:36:22 | 00,008,704 | ---- | M] () -- C:\Users\Parker Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/08 19:00:00 | 00,006,082 | ---- | M] () -- C:\Users\Parker Family\Desktop\Barrowsb.dat.gz
[2008/10/07 14:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2008/10/01 22:49:19 | 01,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2008/10/01 22:49:19 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2008/10/01 22:49:16 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2008/10/01 22:49:15 | 03,578,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2008/10/01 22:49:14 | 06,068,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2008/10/01 22:49:14 | 00,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2008/10/01 22:49:14 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2008/10/01 20:32:38 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
< End of report >

#7 Mrparkers

Mrparkers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 18 October 2008 - 11:27 PM

Here's my new LOP log:


--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-64 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Parker Family ( Administrator )
BOOT : Normal boot
Antivirus : Norton Security Online 2007 (Activated)
Firewall : Norton Security Online 2007 (Activated)
C:\ (Local Disk) - NTFS - Total : 140 Go Free : 94 Go
D:\ (Local Disk) - NTFS - Total : 8 Go Free : 1 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( Sat 10/18/2008|11:09 )

[ UAC => 0 ]

--------------------\\ Listing folders in Local

[12/23/2007|04:47] C:\Users\PARKER~1\AppData\Local\<DIR> Adobe
[01/10/2008|05:15] C:\Users\PARKER~1\AppData\Local\<DIR> AOL
[01/10/2008|05:15] C:\Users\PARKER~1\AppData\Local\<DIR> AOL OCP
[09/07/2008|11:12] C:\Users\PARKER~1\AppData\Local\<DIR> Apple
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> Application Data
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 AtStart.txt
[10/11/2008|10:36] C:\Users\PARKER~1\AppData\Local\8,704 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 DSwitch.txt
[07/08/2008|08:38] C:\Users\PARKER~1\AppData\Local\109,080 GDIPFONTCACHEV1.DAT
[12/28/2007|01:44] C:\Users\PARKER~1\AppData\Local\<DIR> Google
[11/29/2007|07:42] C:\Users\PARKER~1\AppData\Local\<DIR> Hewlett-Packard
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> History
[12/29/2007|10:23] C:\Users\PARKER~1\AppData\Local\<DIR> HP Guide
[10/16/2008|09:15] C:\Users\PARKER~1\AppData\Local\2,408,786 IconCache.db
[11/29/2007|10:07] C:\Users\PARKER~1\AppData\Local\<DIR> IsolatedStorage
[04/10/2008|09:41] C:\Users\PARKER~1\AppData\Local\<DIR> Microsoft
[03/12/2008|05:04] C:\Users\PARKER~1\AppData\Local\<DIR> Microsoft Help
[03/21/2008|01:57] C:\Users\PARKER~1\AppData\Local\<DIR> Mozilla
[12/15/2007|08:20] C:\Users\PARKER~1\AppData\Local\<DIR> My Games
[08/07/2008|03:16] C:\Users\PARKER~1\AppData\Local\<DIR> Opera
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 QSwitch.txt
[02/02/2008|03:19] C:\Users\PARKER~1\AppData\Local\<DIR> QuickPlay
[10/18/2008|11:07] C:\Users\PARKER~1\AppData\Local\<DIR> Temp
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> Temporary Internet Files
[02/02/2008|03:14] C:\Users\PARKER~1\AppData\Local\<DIR> VirtualStore
[12/28/2007|11:58] C:\Users\PARKER~1\AppData\Local\<DIR> WindowsUpdate

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[10/13/2008 09:49 PM][--a------] C:\Windows\tasks\Norton Security Online - Run Full System Scan - Parker Family.job
[10/16/2008 09:18 AM][--ah-----] C:\Windows\tasks\SA.DAT
[10/16/2008 09:16 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[08/04/2007|09:33] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/13/2008|06:48] C:\ProgramData\<DIR> Adobe
[01/10/2008|05:11] C:\ProgramData\<DIR> AOL
[01/10/2008|05:16] C:\ProgramData\<DIR> AOL OCP
[09/07/2008|11:12] C:\ProgramData\<DIR> Apple
[09/07/2008|11:15] C:\ProgramData\<DIR> Apple Computer
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Application Data
[08/04/2008|07:18] C:\ProgramData\<DIR> CA
[07/05/2008|05:15] C:\ProgramData\16 City Phone Phone.2yj7cax
[07/26/2008|08:29] C:\ProgramData\401,424 City Phone Phone.3533xmk
[07/05/2008|01:01] C:\ProgramData\262,160 City Phone Phone.5qily
[07/05/2008|11:33] C:\ProgramData\36,880 City Phone Phone.82ay5
[07/06/2008|12:02] C:\ProgramData\188,432 City Phone Phone.alzznn3
[07/06/2008|10:53] C:\ProgramData\73,744 City Phone Phone.b7r1i
[07/05/2008|10:56] C:\ProgramData\8,208 City Phone Phone.c6re6kv
[07/05/2008|12:17] C:\ProgramData\307,216 City Phone Phone.e7oqg
[07/26/2008|08:29] C:\ProgramData\348,176 City Phone Phone.eyojq
[07/06/2008|11:15] C:\ProgramData\12,304 City Phone Phone.fm49bl
[07/06/2008|09:26] C:\ProgramData\24,592 City Phone Phone.gct6h
[07/05/2008|11:11] C:\ProgramData\286,736 City Phone Phone.l07tn
[07/06/2008|12:45] C:\ProgramData\24,592 City Phone Phone.o7st4
[07/05/2008|04:53] C:\ProgramData\213,008 City Phone Phone.pwnrt
[07/06/2008|12:23] C:\ProgramData\233,488 City Phone Phone.sre23
[07/05/2008|11:18] C:\ProgramData\213,008 City Phone Phone.uzi1jz
[07/05/2008|11:11] C:\ProgramData\12,304 City Phone Phone.z5auhym
[07/05/2008|11:55] C:\ProgramData\196,624 City Phone Phone.zgm8yy
[07/26/2008|08:30] C:\ProgramData\8,208 Corn Coal Keep.la5j3b
[08/04/2008|07:22] C:\ProgramData\29 counter.cfg
[08/04/2007|09:35] C:\ProgramData\<DIR> CyberLink
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Desktop
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Documents
[05/31/2008|11:44] C:\ProgramData\<DIR> DynDNS
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Favorites
[12/28/2007|01:27] C:\ProgramData\<DIR> Google
[08/04/2008|07:22] C:\ProgramData\<DIR> Gtek
[11/29/2007|07:42] C:\ProgramData\<DIR> Hewlett-Packard
[11/29/2007|08:21] C:\ProgramData\<DIR> HP
[08/04/2007|09:44] C:\ProgramData\320 hpzinstall.log
[06/05/2008|05:05] C:\ProgramData\<DIR> Media Center Programs
[07/26/2008|08:30] C:\ProgramData\<DIR> Memo Drive Vc Log
[09/10/2008|05:40] C:\ProgramData\<DIR> Messenger Plus!
[04/30/2008|03:16] C:\ProgramData\<DIR> Microsoft
[10/16/2008|09:04] C:\ProgramData\<DIR> Microsoft Help
[10/13/2008|06:45] C:\ProgramData\<DIR> NVIDIA
[07/25/2008|09:56] C:\ProgramData\<DIR> Protexis
[08/04/2007|09:13] C:\ProgramData\<DIR> Roxio
[08/04/2007|09:08] C:\ProgramData\<DIR> Sonic
[04/30/2008|03:47] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Start Menu
[10/13/2008|07:57] C:\ProgramData\<DIR> Symantec
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Templates
[01/10/2008|05:11] C:\ProgramData\<DIR> Viewpoint
[02/06/2008|11:15] C:\ProgramData\<DIR> WildTangent
[07/10/2008|09:02] C:\ProgramData\<DIR> WinZip
[07/08/2008|08:29] C:\ProgramData\<DIR> WLInstaller
[07/05/2008|09:27] C:\ProgramData\<DIR> XL Delete
[08/04/2008|06:27] C:\ProgramData\<DIR> Yahoo!
[12/01/2007|08:24] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[08/04/2007|09:33] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[10/13/2008|06:48] C:\Program Files\<DIR> Adobe
[01/10/2008|05:15] C:\Program Files\<DIR> AIM6
[09/07/2008|11:12] C:\Program Files\<DIR> Apple Software Update
[12/23/2007|02:20] C:\Program Files\<DIR> Cat Daddy Games
[07/25/2008|10:40] C:\Program Files\<DIR> Cavaj Java Decompiler
[06/25/2008|10:22] C:\Program Files\<DIR> Citrix
[08/04/2008|06:53] C:\Program Files\<DIR> Common Files
[12/28/2007|11:59] C:\Program Files\<DIR> CONEXANT
[07/24/2008|04:35] C:\Program Files\<DIR> decomp
[12/03/2007|04:47] C:\Program Files\<DIR> Disney
[01/15/2008|09:25] C:\Program Files\<DIR> DivX
[05/31/2008|11:44] C:\Program Files\<DIR> DynDNS Updater
[08/04/2007|09:46] C:\Program Files\<DIR> earthlink totalaccess
[07/05/2008|09:08] C:\Program Files\<DIR> FileDeleter
[12/15/2007|07:26] C:\Program Files\<DIR> Firaxis Games
[12/29/2007|09:31] C:\Program Files\<DIR> Google
[06/05/2008|05:05] C:\Program Files\<DIR> Guild Wars
[02/02/2008|11:36] C:\Program Files\<DIR> Hewlett-Packard
[08/04/2007|10:19] C:\Program Files\<DIR> HP
[12/01/2007|08:25] C:\Program Files\<DIR> HP Bluetooth Laser Mobile Mouse
[01/25/2008|03:43] C:\Program Files\<DIR> HP DeskJet 720C Series
[08/04/2007|09:53] C:\Program Files\<DIR> HP Games
[08/04/2007|10:04] C:\Program Files\<DIR> HPQ
[02/02/2008|11:36] C:\Program Files\<DIR> InstallShield Installation Information
[10/13/2008|06:18] C:\Program Files\<DIR> Internet Explorer
[08/04/2008|07:37] C:\Program Files\<DIR> Java
[06/25/2008|10:06] C:\Program Files\<DIR> Juniper Networks
[12/23/2007|06:09] C:\Program Files\<DIR> Maxis
[09/07/2008|08:28] C:\Program Files\<DIR> Messenger Plus! Live
[12/01/2007|05:58] C:\Program Files\<DIR> Microsoft ActiveSync
[11/02/2006|07:37] C:\Program Files\<DIR> Microsoft Games
[12/01/2007|05:56] C:\Program Files\<DIR> Microsoft Office
[09/10/2008|09:03] C:\Program Files\<DIR> Microsoft Works
[08/04/2007|09:31] C:\Program Files\<DIR> Microsoft.NET
[10/13/2008|06:18] C:\Program Files\<DIR> Movie Maker
[09/24/2008|05:57] C:\Program Files\<DIR> Mozilla Firefox
[11/02/2006|07:37] C:\Program Files\<DIR> MSBuild
[11/29/2007|08:11] C:\Program Files\<DIR> MSXML 4.0
[08/04/2007|09:56] C:\Program Files\<DIR> muvee Technologies
[08/04/2007|09:47] C:\Program Files\<DIR> Online Services
[08/07/2008|03:16] C:\Program Files\<DIR> Opera
[09/07/2008|11:16] C:\Program Files\<DIR> QuickTime
[08/04/2007|10:02] C:\Program Files\<DIR> Real
[11/02/2006|07:37] C:\Program Files\<DIR> Reference Assemblies
[08/04/2007|10:02] C:\Program Files\<DIR> Rhapsody
[08/04/2007|09:13] C:\Program Files\<DIR> Roxio
[08/04/2008|07:38] C:\Program Files\<DIR> Sun
[10/13/2008|07:57] C:\Program Files\<DIR> Symantec
[08/04/2007|08:35] C:\Program Files\<DIR> Synaptics
[02/02/2008|02:50] C:\Program Files\<DIR> SystemRequirementsLab
[11/02/2006|08:01] C:\Program Files\<DIR> Uninstall Information
[01/10/2008|05:12] C:\Program Files\<DIR> Viewpoint
[08/04/2007|09:58] C:\Program Files\<DIR> Vongo
[11/29/2007|07:38] C:\Program Files\<DIR> WIDCOMM
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Calendar
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Collaboration
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Defender
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Journal
[04/06/2008|12:16] C:\Program Files\<DIR> Windows Live
[10/17/2008|04:02] C:\Program Files\<DIR> Windows Live Safety Center
[10/16/2008|09:15] C:\Program Files\<DIR> Windows Mail
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|07:37] C:\Program Files\<DIR> Windows NT
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Photo Gallery
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Sidebar
[07/11/2008|01:36] C:\Program Files\<DIR> WinRAR
[07/11/2008|01:31] C:\Program Files\<DIR> WinZip
[08/04/2008|05:53] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/13/2008|06:48] C:\Program Files\Common Files\<DIR> Adobe
[01/21/2008|09:39] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[01/10/2008|05:11] C:\Program Files\Common Files\<DIR> AOL
[08/04/2007|09:31] C:\Program Files\Common Files\<DIR> DESIGNER
[08/04/2007|09:43] C:\Program Files\Common Files\<DIR> HP
[08/04/2007|10:01] C:\Program Files\Common Files\<DIR> InstallShield
[08/04/2007|10:23] C:\Program Files\Common Files\<DIR> Java
[08/04/2007|10:04] C:\Program Files\Common Files\<DIR> LightScribe
[08/06/2008|03:38] C:\Program Files\Common Files\<DIR> microsoft shared
[08/04/2007|09:57] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/04/2007|09:12] C:\Program Files\Common Files\<DIR> Roxio Shared
[11/02/2006|06:18] C:\Program Files\Common Files\<DIR> Services
[08/04/2007|09:12] C:\Program Files\Common Files\<DIR> Sonic Shared
[11/02/2006|06:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/04/2007|09:14] C:\Program Files\Common Files\<DIR> SureThing Shared
[12/29/2007|03:16] C:\Program Files\Common Files\<DIR> SWF Studio
[08/04/2008|06:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[10/13/2008|06:18] C:\Program Files\Common Files\<DIR> System
[07/08/2008|08:36] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 77 Processes )

iexplore.exe ~ [PID:3972]

--------------------\\ Searching with S_Lop

C:\ProgramData\City Phone Phone.5qily
C:\ProgramData\City Phone Phone.82ay5
C:\ProgramData\City Phone Phone.b7r1i
C:\ProgramData\City Phone Phone.e7oqg
C:\ProgramData\City Phone Phone.eyojq
C:\ProgramData\City Phone Phone.gct6h
C:\ProgramData\City Phone Phone.l07tn
C:\ProgramData\City Phone Phone.o7st4
C:\ProgramData\City Phone Phone.pwnrt
C:\ProgramData\City Phone Phone.sre23
C:\ProgramData\City Phone Phone.fm49bl
C:\ProgramData\City Phone Phone.uzi1jz
C:\ProgramData\City Phone Phone.zgm8yy
C:\ProgramData\Corn Coal Keep.la5j3b
C:\ProgramData\City Phone Phone.2yj7cax
C:\ProgramData\City Phone Phone.3533xmk
C:\ProgramData\City Phone Phone.alzznn3
C:\ProgramData\City Phone Phone.c6re6kv
C:\ProgramData\City Phone Phone.z5auhym

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\Memo Drive Vc Log
C:\ProgramData\Memo Drive Vc Log\Proc Rdr.exe
C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies\parker_family@adopt.euroclick[1].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"defy joy"="\"C:\\ProgramData\\City Phone Phone.eyojq\""
"vc log bows face"="\"C:\\ProgramData\\Corn Coal Keep.la5j3b\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:09:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..


[F:149][D:19]-> C:\Users\PARKER~1\AppData\Local\Temp
[F:86][D:1]-> C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1643][D:4]-> C:\Users\PARKER~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:500][D:9]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/18/2008|11:12 - Option : [1]

--------------------\\ Scan completed at 11:12:40
[ UAC => 1 ]

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 23:14:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..



[F:156][D:18]-> C:\Users\PARKER~1\AppData\Local\Temp
[F:84][D:1]-> C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1668][D:4]-> C:\Users\PARKER~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:500][D:9]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/18/2008|11:12 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 10/18/2008|23:16 - Option : [2]

--------------------\\ Scan completed at 23:16:26
[ UAC => 1 ]

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 19 October 2008 - 09:12 AM

Hello.

Could you please post?
C:\Lop SD\LopR_2.txt
Thanks.

Disable TeaTimer
TeaTimer can interfere with fixes.

To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    WdiServiceHost
    WdiSystemHost
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GhostSurfDelSatellite"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "defy joy"=-
    "vc log bows face"=-
    [HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"=-
    "defy joy"=-
    "vc log bows face"=-
    
    :files
    C:\ProgramData\City Phone Phone.5qily
    C:\ProgramData\City Phone Phone.82ay5
    C:\ProgramData\City Phone Phone.b7r1i
    C:\ProgramData\City Phone Phone.e7oqg
    C:\ProgramData\City Phone Phone.eyojq
    C:\ProgramData\City Phone Phone.gct6h
    C:\ProgramData\City Phone Phone.l07tn
    C:\ProgramData\City Phone Phone.o7st4
    C:\ProgramData\City Phone Phone.pwnrt
    C:\ProgramData\City Phone Phone.sre23
    C:\ProgramData\City Phone Phone.fm49bl
    C:\ProgramData\City Phone Phone.uzi1jz
    C:\ProgramData\City Phone Phone.zgm8yy
    C:\ProgramData\Corn Coal Keep.la5j3b
    C:\ProgramData\City Phone Phone.2yj7cax
    C:\ProgramData\City Phone Phone.3533xmk
    C:\ProgramData\City Phone Phone.alzznn3
    C:\ProgramData\City Phone Phone.c6re6kv
    C:\ProgramData\City Phone Phone.z5auhym
    C:\ProgramData\Memo Drive Vc Log
    C:\ProgramData\Memo Drive Vc Log\Proc Rdr.exe
    C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies\parker_family@adopt.euroclick[1].txt
    :commands
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


Please post back with:
-the C:\Lop SD\LopR_2.txt
-the OTMoveIt log
-the Kaspersky log
-a new HijackThis log

Also tell me how your computer is running now. Are those popups still there?

With Regards,
The panda

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 24 October 2008 - 07:30 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 26 October 2008 - 04:10 PM

Hello.

Topic is reopened.

Please complete the steps given in my previous post.

With Regards,
The Panda

#11 Mrparkers

Mrparkers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 27 October 2008 - 07:27 PM

Hello Panda,

There was a little problem with my Kaspersky scan, I left it running for 5 hours and it was at 30%, a little afterwards it froze. As for the popups, I haven't gotten one since I restarted my computer for the OTMoveIt program.

Here's my logs:

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:07 PM, on 10/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DynDNS Updater\DynTray.exe
C:\Program Files\HP Bluetooth Laser Mobile Mouse\MulMouse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\java.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\wsqmcons.exe
C:\Users\Parker Family\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\PARKER~1\DOCUME~1\DAH\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NudgeMania] C:\Users\Parker Family\Documents\Galkon's Pride\NudgeMania\NudgeMania.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe
O4 - Global Startup: HP Bluetooth Laser Mobile Mouse.lnk = C:\Program Files\HP Bluetooth Laser Mobile Mouse\MulMouse.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\PARKER~1\DOCUME~1\DAH\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\PARKER~1\DOCUME~1\DAH\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://access.foley.com/dana-cached/sc/Jun...SetupClient.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: DynDNS Updater - Unknown owner - C:\Program Files\DynDNS Updater\DynUpSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - ~\My Server\474\xampp\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Users\Parker Family\Documents\DAH\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SecureSrv - Unknown owner - C:\Users\Parker Family\Documents\Server\STUFFZ\Hide My IP 2007\SecureSrv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12295 bytes[/code]

OTMoveIt:
========== SERVICES/DRIVERS ==========
Service WdiServiceHost stopped successfully.
Unable to delete service: WdiServiceHost
Service WdiSystemHost stopped successfully.
Unable to delete service: WdiSystemHost
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GhostSurfDelSatellite deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\defy joy not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vc log bows face not found.
Registry value HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\defy joy not found.
Registry value HKEY_USERS\S-1-5-21-395509238-741466366-2421843559-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vc log bows face not found.
========== FILES ==========
File/Folder C:\ProgramData\City Phone Phone.5qily not found.
File/Folder C:\ProgramData\City Phone Phone.82ay5 not found.
File/Folder C:\ProgramData\City Phone Phone.b7r1i not found.
File/Folder C:\ProgramData\City Phone Phone.e7oqg not found.
File/Folder C:\ProgramData\City Phone Phone.eyojq not found.
File/Folder C:\ProgramData\City Phone Phone.gct6h not found.
File/Folder C:\ProgramData\City Phone Phone.l07tn not found.
File/Folder C:\ProgramData\City Phone Phone.o7st4 not found.
File/Folder C:\ProgramData\City Phone Phone.pwnrt not found.
File/Folder C:\ProgramData\City Phone Phone.sre23 not found.
File/Folder C:\ProgramData\City Phone Phone.fm49bl not found.
File/Folder C:\ProgramData\City Phone Phone.uzi1jz not found.
File/Folder C:\ProgramData\City Phone Phone.zgm8yy not found.
File/Folder C:\ProgramData\Corn Coal Keep.la5j3b not found.
File/Folder C:\ProgramData\City Phone Phone.2yj7cax not found.
File/Folder C:\ProgramData\City Phone Phone.3533xmk not found.
File/Folder C:\ProgramData\City Phone Phone.alzznn3 not found.
File/Folder C:\ProgramData\City Phone Phone.c6re6kv not found.
File/Folder C:\ProgramData\City Phone Phone.z5auhym not found.
File/Folder C:\ProgramData\Memo Drive Vc Log not found.
File/Folder C:\ProgramData\Memo Drive Vc Log\Proc Rdr.exe not found.
File/Folder C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies\parker_family@adopt.euroclick[1].txt not found.
========== COMMANDS ==========
 
OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10262008_162550

Lop SD Log:
[code=auto:0] --------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Turion™ 64 X2 Mobile Technology TL-64 )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : Parker Family ( Administrator )
BOOT : Normal boot
Antivirus : Norton Security Online 2007 (Activated)
Firewall : Norton Security Online 2007 (Activated)
C:\ (Local Disk) - NTFS - Total : 140 Go Free : 94 Go
D:\ (Local Disk) - NTFS - Total : 8 Go Free : 1 Go
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( Sat 10/18/2008|11:09 )

[ UAC => 0 ]

--------------------\\ Listing folders in Local

[12/23/2007|04:47] C:\Users\PARKER~1\AppData\Local\<DIR> Adobe
[01/10/2008|05:15] C:\Users\PARKER~1\AppData\Local\<DIR> AOL
[01/10/2008|05:15] C:\Users\PARKER~1\AppData\Local\<DIR> AOL OCP
[09/07/2008|11:12] C:\Users\PARKER~1\AppData\Local\<DIR> Apple
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> Application Data
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 AtStart.txt
[10/11/2008|10:36] C:\Users\PARKER~1\AppData\Local\8,704 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 DSwitch.txt
[07/08/2008|08:38] C:\Users\PARKER~1\AppData\Local\109,080 GDIPFONTCACHEV1.DAT
[12/28/2007|01:44] C:\Users\PARKER~1\AppData\Local\<DIR> Google
[11/29/2007|07:42] C:\Users\PARKER~1\AppData\Local\<DIR> Hewlett-Packard
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> History
[12/29/2007|10:23] C:\Users\PARKER~1\AppData\Local\<DIR> HP Guide
[10/16/2008|09:15] C:\Users\PARKER~1\AppData\Local\2,408,786 IconCache.db
[11/29/2007|10:07] C:\Users\PARKER~1\AppData\Local\<DIR> IsolatedStorage
[04/10/2008|09:41] C:\Users\PARKER~1\AppData\Local\<DIR> Microsoft
[03/12/2008|05:04] C:\Users\PARKER~1\AppData\Local\<DIR> Microsoft Help
[03/21/2008|01:57] C:\Users\PARKER~1\AppData\Local\<DIR> Mozilla
[12/15/2007|08:20] C:\Users\PARKER~1\AppData\Local\<DIR> My Games
[08/07/2008|03:16] C:\Users\PARKER~1\AppData\Local\<DIR> Opera
[11/29/2007|07:41] C:\Users\PARKER~1\AppData\Local\0 QSwitch.txt
[02/02/2008|03:19] C:\Users\PARKER~1\AppData\Local\<DIR> QuickPlay
[10/18/2008|11:07] C:\Users\PARKER~1\AppData\Local\<DIR> Temp
[11/29/2007|07:29] C:\Users\PARKER~1\AppData\Local\<JUNCTION> Temporary Internet Files
[02/02/2008|03:14] C:\Users\PARKER~1\AppData\Local\<DIR> VirtualStore
[12/28/2007|11:58] C:\Users\PARKER~1\AppData\Local\<DIR> WindowsUpdate

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[10/13/2008 09:49 PM][--a------] C:\Windows\tasks\Norton Security Online - Run Full System Scan - Parker Family.job
[10/16/2008 09:18 AM][--ah-----] C:\Windows\tasks\SA.DAT
[10/16/2008 09:16 AM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[08/04/2007|09:33] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[10/13/2008|06:48] C:\ProgramData\<DIR> Adobe
[01/10/2008|05:11] C:\ProgramData\<DIR> AOL
[01/10/2008|05:16] C:\ProgramData\<DIR> AOL OCP
[09/07/2008|11:12] C:\ProgramData\<DIR> Apple
[09/07/2008|11:15] C:\ProgramData\<DIR> Apple Computer
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Application Data
[08/04/2008|07:18] C:\ProgramData\<DIR> CA
[07/05/2008|05:15] C:\ProgramData\16 City Phone Phone.2yj7cax
[07/26/2008|08:29] C:\ProgramData\401,424 City Phone Phone.3533xmk
[07/05/2008|01:01] C:\ProgramData\262,160 City Phone Phone.5qily
[07/05/2008|11:33] C:\ProgramData\36,880 City Phone Phone.82ay5
[07/06/2008|12:02] C:\ProgramData\188,432 City Phone Phone.alzznn3
[07/06/2008|10:53] C:\ProgramData\73,744 City Phone Phone.b7r1i
[07/05/2008|10:56] C:\ProgramData\8,208 City Phone Phone.c6re6kv
[07/05/2008|12:17] C:\ProgramData\307,216 City Phone Phone.e7oqg
[07/26/2008|08:29] C:\ProgramData\348,176 City Phone Phone.eyojq
[07/06/2008|11:15] C:\ProgramData\12,304 City Phone Phone.fm49bl
[07/06/2008|09:26] C:\ProgramData\24,592 City Phone Phone.gct6h
[07/05/2008|11:11] C:\ProgramData\286,736 City Phone Phone.l07tn
[07/06/2008|12:45] C:\ProgramData\24,592 City Phone Phone.o7st4
[07/05/2008|04:53] C:\ProgramData\213,008 City Phone Phone.pwnrt
[07/06/2008|12:23] C:\ProgramData\233,488 City Phone Phone.sre23
[07/05/2008|11:18] C:\ProgramData\213,008 City Phone Phone.uzi1jz
[07/05/2008|11:11] C:\ProgramData\12,304 City Phone Phone.z5auhym
[07/05/2008|11:55] C:\ProgramData\196,624 City Phone Phone.zgm8yy
[07/26/2008|08:30] C:\ProgramData\8,208 Corn Coal Keep.la5j3b
[08/04/2008|07:22] C:\ProgramData\29 counter.cfg
[08/04/2007|09:35] C:\ProgramData\<DIR> CyberLink
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Desktop
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Documents
[05/31/2008|11:44] C:\ProgramData\<DIR> DynDNS
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Favorites
[12/28/2007|01:27] C:\ProgramData\<DIR> Google
[08/04/2008|07:22] C:\ProgramData\<DIR> Gtek
[11/29/2007|07:42] C:\ProgramData\<DIR> Hewlett-Packard
[11/29/2007|08:21] C:\ProgramData\<DIR> HP
[08/04/2007|09:44] C:\ProgramData\320 hpzinstall.log
[06/05/2008|05:05] C:\ProgramData\<DIR> Media Center Programs
[07/26/2008|08:30] C:\ProgramData\<DIR> Memo Drive Vc Log
[09/10/2008|05:40] C:\ProgramData\<DIR> Messenger Plus!
[04/30/2008|03:16] C:\ProgramData\<DIR> Microsoft
[10/16/2008|09:04] C:\ProgramData\<DIR> Microsoft Help
[10/13/2008|06:45] C:\ProgramData\<DIR> NVIDIA
[07/25/2008|09:56] C:\ProgramData\<DIR> Protexis
[08/04/2007|09:13] C:\ProgramData\<DIR> Roxio
[08/04/2007|09:08] C:\ProgramData\<DIR> Sonic
[04/30/2008|03:47] C:\ProgramData\<DIR> Spybot - Search & Destroy
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Start Menu
[10/13/2008|07:57] C:\ProgramData\<DIR> Symantec
[11/29/2007|07:25] C:\ProgramData\<JUNCTION> Templates
[01/10/2008|05:11] C:\ProgramData\<DIR> Viewpoint
[02/06/2008|11:15] C:\ProgramData\<DIR> WildTangent
[07/10/2008|09:02] C:\ProgramData\<DIR> WinZip
[07/08/2008|08:29] C:\ProgramData\<DIR> WLInstaller
[07/05/2008|09:27] C:\ProgramData\<DIR> XL Delete
[08/04/2008|06:27] C:\ProgramData\<DIR> Yahoo!
[12/01/2007|08:24] C:\ProgramData\<DIR> Yahoo! Companion

--------------------\\ Listing Folders in C:\Program Files

[08/04/2007|09:33] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites
[10/13/2008|06:48] C:\Program Files\<DIR> Adobe
[01/10/2008|05:15] C:\Program Files\<DIR> AIM6
[09/07/2008|11:12] C:\Program Files\<DIR> Apple Software Update
[12/23/2007|02:20] C:\Program Files\<DIR> Cat Daddy Games
[07/25/2008|10:40] C:\Program Files\<DIR> Cavaj Java Decompiler
[06/25/2008|10:22] C:\Program Files\<DIR> Citrix
[08/04/2008|06:53] C:\Program Files\<DIR> Common Files
[12/28/2007|11:59] C:\Program Files\<DIR> CONEXANT
[07/24/2008|04:35] C:\Program Files\<DIR> decomp
[12/03/2007|04:47] C:\Program Files\<DIR> Disney
[01/15/2008|09:25] C:\Program Files\<DIR> DivX
[05/31/2008|11:44] C:\Program Files\<DIR> DynDNS Updater
[08/04/2007|09:46] C:\Program Files\<DIR> earthlink totalaccess
[07/05/2008|09:08] C:\Program Files\<DIR> FileDeleter
[12/15/2007|07:26] C:\Program Files\<DIR> Firaxis Games
[12/29/2007|09:31] C:\Program Files\<DIR> Google
[06/05/2008|05:05] C:\Program Files\<DIR> Guild Wars
[02/02/2008|11:36] C:\Program Files\<DIR> Hewlett-Packard
[08/04/2007|10:19] C:\Program Files\<DIR> HP
[12/01/2007|08:25] C:\Program Files\<DIR> HP Bluetooth Laser Mobile Mouse
[01/25/2008|03:43] C:\Program Files\<DIR> HP DeskJet 720C Series
[08/04/2007|09:53] C:\Program Files\<DIR> HP Games
[08/04/2007|10:04] C:\Program Files\<DIR> HPQ
[02/02/2008|11:36] C:\Program Files\<DIR> InstallShield Installation Information
[10/13/2008|06:18] C:\Program Files\<DIR> Internet Explorer
[08/04/2008|07:37] C:\Program Files\<DIR> Java
[06/25/2008|10:06] C:\Program Files\<DIR> Juniper Networks
[12/23/2007|06:09] C:\Program Files\<DIR> Maxis
[09/07/2008|08:28] C:\Program Files\<DIR> Messenger Plus! Live
[12/01/2007|05:58] C:\Program Files\<DIR> Microsoft ActiveSync
[11/02/2006|07:37] C:\Program Files\<DIR> Microsoft Games
[12/01/2007|05:56] C:\Program Files\<DIR> Microsoft Office
[09/10/2008|09:03] C:\Program Files\<DIR> Microsoft Works
[08/04/2007|09:31] C:\Program Files\<DIR> Microsoft.NET
[10/13/2008|06:18] C:\Program Files\<DIR> Movie Maker
[09/24/2008|05:57] C:\Program Files\<DIR> Mozilla Firefox
[11/02/2006|07:37] C:\Program Files\<DIR> MSBuild
[11/29/2007|08:11] C:\Program Files\<DIR> MSXML 4.0
[08/04/2007|09:56] C:\Program Files\<DIR> muvee Technologies
[08/04/2007|09:47] C:\Program Files\<DIR> Online Services
[08/07/2008|03:16] C:\Program Files\<DIR> Opera
[09/07/2008|11:16] C:\Program Files\<DIR> QuickTime
[08/04/2007|10:02] C:\Program Files\<DIR> Real
[11/02/2006|07:37] C:\Program Files\<DIR> Reference Assemblies
[08/04/2007|10:02] C:\Program Files\<DIR> Rhapsody
[08/04/2007|09:13] C:\Program Files\<DIR> Roxio
[08/04/2008|07:38] C:\Program Files\<DIR> Sun
[10/13/2008|07:57] C:\Program Files\<DIR> Symantec
[08/04/2007|08:35] C:\Program Files\<DIR> Synaptics
[02/02/2008|02:50] C:\Program Files\<DIR> SystemRequirementsLab
[11/02/2006|08:01] C:\Program Files\<DIR> Uninstall Information
[01/10/2008|05:12] C:\Program Files\<DIR> Viewpoint
[08/04/2007|09:58] C:\Program Files\<DIR> Vongo
[11/29/2007|07:38] C:\Program Files\<DIR> WIDCOMM
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Calendar
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Collaboration
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Defender
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Journal
[04/06/2008|12:16] C:\Program Files\<DIR> Windows Live
[10/17/2008|04:02] C:\Program Files\<DIR> Windows Live Safety Center
[10/16/2008|09:15] C:\Program Files\<DIR> Windows Mail
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Media Player
[11/02/2006|07:37] C:\Program Files\<DIR> Windows NT
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Photo Gallery
[10/13/2008|06:18] C:\Program Files\<DIR> Windows Sidebar
[07/11/2008|01:36] C:\Program Files\<DIR> WinRAR
[07/11/2008|01:31] C:\Program Files\<DIR> WinZip
[08/04/2008|05:53] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/13/2008|06:48] C:\Program Files\Common Files\<DIR> Adobe
[01/21/2008|09:39] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[01/10/2008|05:11] C:\Program Files\Common Files\<DIR> AOL
[08/04/2007|09:31] C:\Program Files\Common Files\<DIR> DESIGNER
[08/04/2007|09:43] C:\Program Files\Common Files\<DIR> HP
[08/04/2007|10:01] C:\Program Files\Common Files\<DIR> InstallShield
[08/04/2007|10:23] C:\Program Files\Common Files\<DIR> Java
[08/04/2007|10:04] C:\Program Files\Common Files\<DIR> LightScribe
[08/06/2008|03:38] C:\Program Files\Common Files\<DIR> microsoft shared
[08/04/2007|09:57] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/04/2007|09:12] C:\Program Files\Common Files\<DIR> Roxio Shared
[11/02/2006|06:18] C:\Program Files\Common Files\<DIR> Services
[08/04/2007|09:12] C:\Program Files\Common Files\<DIR> Sonic Shared
[11/02/2006|06:18] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/04/2007|09:14] C:\Program Files\Common Files\<DIR> SureThing Shared
[12/29/2007|03:16] C:\Program Files\Common Files\<DIR> SWF Studio
[08/04/2008|06:57] C:\Program Files\Common Files\<DIR> Symantec Shared
[10/13/2008|06:18] C:\Program Files\Common Files\<DIR> System
[07/08/2008|08:36] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

--------------------\\ Process

( 77 Processes )

iexplore.exe ~ [PID:3972]

--------------------\\ Searching with S_Lop

C:\ProgramData\City Phone Phone.5qily
C:\ProgramData\City Phone Phone.82ay5
C:\ProgramData\City Phone Phone.b7r1i
C:\ProgramData\City Phone Phone.e7oqg
C:\ProgramData\City Phone Phone.eyojq
C:\ProgramData\City Phone Phone.gct6h
C:\ProgramData\City Phone Phone.l07tn
C:\ProgramData\City Phone Phone.o7st4
C:\ProgramData\City Phone Phone.pwnrt
C:\ProgramData\City Phone Phone.sre23
C:\ProgramData\City Phone Phone.fm49bl
C:\ProgramData\City Phone Phone.uzi1jz
C:\ProgramData\City Phone Phone.zgm8yy
C:\ProgramData\Corn Coal Keep.la5j3b
C:\ProgramData\City Phone Phone.2yj7cax
C:\ProgramData\City Phone Phone.3533xmk
C:\ProgramData\City Phone Phone.alzznn3
C:\ProgramData\City Phone Phone.c6re6kv
C:\ProgramData\City Phone Phone.z5auhym

--------------------\\ Searching for Lop Files - Folders

C:\ProgramData\Memo Drive Vc Log
C:\ProgramData\Memo Drive Vc Log\Proc Rdr.exe
C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies\parker_family@adopt.euroclick[1].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"defy joy"="\"C:\\ProgramData\\City Phone Phone.eyojq\""
"vc log bows face"="\"C:\\ProgramData\\Corn Coal Keep.la5j3b\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 11:09:27
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..



[F:149][D:19]-> C:\Users\PARKER~1\AppData\Local\Temp
[F:86][D:1]-> C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1643][D:4]-> C:\Users\PARKER~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:500][D:9]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/18/2008|11:12 - Option : [1]

--------------------\\ Scan completed at 11:12:40
[ UAC => 1 ]

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 23:14:13
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..


[F:156][D:18]-> C:\Users\PARKER~1\AppData\Local\Temp
[F:84][D:1]-> C:\Users\PARKER~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1668][D:4]-> C:\Users\PARKER~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:500][D:9]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - Sat 10/18/2008|11:12 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Sat 10/18/2008|23:16 - Option : [2]

Thanks!

~ Mrparkers

Edited by PropagandaPanda, 27 October 2008 - 07:48 PM.


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 28 October 2008 - 07:13 AM

Hello Mrparkers.

Looks good to me. If you are not having any more problems, then we can wrap up.

Run Cleanup! with OTMoveIt
Let's clear out the tools we've used. If there is anything left over after, delete them manually.
  • Double click the OTMoveIt2.exe icon on your desktop to start the program.
  • Click Posted Image.
  • A pop-up box will appear asking "Begin Removal Process?". Click Yes.
  • Click Yes when asked to reboot.
Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#13 Mrparkers

Mrparkers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:04:00 PM

Posted 01 November 2008 - 04:52 PM

Okay, I followed all of your instructions, and did everything on that list. Thanks a lot for helping me! CiD won't bother me any more!

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:00 PM

Posted 01 November 2008 - 06:37 PM

Hello.

Glad we could help :thumbsup: .

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users