Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this log.


  • This topic is locked This topic is locked
26 replies to this topic

#1 bink111

bink111

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 May 2009 - 06:05 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:57 PM, on 5/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

--
End of file - 4752 bytes

BC AdBot (Login to Remove)

 


#2 bink111

bink111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 11 May 2009 - 09:38 PM

my previous problem fixed, but now I am getting pop-ups and am being redirected when i click on google links. Please help and thank you for your time.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:53 PM, on 5/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 5719 bytes

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:34 AM

Posted 21 May 2009 - 08:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 bink111

bink111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 22 May 2009 - 04:44 PM

If I was unclear before, I am being redirected to random websites after clicking on a link to a website on google. I am sure that this is some kind of malware virus. Thanks.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Mom at 16:35:29.37 on Fri 05/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1069 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mom\Downloads\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TranscodingService] "c:\program files\tivo\desktop\TranscodingService.exe" /auto
uRun: [TivoNotify] "c:\program files\tivo\desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
uRun: [TivoServer] "c:\program files\tivo\desktop\TiVoServer.exe" /service /registry /auto:TivoServer
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: c:\users\mom\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-05-15 20:03 <DIR> --d----- c:\program files\DynamicPhotoHDR
2009-05-11 21:58 <DIR> --d----- C:\Combo-Fix
2009-05-10 19:27 <DIR> --d----- c:\users\mom\appdata\roaming\Malwarebytes
2009-05-10 19:27 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-10 19:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 19:27 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-10 19:27 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-10 11:50 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-10 03:06 <DIR> --d----- c:\program files\Defraggler
2009-05-10 02:49 <DIR> --d----- c:\programdata\Yahoo! Companion
2009-05-10 02:48 <DIR> --d----- c:\programdata\Yahoo!
2009-05-09 18:20 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-05-07 23:07 <DIR> --d----- c:\program files\common files\HP
2009-05-07 23:07 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-05-07 22:55 139,575 a------- c:\windows\hpoins21.dat
2009-05-07 22:55 7,262 -------- c:\windows\hpomdl21.dat
2009-05-07 22:55 970,752 a------- c:\windows\system32\hpotiop5.dll
2009-05-07 22:55 729,088 a------- c:\windows\system32\hpowiax5.dll
2009-05-07 22:55 303,104 a------- c:\windows\system32\hpovst12.dll
2009-05-07 22:52 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-06 21:40 <DIR> --dsh--- C:\found.000
2009-05-06 17:44 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-04 18:02 <DIR> --d----- c:\programdata\vsosdk
2009-05-04 18:02 <DIR> --d----- c:\progra~2\vsosdk
2009-05-04 17:30 <DIR> --d----- c:\programdata\FLEXnet
2009-05-02 19:27 <DIR> --d----- C:\11ab8d52b5fa5db5ed20
2009-05-02 19:19 <DIR> --d----- c:\windows\system32\URTTEMP
2009-05-02 19:15 <DIR> --d----- c:\programdata\Apple Computer
2009-05-02 19:15 <DIR> --d----- c:\programdata\Apple
2009-05-02 19:11 <DIR> --d----- c:\program files\Bonjour
2009-05-02 19:11 <DIR> --d----- c:\programdata\TiVo
2009-05-02 19:11 <DIR> --d----- c:\program files\common files\TiVo Shared
2009-05-02 19:11 <DIR> --d----- c:\progra~2\TiVo
2009-05-02 16:02 89,088 a------- c:\windows\system32\atl71.dll
2009-05-02 16:02 25,088 a------- c:\windows\system32\msxml3a.dll
2009-05-02 16:02 <DIR> --d----- c:\program files\common files\stardock
2009-05-02 15:58 <DIR> --d----- c:\users\mom\appdata\roaming\Stardock
2009-05-02 15:58 <DIR> -cd-h--- c:\programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-05-02 15:58 <DIR> -cd-h--- c:\progra~2\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-05-02 15:48 18,332,160 a------- c:\windows\system32\imageres.dll
2009-05-02 15:44 <DIR> --d----- c:\programdata\Stardock
2009-05-02 15:44 <DIR> --d----- c:\progra~2\Stardock
2009-05-02 15:44 567,040 a------- c:\windows\system32\wbocx.ocx
2009-05-02 15:44 56,496 a------- c:\windows\system32\wbhelp2.dll
2009-05-02 15:44 <DIR> --d----- c:\program files\Stardock
2009-05-02 15:11 161,792 a------- c:\windows\SWREG.exe
2009-05-02 15:11 98,816 a------- c:\windows\sed.exe
2009-05-02 15:03 <DIR> --d----- c:\users\mom\DoctorWeb
2009-05-02 13:32 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-05-02 13:32 47,560 a------- c:\windows\system32\SPReview.exe
2009-05-02 12:45 193,024 a------- c:\windows\system32\recdisc.exe
2009-05-02 12:45 6,656 a------- c:\windows\system32\sdspres.dll
2009-05-02 12:43 599,552 a------- c:\windows\system32\vsp1cln.exe
2009-05-02 12:42 28,160 a------- c:\windows\system32\sxproxy.dll
2009-05-02 12:42 142,336 a------- c:\windows\system32\spp.dll
2009-05-02 12:39 245,760 a------- c:\windows\system32\msltus40.dll
2009-05-02 12:38 531,456 a------- c:\windows\system32\objsel.dll
2009-05-02 12:37 1,792,512 a------- c:\windows\system32\mmc.exe
2009-05-02 12:36 658,944 a------- c:\windows\system32\p2psvc.dll
2009-05-02 12:35 1,452,544 a------- c:\windows\system32\esent.dll
2009-05-02 12:34 401,408 a------- c:\windows\system32\drivers\http.sys
2009-05-02 12:33 890,368 a------- c:\windows\system32\FXSST.dll
2009-05-02 12:23 6,656 a------- c:\windows\system32\kbd106n.dll
2009-05-02 12:18 44,032 a------- c:\windows\system32\cbsra.exe
2009-05-02 12:14 196,608 a------- c:\windows\SPInstall.etl
2009-05-02 10:28 <DIR> --d----- c:\users\mom\appdata\roaming\LimeWire
2009-04-29 18:48 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-04-29 18:41 118,272 a------- c:\windows\system32\hpz3l5ha.dll
2009-04-29 18:31 364,544 a------- c:\windows\system32\hppldcoi.dll
2009-04-29 18:31 271,704 a------- c:\windows\system32\hpzids01.dll
2009-04-29 18:31 309,760 a------- c:\windows\system32\difxapi.dll
2009-04-29 18:14 <DIR> --d----- c:\users\mom\appdata\roaming\GetRightToGo
2009-04-29 17:10 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-04-29 17:07 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-29 17:01 <DIR> --d----- c:\programdata\FlashFXP
2009-04-29 17:01 <DIR> --d----- c:\progra~2\FlashFXP
2009-04-29 17:00 <DIR> --d----- c:\users\mom\appdata\roaming\FlashFXP
2009-04-29 16:56 <DIR> --d----- c:\programdata\DVD Shrink
2009-04-29 16:51 <DIR> --d----- c:\programdata\HP
2009-04-29 16:51 <DIR> --d----- c:\users\mom\appdata\roaming\DAZ 3D
2009-04-29 16:10 <DIR> --d----- c:\programdata\Adobe
2009-04-29 16:09 <DIR> --d----- c:\users\mom\Tracing
2009-04-29 16:07 <DIR> --d----- c:\program files\Microsoft
2009-04-29 16:07 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-29 16:04 <DIR> --d----- c:\program files\common files\Windows Live
2009-04-28 20:45 <DIR> --d----- c:\windows\Panther
2009-04-28 20:25 <DIR> --d----- C:\Windows.old
2009-04-28 20:04 32,592 a------- c:\windows\system32\msonpmon.dll
2009-04-28 20:02 <DIR> --d----- c:\windows\PCHEALTH
2009-04-28 19:57 <DIR> --d----- c:\programdata\NOS
2009-04-28 19:56 <DIR> a-d----- c:\programdata\TEMP
2009-04-28 19:55 <DIR> --d----- c:\programdata\Microsoft Help
2009-04-28 19:51 <DIR> --d----- c:\programdata\NVIDIA
2009-04-28 19:03 <DIR> --d----- c:\users\mom\appdata\roaming\SUPERAntiSpyware.com
2009-04-28 19:03 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-04-28 19:03 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-04-28 18:58 <DIR> --d----- c:\users\mom\appdata\roaming\uTorrent
2009-04-28 18:56 <DIR> --d----- c:\programdata\PC Drivers HeadQuarters
2009-04-28 18:56 <DIR> --d----- c:\progra~2\PC Drivers HeadQuarters
2009-04-28 18:51 <DIR> --dsh--- c:\windows\Installer
2009-04-28 18:51 <DIR> --d----- c:\programdata\Dell
2009-04-28 18:47 553 a------- c:\windows\USetup.iss
2009-04-28 18:47 <DIR> --d----- c:\windows\system32\RTCOM
2009-04-28 18:45 520,192 a------- c:\windows\RtlExUpd.dll
2009-04-28 18:45 315,392 a------- c:\windows\HideWin.exe
2009-04-28 18:42 1,073,152 a------- c:\windows\system32\nvcpluir.dll
2009-04-28 18:42 307,200 a------- c:\windows\system32\nvexpbar.dll
2009-04-28 18:42 753,664 a------- c:\windows\system32\nvcplui.exe
2009-04-28 18:42 413,696 a------- c:\windows\system32\nvcpl.cpl
2009-04-28 18:39 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-04-28 18:21 0 a------- c:\windows\I531_1012.INI
2009-04-28 18:12 <DIR> --d----- c:\users\Mom
2009-04-27 21:58 171,136 a--shr-- C:\grldr
2009-04-25 12:49 <DIR> --d----- c:\program files\TiVo
2009-04-25 11:18 <DIR> --d----- c:\program files\pyTivo
2009-04-25 11:16 <DIR> --d----- C:\Python26
2009-04-25 11:10 <DIR> --d----- c:\program files\VideoraTiVoConverter

==================== Find3M ====================

2009-05-07 22:58 51,200 a------- c:\windows\inf\infpub.dat
2009-05-07 22:58 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-07 22:58 86,016 a------- c:\windows\inf\infstor.dat
2009-05-02 15:37 80,051 a------- c:\windows\system32\slmgr.vbs
2009-05-02 14:47 174 a--sh--- c:\program files\desktop.ini
2009-05-02 13:59 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-02 13:41 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-05-02 13:41 82,432 a------- c:\windows\system32\axaltocm.dll
2009-04-28 18:46 319,456 a------- c:\windows\DIFxAPI.dll
2009-03-08 06:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 06:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 06:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 06:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 06:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 06:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 06:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 06:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 06:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 06:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 06:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 06:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 06:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 06:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 06:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 06:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 06:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 06:22 156,160 a------- c:\windows\system32\msls31.dll
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:36:11.27 ===============

Attached Files



#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 22 May 2009 - 11:45 PM

Hi bink111,




Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

Please close all browsers and other windows while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.


Step2

Please download RegQuery by Noviciate to your desktop
  • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32

  • Double click RegQuery.exe to run the program
  • Paste the text you have copied using CRTL and V, into the textbox
  • Click the Query button
  • A Notepad file will open. Please paste the contents in your next reply
  • You may now close the RegQuery program

Step3

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step4
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next reply, please post back:

1.Goored log
2.RegQuery result
3.GMER log
4.RSIT log.txt and info.txt.Thanks.

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 28 May 2009 - 02:17 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 29 May 2009 - 03:23 AM

Open as requested. Please post the logs as instructed.Thanks

#8 bink111

bink111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 29 May 2009 - 06:37 PM

1.GooredLog

GooredFix v1.92 by jpshortstuff
Log created at 21:29 on 28/05/2009 running Option #1 (Mom)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{FD62D11E-B510-4DBF-91B4-356E0F89285A}

C:\Program Files\Mozilla Firefox\extensions\{E6B0CC4B-0CD1-4422-A245-22B1EF5EAE10}

C:\Program Files\Mozilla Firefox\extensions\{84EECCB2-F51E-42F2-AE12-D3118D7D2D60}

=====Dumping Registry Values=====


2. Could not get RegQuery to work properly.


3.GMER Rootkit Scanner

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-28 21:59:15
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x934EFF20]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@fn (null)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@url http://122.224.5.189/~aakjhuwe87/files/lmn_setup.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@timeout 900
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@type 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@count 10
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@fn (null)
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@url http://122.224.5.189/~aakjhuwe87/files/lmn_setup.exe
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@timeout 900
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@type 0
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx\main\tasks\0000000004@count 10

---- EOF - GMER 1.0.15 ----





4.RSIT----info.txt did not come up!!!!!!!

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mom at 2009-05-28 22:00:39
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 15 GB (5%) free of 290 GB
Total RAM: 3070 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:46 PM, on 5/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
C:\Program Files\VideoraTiVoConverter\VideoraTiVoConverter.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mom\Downloads\GooredFix.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\notepad.exe
C:\Users\Mom\Desktop\gmer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Mom\Desktop\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Mom.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 6858 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-29 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2008-06-16 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-11-12 4706304]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-29 148888]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-17 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-09-17 8497696]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-17 81920]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"TranscodingService"=C:\Program Files\TiVo\Desktop\TranscodingService.exe [2009-01-27 520192]
"TivoNotify"=C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2009-01-27 425472]
"TivoServer"=C:\Program Files\TiVo\Desktop\TiVoServer.exe [2009-01-27 2143232]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-04-28 1830128]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4363504]

C:\Users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{689cf2a6-3457-11de-9fca-806e6f6e6963}]
shell\AutoRun\command - E:\MONITOR.EXE


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-05-15 20:03:52 ----D---- C:\Program Files\DynamicPhotoHDR
2009-05-11 22:01:46 ----D---- C:\Windows\temp
2009-05-11 22:01:44 ----A---- C:\ComboFix.txt
2009-05-11 21:58:21 ----D---- C:\Combo-Fix
2009-05-11 21:42:30 ----D---- C:\rsit
2009-05-10 19:27:51 ----D---- C:\Users\Mom\AppData\Roaming\Malwarebytes
2009-05-10 19:27:43 ----D---- C:\ProgramData\Malwarebytes
2009-05-10 12:41:16 ----A---- C:\Windows\ntbtlog.txt
2009-05-10 11:50:21 ----D---- C:\Windows\system32\appmgmt
2009-05-10 03:06:11 ----D---- C:\Program Files\Defraggler
2009-05-10 02:49:33 ----D---- C:\Users\Mom\AppData\Roaming\Yahoo!
2009-05-10 02:49:32 ----D---- C:\ProgramData\Yahoo! Companion
2009-05-10 02:48:20 ----D---- C:\ProgramData\Yahoo!
2009-05-09 18:20:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-05-07 23:07:39 ----D---- C:\Program Files\Common Files\HP
2009-05-07 23:07:37 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-05-07 22:57:26 ----HD---- C:\Config.Msi
2009-05-07 22:55:32 ----A---- C:\Windows\system32\hpowiax5.dll
2009-05-07 22:55:32 ----A---- C:\Windows\system32\hpovst12.dll
2009-05-07 22:55:32 ----A---- C:\Windows\system32\hpotiop5.dll
2009-05-06 21:40:10 ----SHD---- C:\found.000
2009-05-06 18:35:07 ----D---- C:\Users\Mom\AppData\Roaming\Download Manager
2009-05-06 17:44:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-05 19:36:24 ----D---- C:\RECYCLER
2009-05-05 19:34:23 ----D---- C:\Windows\Minidump
2009-05-04 18:02:24 ----D---- C:\ProgramData\vsosdk
2009-05-04 17:30:39 ----D---- C:\ProgramData\FLEXnet
2009-05-02 19:30:00 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\msls31.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\ieui.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\icardie.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\corpol.dll
2009-05-02 19:29:59 ----A---- C:\Windows\system32\admparse.dll
2009-05-02 19:29:58 ----A---- C:\Windows\system32\imgutil.dll
2009-05-02 19:29:58 ----A---- C:\Windows\system32\iernonce.dll
2009-05-02 19:29:58 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-02 19:29:58 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-02 19:29:58 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\webcheck.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\occache.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\msrating.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\inseng.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\iepeers.dll
2009-05-02 19:29:57 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-02 19:29:56 ----A---- C:\Windows\system32\wextract.exe
2009-05-02 19:29:56 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\mstime.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-02 19:29:56 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\iesetup.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\ieakui.dll
2009-05-02 19:29:56 ----A---- C:\Windows\system32\advpack.dll
2009-05-02 19:29:55 ----A---- C:\Windows\system32\vbscript.dll
2009-05-02 19:29:55 ----A---- C:\Windows\system32\url.dll
2009-05-02 19:29:55 ----A---- C:\Windows\system32\jscript.dll
2009-05-02 19:29:55 ----A---- C:\Windows\system32\iedkcs32.dll
2009-05-02 19:29:54 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\SetDepNx.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\mshta.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\iexpress.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-02 19:29:54 ----A---- C:\Windows\system32\iesysprep.dll
2009-05-02 19:29:53 ----A---- C:\Windows\system32\wininet.dll
2009-05-02 19:29:53 ----A---- C:\Windows\system32\urlmon.dll
2009-05-02 19:29:53 ----A---- C:\Windows\system32\iertutil.dll
2009-05-02 19:29:53 ----A---- C:\Windows\system32\ie4uinit.exe
2009-05-02 19:29:52 ----A---- C:\Windows\system32\ieframe.dll
2009-05-02 19:29:51 ----A---- C:\Windows\system32\mshtml.dll
2009-05-02 19:27:47 ----D---- C:\11ab8d52b5fa5db5ed20
2009-05-02 19:19:46 ----D---- C:\Windows\system32\URTTEMP
2009-05-02 19:15:59 ----D---- C:\ProgramData\Apple Computer
2009-05-02 19:15:59 ----D---- C:\Program Files\QuickTime
2009-05-02 19:15:24 ----D---- C:\ProgramData\Apple
2009-05-02 19:15:24 ----D---- C:\Program Files\Apple Software Update
2009-05-02 19:11:30 ----D---- C:\Program Files\Bonjour
2009-05-02 19:11:14 ----D---- C:\ProgramData\TiVo
2009-05-02 19:11:14 ----D---- C:\Program Files\Common Files\TiVo Shared
2009-05-02 16:02:49 ----D---- C:\Program Files\Common Files\stardock
2009-05-02 16:02:49 ----A---- C:\Windows\system32\msxml3a.dll
2009-05-02 16:02:49 ----A---- C:\Windows\system32\atl71.dll
2009-05-02 15:58:39 ----D---- C:\Users\Mom\AppData\Roaming\Stardock
2009-05-02 15:58:28 ----HDC---- C:\ProgramData\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-05-02 15:48:55 ----A---- C:\Windows\system32\imageres.dll
2009-05-02 15:44:32 ----D---- C:\ProgramData\Stardock
2009-05-02 15:44:26 ----A---- C:\Windows\system32\wbhelp2.dll
2009-05-02 15:44:25 ----D---- C:\Program Files\Stardock
2009-05-02 15:11:08 ----A---- C:\Windows\zip.exe
2009-05-02 15:11:08 ----A---- C:\Windows\vFind.exe
2009-05-02 15:11:08 ----A---- C:\Windows\SWXCACLS.exe
2009-05-02 15:11:08 ----A---- C:\Windows\SWSC.exe
2009-05-02 15:11:08 ----A---- C:\Windows\SWREG.exe
2009-05-02 15:11:08 ----A---- C:\Windows\sed.exe
2009-05-02 15:11:08 ----A---- C:\Windows\NIRCMD.exe
2009-05-02 15:11:08 ----A---- C:\Windows\grep.exe
2009-05-02 15:10:43 ----D---- C:\Windows\ERDNT
2009-05-02 13:32:29 ----A---- C:\Windows\system32\SPWizUI.dll
2009-05-02 13:32:29 ----A---- C:\Windows\system32\SPReview.exe
2009-05-02 12:45:09 ----A---- C:\Windows\system32\recdisc.exe
2009-05-02 12:45:03 ----A---- C:\Windows\system32\sdspres.dll
2009-05-02 12:43:47 ----A---- C:\Windows\system32\vsp1cln.exe
2009-05-02 12:42:59 ----A---- C:\Windows\system32\sxproxy.dll
2009-05-02 12:42:52 ----A---- C:\Windows\system32\spp.dll
2009-05-02 12:40:17 ----A---- C:\Windows\system32\mssha.dll
2009-05-02 12:40:17 ----A---- C:\Windows\system32\msscp.dll
2009-05-02 12:40:17 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-02 12:40:17 ----A---- C:\Windows\system32\msscb.dll
2009-05-02 12:40:17 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-02 12:40:17 ----A---- C:\Windows\system32\msra.exe
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mstask.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mssvp.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\msstrc.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mssrch.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mssph.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\msshsq.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\msrdc.dll
2009-05-02 12:40:16 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\NAPMONTR.DLL
2009-05-02 12:40:15 ----A---- C:\Windows\system32\napipsec.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\NapiNSP.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\NAPHLPR.DLL
2009-05-02 12:40:15 ----A---- C:\Windows\system32\napdsnap.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\mydocs.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\MuiUnattend.exe
2009-05-02 12:40:15 ----A---- C:\Windows\system32\mtxoci.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\mtxlegih.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\mtxdm.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-02 12:40:15 ----A---- C:\Windows\system32\mtstocom.exe
2009-05-02 12:40:14 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2009-05-02 12:40:14 ----A---- C:\Windows\system32\mycomput.dll
2009-05-02 12:40:14 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-02 12:40:14 ----A---- C:\Windows\system32\msutb.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\msxml6.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\msxml3.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\mswsock.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\msvfw32.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\msvbvm60.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\mstscax.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\mstsc.exe
2009-05-02 12:40:13 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-02 12:40:13 ----A---- C:\Windows\system32\mstext40.dll
2009-05-02 12:40:12 ----A---- C:\Windows\system32\mswmdm.dll
2009-05-02 12:40:12 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-02 12:40:12 ----A---- C:\Windows\system32\msvidc32.dll
2009-05-02 12:40:12 ----A---- C:\Windows\system32\msftedit.dll
2009-05-02 12:40:12 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-02 12:40:11 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2009-05-02 12:40:11 ----A---- C:\Windows\system32\msdtcuiu.dll
2009-05-02 12:40:11 ----A---- C:\Windows\system32\msdtctm.dll
2009-05-02 12:40:02 ----A---- C:\Windows\system32\msg.exe
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdtclog.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdtckrm.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdtc.exe
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdt.exe
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdri.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdelta.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdart.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msdadiag.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\msctfui.dll
2009-05-02 12:40:01 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-02 12:40:00 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-05-02 12:40:00 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2009-05-02 12:40:00 ----A---- C:\Windows\system32\msmmsp.dll
2009-05-02 12:40:00 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-02 12:40:00 ----A---- C:\Windows\system32\msdt.dll
2009-05-02 12:40:00 ----A---- C:\Windows\system32\msdrm.dll
2009-05-02 12:40:00 ----A---- C:\Windows\system32\msdmo.dll
2009-05-02 12:39:59 ----A---- C:\Windows\system32\msltus40.dll
2009-05-02 12:39:58 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-02 12:39:58 ----A---- C:\Windows\system32\mspatcha.dll
2009-05-02 12:39:58 ----A---- C:\Windows\system32\mspaint.exe
2009-05-02 12:39:58 ----A---- C:\Windows\system32\msorcl32.dll
2009-05-02 12:39:58 ----A---- C:\Windows\system32\msoert2.dll
2009-05-02 12:39:58 ----A---- C:\Windows\system32\msoeacct.dll
2009-05-02 12:39:57 ----A---- C:\Windows\system32\msobjs.dll
2009-05-02 12:39:57 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-02 12:39:57 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-05-02 12:39:56 ----A---- C:\Windows\system32\msidle.dll
2009-05-02 12:39:56 ----A---- C:\Windows\system32\msident.dll
2009-05-02 12:39:55 ----A---- C:\Windows\system32\msihnd.dll
2009-05-02 12:39:55 ----A---- C:\Windows\system32\msiexec.exe
2009-05-02 12:39:55 ----A---- C:\Windows\system32\msieftp.dll
2009-05-02 12:39:55 ----A---- C:\Windows\system32\msidcrl30.dll
2009-05-02 12:39:55 ----A---- C:\Windows\system32\msi.dll
2009-05-02 12:39:48 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-02 12:39:48 ----A---- C:\Windows\system32\msjet40.dll
2009-05-02 12:39:48 ----A---- C:\Windows\system32\msisip.dll
2009-05-02 12:39:48 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-02 12:39:48 ----A---- C:\Windows\system32\msimtf.dll
2009-05-02 12:39:47 ----A---- C:\Windows\system32\NlsData004a.dll
2009-05-02 12:39:47 ----A---- C:\Windows\system32\NlsData0047.dll
2009-05-02 12:39:47 ----A---- C:\Windows\system32\NlsData0046.dll
2009-05-02 12:39:47 ----A---- C:\Windows\system32\NlsData0045.dll
2009-05-02 12:39:47 ----A---- C:\Windows\system32\NlsData003e.dll
2009-05-02 12:39:46 ----A---- C:\Windows\system32\NlsData004b.dll
2009-05-02 12:39:46 ----A---- C:\Windows\system32\NlsData0049.dll
2009-05-02 12:39:46 ----A---- C:\Windows\system32\NlsData0024.dll
2009-05-02 12:39:45 ----A---- C:\Windows\system32\NlsData002a.dll
2009-05-02 12:39:45 ----A---- C:\Windows\system32\NlsData0026.dll
2009-05-02 12:39:45 ----A---- C:\Windows\system32\NlsData0022.dll
2009-05-02 12:39:44 ----A---- C:\Windows\system32\NlsData0039.dll
2009-05-02 12:39:26 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-05-02 12:39:26 ----A---- C:\Windows\system32\NlsData0027.dll
2009-05-02 12:39:25 ----A---- C:\Windows\system32\notepad.exe
2009-05-02 12:39:25 ----A---- C:\Windows\system32\Nlsdl.dll
2009-05-02 12:39:25 ----A---- C:\Windows\notepad.exe
2009-05-02 12:39:24 ----A---- C:\Windows\system32\NlsData004e.dll
2009-05-02 12:39:23 ----A---- C:\Windows\system32\NlsData0414.dll
2009-05-02 12:39:21 ----A---- C:\Windows\system32\NlsData004c.dll
2009-05-02 12:39:19 ----A---- C:\Windows\system32\NlsData081a.dll
2009-05-02 12:39:19 ----A---- C:\Windows\system32\NlsData0816.dll
2009-05-02 12:39:17 ----A---- C:\Windows\system32\NlsData0416.dll
2009-05-02 12:39:17 ----A---- C:\Windows\system32\NlsData0003.dll
2009-05-02 12:39:17 ----A---- C:\Windows\system32\NlsData0002.dll
2009-05-02 12:39:17 ----A---- C:\Windows\system32\NlsData0000.dll
2009-05-02 12:39:15 ----A---- C:\Windows\system32\NlsData0001.dll
2009-05-02 12:39:13 ----A---- C:\Windows\system32\NlsData0009.dll
2009-05-02 12:39:09 ----A---- C:\Windows\system32\NlsData000a.dll
2009-05-02 12:39:09 ----A---- C:\Windows\system32\NlsData0007.dll
2009-05-02 12:39:09 ----A---- C:\Windows\system32\nlmgp.dll
2009-05-02 12:39:09 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-02 12:39:08 ----A---- C:\Windows\system32\NlsData001b.dll
2009-05-02 12:39:08 ----A---- C:\Windows\system32\NlsData001a.dll
2009-05-02 12:39:08 ----A---- C:\Windows\system32\NlsData0018.dll
2009-05-02 12:39:08 ----A---- C:\Windows\system32\nlsbres.dll
2009-05-02 12:39:07 ----A---- C:\Windows\system32\NlsData0019.dll
2009-05-02 12:39:05 ----A---- C:\Windows\system32\NlsData0020.dll
2009-05-02 12:39:04 ----A---- C:\Windows\system32\NlsData0021.dll
2009-05-02 12:39:03 ----A---- C:\Windows\system32\NlsData001d.dll
2009-05-02 12:39:02 ----A---- C:\Windows\system32\NlsData000d.dll
2009-05-02 12:39:01 ----A---- C:\Windows\system32\NlsData000f.dll
2009-05-02 12:39:01 ----A---- C:\Windows\system32\NlsData000c.dll
2009-05-02 12:39:00 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-02 12:39:00 ----A---- C:\Windows\system32\NlsData0013.dll
2009-05-02 12:39:00 ----A---- C:\Windows\system32\NlsData0011.dll
2009-05-02 12:39:00 ----A---- C:\Windows\system32\NlsData0010.dll
2009-05-02 12:38:59 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-02 12:38:59 ----A---- C:\Windows\system32\odbcbcp.dll
2009-05-02 12:38:59 ----A---- C:\Windows\system32\odbc32.dll
2009-05-02 12:38:59 ----A---- C:\Windows\system32\objsel.dll
2009-05-02 12:38:58 ----A---- C:\Windows\system32\offfilt.dll
2009-05-02 12:38:56 ----A---- C:\Windows\system32\odbctrac.dll
2009-05-02 12:38:56 ----A---- C:\Windows\system32\odbcjt32.dll
2009-05-02 12:38:56 ----A---- C:\Windows\system32\odbccu32.dll
2009-05-02 12:38:56 ----A---- C:\Windows\system32\odbccr32.dll
2009-05-02 12:38:56 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\ntvdm.exe
2009-05-02 12:38:55 ----A---- C:\Windows\system32\ntshrui.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-02 12:38:55 ----A---- C:\Windows\system32\ntdsapi.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\ntdll.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\nslookup.exe
2009-05-02 12:38:55 ----A---- C:\Windows\system32\nsisvc.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\nsi.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\nshipsec.dll
2009-05-02 12:38:55 ----A---- C:\Windows\system32\nshhttp.dll
2009-05-02 12:38:54 ----A---- C:\Windows\system32\ntprint.dll
2009-05-02 12:38:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-02 12:38:54 ----A---- C:\Windows\system32\ntlanman.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netiougc.exe
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netid.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netevent.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netdiagfx.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netcorehc.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netcfgx.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netcfg.exe
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netcenter.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netbtugc.exe
2009-05-02 12:38:51 ----A---- C:\Windows\system32\netapi32.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\ncobjapi.dll
2009-05-02 12:38:51 ----A---- C:\Windows\system32\nci.dll
2009-05-02 12:38:50 ----A---- C:\Windows\system32\ncsi.dll
2009-05-02 12:38:50 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-02 12:38:50 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-02 12:38:49 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-02 12:38:49 ----A---- C:\Windows\system32\nbtstat.exe
2009-05-02 12:38:49 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-02 12:38:49 ----A---- C:\Windows\system32\NAPSTAT.EXE
2009-05-02 12:38:46 ----A---- C:\Windows\system32\net1.exe
2009-05-02 12:38:46 ----A---- C:\Windows\system32\net.exe
2009-05-02 12:38:46 ----A---- C:\Windows\system32\ndfetw.dll
2009-05-02 12:38:44 ----A---- C:\Windows\system32\newdev.dll
2009-05-02 12:38:44 ----A---- C:\Windows\system32\ndfapi.dll
2009-05-02 12:38:43 ----A---- C:\Windows\system32\networkmap.dll
2009-05-02 12:38:42 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-02 12:38:41 ----A---- C:\Windows\system32\nlasvc.dll
2009-05-02 12:38:41 ----A---- C:\Windows\system32\nlaapi.dll
2009-05-02 12:38:41 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-02 12:38:40 ----A---- C:\Windows\system32\netprof.dll
2009-05-02 12:38:40 ----A---- C:\Windows\system32\Netplwiz.exe
2009-05-02 12:38:40 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-02 12:38:40 ----A---- C:\Windows\system32\netman.dll
2009-05-02 12:38:40 ----A---- C:\Windows\system32\netlogon.dll
2009-05-02 12:38:39 ----A---- C:\Windows\system32\netshell.dll
2009-05-02 12:38:39 ----A---- C:\Windows\system32\NetProjW.dll
2009-05-02 12:38:39 ----A---- C:\Windows\system32\netprofm.dll
2009-05-02 12:38:39 ----A---- C:\Windows\system32\manage-bde.wsf
2009-05-02 12:38:39 ----A---- C:\Windows\system32\makecab.exe
2009-05-02 12:38:39 ----A---- C:\Windows\system32\lsmproxy.dll
2009-05-02 12:38:39 ----A---- C:\Windows\system32\lsm.exe
2009-05-02 12:38:39 ----A---- C:\Windows\system32\lsass.exe
2009-05-02 12:38:39 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-02 12:38:38 ----A---- C:\Windows\system32\mblctr.exe
2009-05-02 12:38:38 ----A---- C:\Windows\system32\manage-bde.ini.en
2009-05-02 12:38:38 ----A---- C:\Windows\system32\luainstall.dll
2009-05-02 12:38:38 ----A---- C:\Windows\system32\logman.exe
2009-05-02 12:38:38 ----A---- C:\Windows\system32\loghours.dll
2009-05-02 12:38:38 ----A---- C:\Windows\system32\logagent.exe
2009-05-02 12:38:38 ----A---- C:\Windows\system32\lodctr.exe
2009-05-02 12:38:36 ----A---- C:\Windows\system32\localui.dll
2009-05-02 12:38:36 ----A---- C:\Windows\system32\localsec.dll
2009-05-02 12:38:35 ----A---- C:\Windows\system32\lpremove.exe
2009-05-02 12:38:35 ----A---- C:\Windows\system32\lpksetup.exe
2009-05-02 12:38:35 ----A---- C:\Windows\system32\lpk.dll
2009-05-02 12:38:35 ----A---- C:\Windows\system32\localspl.dll
2009-05-02 12:38:33 ----A---- C:\Windows\system32\LogonUI.exe
2009-05-02 12:38:33 ----A---- C:\Windows\system32\logoff.exe
2009-05-02 12:38:32 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-02 12:38:31 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-02 12:38:31 ----A---- C:\Windows\system32\mfplat.dll
2009-05-02 12:38:31 ----A---- C:\Windows\system32\mfcsubs.dll
2009-05-02 12:38:30 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2009-05-02 12:38:30 ----A---- C:\Windows\system32\mfvdsp.dll
2009-05-02 12:38:30 ----A---- C:\Windows\system32\mfps.dll
2009-05-02 12:38:30 ----A---- C:\Windows\system32\mf.dll
2009-05-02 12:38:29 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-02 12:38:29 ----A---- C:\Windows\system32\mfc42.dll
2009-05-02 12:38:28 ----A---- C:\Windows\system32\MdSched.exe
2009-05-02 12:38:28 ----A---- C:\Windows\system32\mdminst.dll
2009-05-02 12:38:28 ----A---- C:\Windows\system32\McxDriv.dll
2009-05-02 12:38:28 ----A---- C:\Windows\system32\Mcx2Svc.dll
2009-05-02 12:38:28 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-05-02 12:38:28 ----A---- C:\Windows\system32\mcmde.dll
2009-05-02 12:38:28 ----A---- C:\Windows\system32\mcbuilder.exe
2009-05-02 12:38:26 ----A---- C:\Windows\system32\itss.dll
2009-05-02 12:38:26 ----A---- C:\Windows\system32\iscsiwmi.dll
2009-05-02 12:38:26 ----A---- C:\Windows\system32\iscsied.dll
2009-05-02 12:38:26 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-02 12:38:26 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-05-02 12:38:25 ----A---- C:\Windows\system32\iscsium.dll
2009-05-02 12:38:25 ----A---- C:\Windows\system32\iscsilog.dll
2009-05-02 12:38:25 ----A---- C:\Windows\system32\iscsiexe.dll
2009-05-02 12:38:25 ----A---- C:\Windows\system32\IPBusEnum.dll
2009-05-02 12:38:24 ----A---- C:\Windows\system32\ktmutil.exe
2009-05-02 12:38:24 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-02 12:38:24 ----A---- C:\Windows\system32\iprtrmgr.dll
2009-05-02 12:38:24 ----A---- C:\Windows\system32\iprtprio.dll
2009-05-02 12:38:24 ----A---- C:\Windows\system32\ipnathlp.dll
2009-05-02 12:38:24 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-05-02 12:38:24 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-02 12:38:24 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-02 12:38:23 ----A---- C:\Windows\system32\L2SecHC.dll
2009-05-02 12:38:23 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-02 12:38:23 ----A---- C:\Windows\system32\l2gpstore.dll
2009-05-02 12:38:23 ----A---- C:\Windows\system32\ktmw32.dll
2009-05-02 12:38:23 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-02 12:38:23 ----A---- C:\Windows\system32\KMSVC.DLL
2009-05-02 12:38:23 ----A---- C:\Windows\system32\keymgr.dll
2009-05-02 12:38:22 ----A---- C:\Windows\system32\loadperf.dll
2009-05-02 12:38:22 ----A---- C:\Windows\system32\lnkstub.exe
2009-05-02 12:38:22 ----A---- C:\Windows\system32\lltdsvc.dll
2009-05-02 12:38:22 ----A---- C:\Windows\system32\lltdapi.dll
2009-05-02 12:38:22 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\mprmsg.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\mprdim.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\mprddm.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\mprapi.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\mpr.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\kernel32.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\kerberos.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\kdusb.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\kdcom.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\kd1394.dll
2009-05-02 12:38:19 ----A---- C:\Windows\system32\KBDKOR.DLL
2009-05-02 12:38:19 ----A---- C:\Windows\system32\KBDJPN.DLL
2009-05-02 12:38:18 ----A---- C:\Windows\system32\MPSSVC.dll
2009-05-02 12:38:17 ----A---- C:\Windows\system32\mountvol.exe
2009-05-02 12:38:16 ----A---- C:\Windows\system32\MPG4DECD.DLL
2009-05-02 12:38:10 ----A---- C:\Windows\system32\MP4SDECD.DLL
2009-05-02 12:38:10 ----A---- C:\Windows\system32\MP43DECD.DLL
2009-05-02 12:38:10 ----A---- C:\Windows\system32\MP3DMOD.DLL
2009-05-02 12:38:08 ----A---- C:\Windows\system32\mscories.dll
2009-05-02 12:38:08 ----A---- C:\Windows\system32\mscorier.dll
2009-05-02 12:38:08 ----A---- C:\Windows\system32\mscoree.dll
2009-05-02 12:38:08 ----A---- C:\Windows\system32\mscms.dll
2009-05-02 12:38:08 ----A---- C:\Windows\system32\mscandui.dll
2009-05-02 12:38:07 ----A---- C:\Windows\system32\msconfig.exe
2009-05-02 12:38:06 ----A---- C:\Windows\system32\msctf.dll
2009-05-02 12:38:03 ----A---- C:\Windows\system32\msacm32.dll
2009-05-02 12:38:03 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-05-02 12:38:03 ----A---- C:\Windows\system32\msaatext.dll
2009-05-02 12:37:52 ----A---- C:\Windows\system32\mmcbase.dll
2009-05-02 12:37:52 ----A---- C:\Windows\system32\mmc.exe
2009-05-02 12:37:51 ----A---- C:\Windows\system32\mmcshext.dll
2009-05-02 12:37:51 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-02 12:37:50 ----A---- C:\Windows\system32\mobsync.exe
2009-05-02 12:37:50 ----A---- C:\Windows\system32\mlang.dll
2009-05-02 12:37:50 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-02 12:37:49 ----A---- C:\Windows\system32\modemui.dll
2009-05-02 12:37:49 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-02 12:37:49 ----A---- C:\Windows\system32\mmcss.dll
2009-05-02 12:37:46 ----A---- C:\Windows\system32\midimap.dll
2009-05-02 12:37:43 ----A---- C:\Windows\system32\milcore.dll
2009-05-02 12:37:40 ----A---- C:\Windows\system32\migisol.dll
2009-05-02 12:37:40 ----A---- C:\Windows\system32\MigAutoPlay.exe
2009-05-02 12:37:38 ----A---- C:\Windows\system32\seclogon.dll
2009-05-02 12:37:38 ----A---- C:\Windows\system32\SecEdit.exe
2009-05-02 12:37:38 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-02 12:37:38 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-02 12:37:38 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-02 12:37:38 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-02 12:37:37 ----A---- C:\Windows\system32\secur32.dll
2009-05-02 12:37:37 ----A---- C:\Windows\system32\secproc.dll
2009-05-02 12:37:37 ----A---- C:\Windows\system32\sdshext.dll
2009-05-02 12:37:37 ----A---- C:\Windows\system32\sdrsvc.dll
2009-05-02 12:37:36 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-02 12:37:36 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-02 12:37:36 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-02 12:37:36 ----A---- C:\Windows\system32\secpol.msc
2009-05-02 12:37:35 ----A---- C:\Windows\system32\shrink.dll
2009-05-02 12:37:35 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-02 12:37:35 ----A---- C:\Windows\system32\shimgvw.dll
2009-05-02 12:37:35 ----A---- C:\Windows\system32\shgina.dll
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shutdown.exe
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shsetup.dll
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shrpubw.exe
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shell32.dll
2009-05-02 12:37:30 ----A---- C:\Windows\system32\shacct.dll
2009-05-02 12:37:29 ----A---- C:\Windows\system32\shadow.exe
2009-05-02 12:37:28 ----A---- C:\Windows\system32\softkbd.dll
2009-05-02 12:37:28 ----A---- C:\Windows\system32\SnippingTool.exe
2009-05-02 12:37:28 ----A---- C:\Windows\system32\SndVol.exe
2009-05-02 12:37:28 ----A---- C:\Windows\system32\smss.exe
2009-05-02 12:37:28 ----A---- C:\Windows\system32\SmiInstaller.dll
2009-05-02 12:37:28 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\slwmi.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\slwga.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLUINotify.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLUI.exe
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLsvc.exe
2009-05-02 12:37:26 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLLUA.exe
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\slcinst.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\slcc.dll
2009-05-02 12:37:26 ----A---- C:\Windows\system32\SLC.dll
2009-05-02 12:37:24 ----A---- C:\Windows\system32\SmiEngine.dll
2009-05-02 12:37:23 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-02 12:37:23 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-02 12:37:21 ----A---- C:\Windows\system32\setbcdlocale.dll
2009-05-02 12:37:21 ----A---- C:\Windows\system32\SessEnv.dll
2009-05-02 12:37:20 ----A---- C:\Windows\system32\sfc_os.dll
2009-05-02 12:37:20 ----A---- C:\Windows\system32\sfc.exe
2009-05-02 12:37:20 ----A---- C:\Windows\system32\setupugc.exe
2009-05-02 12:37:20 ----A---- C:\Windows\system32\setupSNK.exe
2009-05-02 12:37:20 ----A---- C:\Windows\system32\setupcln.dll
2009-05-02 12:37:20 ----A---- C:\Windows\system32\setupcl.exe
2009-05-02 12:37:20 ----A---- C:\Windows\system32\sethc.exe
2009-05-02 12:37:20 ----A---- C:\Windows\system32\services.exe
2009-05-02 12:37:20 ----A---- C:\Windows\system32\serialui.dll
2009-05-02 12:37:18 ----A---- C:\Windows\system32\setupapi.dll
2009-05-02 12:37:18 ----A---- C:\Windows\system32\Sens.dll
2009-05-02 12:37:18 ----A---- C:\Windows\system32\sendmail.dll
2009-05-02 12:37:16 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-02 12:37:14 ----A---- C:\Windows\system32\powrprof.dll
2009-05-02 12:37:13 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-02 12:37:13 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-02 12:37:13 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-02 12:37:13 ----A---- C:\Windows\system32\ppcsnap.dll
2009-05-02 12:37:10 ----A---- C:\Windows\system32\pnrpnsp.dll
2009-05-02 12:37:10 ----A---- C:\Windows\system32\PNPXAssocPrx.dll
2009-05-02 12:37:10 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-05-02 12:37:10 ----A---- C:\Windows\system32\PnPutil.exe
2009-05-02 12:37:10 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-05-02 12:37:10 ----A---- C:\Windows\system32\pnpui.dll
2009-05-02 12:37:10 ----A---- C:\Windows\system32\pnidui.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\powercpl.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\pots.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\polstore.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\pnpts.dll
2009-05-02 12:37:07 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-02 12:37:06 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2009-05-02 12:37:06 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-02 12:37:06 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-02 12:37:05 ----A---- C:\Windows\system32\psbase.dll
2009-05-02 12:37:04 ----A---- C:\Windows\system32\QAGENT.DLL
2009-05-02 12:37:04 ----A---- C:\Windows\system32\PushPrinterConnections.exe
2009-05-02 12:37:04 ----A---- C:\Windows\system32\puiobj.dll
2009-05-02 12:37:04 ----A---- C:\Windows\system32\puiapi.dll
2009-05-02 12:37:04 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-02 12:37:04 ----A---- C:\Windows\system32\PSHED.DLL
2009-05-02 12:37:04 ----A---- C:\Windows\system32\provthrd.dll
2009-05-02 12:37:04 ----A---- C:\Windows\system32\propsys.dll
2009-05-02 12:37:04 ----A---- C:\Windows\system32\propdefs.dll
2009-05-02 12:37:02 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-02 12:37:02 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-02 12:37:02 ----A---- C:\Windows\system32\printcom.dll
2009-05-02 12:37:02 ----A---- C:\Windows\system32\PrintBrmUi.exe
2009-05-02 12:37:02 ----A---- C:\Windows\system32\prevhost.exe
2009-05-02 12:37:02 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-05-02 12:37:01 ----A---- C:\Windows\system32\profsvc.dll
2009-05-02 12:37:01 ----A---- C:\Windows\system32\profprov.dll
2009-05-02 12:37:01 ----A---- C:\Windows\system32\procinst.dll
2009-05-02 12:37:01 ----A---- C:\Windows\system32\prntvpt.dll
2009-05-02 12:37:01 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-02 12:37:00 ----A---- C:\Windows\system32\printui.dll
2009-05-02 12:36:59 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-02 12:36:58 ----A---- C:\Windows\system32\pcasvc.dll
2009-05-02 12:36:58 ----A---- C:\Windows\system32\pcadm.dll
2009-05-02 12:36:58 ----A---- C:\Windows\system32\p2pnetsh.dll
2009-05-02 12:36:58 ----A---- C:\Windows\system32\p2phost.exe
2009-05-02 12:36:58 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-02 12:36:58 ----A---- C:\Windows\system32\p2pcollab.dll
2009-05-02 12:36:58 ----A---- C:\Windows\system32\P2P.dll
2009-05-02 12:36:57 ----A---- C:\Windows\system32\pcaui.dll
2009-05-02 12:36:57 ----A---- C:\Windows\system32\oleprn.dll
2009-05-02 12:36:57 ----A---- C:\Windows\system32\oledlg.dll
2009-05-02 12:36:57 ----A---- C:\Windows\system32\olecli32.dll
2009-05-02 12:36:56 ----A---- C:\Windows\system32\olethk32.dll
2009-05-02 12:36:56 ----A---- C:\Windows\system32\olesvr32.dll
2009-05-02 12:36:56 ----A---- C:\Windows\system32\olepro32.dll
2009-05-02 12:36:54 ----A---- C:\Windows\system32\oleacc.dll
2009-05-02 12:36:54 ----A---- C:\Windows\system32\ogldrv.dll
2009-05-02 12:36:53 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-02 12:36:52 ----A---- C:\Windows\system32\OptionalFeatures.exe
2009-05-02 12:36:52 ----A---- C:\Windows\system32\ole32.dll
2009-05-02 12:36:51 ----A---- C:\Windows\system32\osblprov.dll
2009-05-02 12:36:51 ----A---- C:\Windows\system32\osbaseln.dll
2009-05-02 12:36:51 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-02 12:36:47 ----A---- C:\Windows\system32\photowiz.dll
2009-05-02 12:36:47 ----A---- C:\Windows\system32\onex.dll
2009-05-02 12:36:46 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-02 12:36:44 ----A---- C:\Windows\system32\PING.EXE
2009-05-02 12:36:43 ----A---- C:\Windows\system32\PkgMgr.exe
2009-05-02 12:36:43 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-02 12:36:42 ----A---- C:\Windows\system32\pla.dll
2009-05-02 12:36:41 ----A---- C:\Windows\system32\pmcsnap.dll
2009-05-02 12:36:41 ----A---- C:\Windows\system32\PlaySndSrv.dll
2009-05-02 12:36:38 ----A---- C:\Windows\system32\pdhui.dll
2009-05-02 12:36:38 ----A---- C:\Windows\system32\pdh.dll
2009-05-02 12:36:36 ----A---- C:\Windows\system32\perfts.dll
2009-05-02 12:36:36 ----A---- C:\Windows\system32\perfnet.dll
2009-05-02 12:36:36 ----A---- C:\Windows\system32\perfmon.exe
2009-05-02 12:36:36 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\samsrv.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\samlib.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rwinsta.exe
2009-05-02 12:36:35 ----A---- C:\Windows\system32\runonce.exe
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rstrui.exe
2009-05-02 12:36:35 ----A---- C:\Windows\system32\RstrtMgr.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rshx32.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-02 12:36:35 ----A---- C:\Windows\system32\rpcss.dll
2009-05-02 12:36:35 ----A---- C:\Windows\system32\perfmon.msc
2009-05-02 12:36:34 ----A---- C:\Windows\system32\rtm.dll
2009-05-02 12:36:34 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-02 12:36:34 ----A---- C:\Windows\system32\riched20.dll
2009-05-02 12:36:34 ----A---- C:\Windows\system32\rgb9rast.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\schtasks.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\schedsvc.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\schannel.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\rpcrt4.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\RpcPing.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\ROUTE.EXE
2009-05-02 12:36:33 ----A---- C:\Windows\system32\Robocopy.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\riched32.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\resutils.dll
2009-05-02 12:36:33 ----A---- C:\Windows\system32\reset.exe
2009-05-02 12:36:33 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2009-05-02 12:36:32 ----A---- C:\Windows\system32\sdengin2.dll
2009-05-02 12:36:32 ----A---- C:\Windows\system32\sdclt.exe
2009-05-02 12:36:32 ----A---- C:\Windows\system32\sdchange.exe
2009-05-02 12:36:32 ----A---- C:\Windows\system32\scksp.dll
2009-05-02 12:36:32 ----A---- C:\Windows\system32\scesrv.dll
2009-05-02 12:36:32 ----A---- C:\Windows\system32\scecli.dll
2009-05-02 12:36:32 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-02 12:36:32 ----A---- C:\Windows\system32\scansetting.dll
2009-05-02 12:36:32 ----A---- C:\Windows\system32\sbunattend.exe
2009-05-02 12:36:31 ----A---- C:\Windows\system32\scrrun.dll
2009-05-02 12:36:31 ----A---- C:\Windows\system32\scrptadm.dll
2009-05-02 12:36:31 ----A---- C:\Windows\system32\scrobj.dll
2009-05-02 12:36:29 ----A---- C:\Windows\system32\sbeio.dll
2009-05-02 12:36:29 ----A---- C:\Windows\system32\sbe.dll
2009-05-02 12:36:28 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-02 12:36:28 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-02 12:36:28 ----A---- C:\Windows\system32\rasctrs.dll
2009-05-02 12:36:28 ----A---- C:\Windows\system32\raschap.dll
2009-05-02 12:36:28 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-02 12:36:28 ----A---- C:\Windows\system32\RacAgent.exe
2009-05-02 12:36:28 ----A---- C:\Windows\system32\qwinsta.exe
2009-05-02 12:36:27 ----A---- C:\Windows\system32\rascfg.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\rasauto.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qwave.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\QUTIL.DLL
2009-05-02 12:36:27 ----A---- C:\Windows\system32\quser.exe
2009-05-02 12:36:27 ----A---- C:\Windows\system32\query.exe
2009-05-02 12:36:27 ----A---- C:\Windows\system32\Query.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qprocess.exe
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qmgr.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qedit.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qdvd.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qdv.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\QCLIPROV.DLL
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qcap.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qasf.dll
2009-05-02 12:36:27 ----A---- C:\Windows\system32\qappsrv.exe
2009-05-02 12:36:27 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-05-02 12:36:26 ----A---- C:\Windows\system32\remotepg.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\RelMon.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-02 12:36:26 ----A---- C:\Windows\system32\regsvc.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\regini.exe
2009-05-02 12:36:26 ----A---- C:\Windows\system32\RegCtrl.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\regapi.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\reg.exe
2009-05-02 12:36:26 ----A---- C:\Windows\system32\rdrleakdiag.exe
2009-05-02 12:36:26 ----A---- C:\Windows\system32\rdpwsx.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\rdpendp.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\RDPENCDD.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\quartz.dll
2009-05-02 12:36:26 ----A---- C:\Windows\system32\QSHVHOST.DLL
2009-05-02 12:36:26 ----A---- C:\Windows\regedit.exe
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rdpdd.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rdpclip.exe
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rdpcfgex.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rastls.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rastapi.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasqec.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasppp.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasplap.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasphone.exe
2009-05-02 12:36:25 ----A---- C:\Windows\system32\RASMM.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasmans.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasman.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-02 12:36:25 ----A---- C:\Windows\system32\raserver.exe
2009-05-02 12:36:24 ----A---- C:\Windows\system32\d3dim700.dll
2009-05-02 12:36:24 ----A---- C:\Windows\system32\d3dim.dll
2009-05-02 12:36:24 ----A---- C:\Windows\system32\d3d8.dll
2009-05-02 12:36:24 ----A---- C:\Windows\system32\d3d10core.dll
2009-05-02 12:36:24 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-05-02 12:36:24 ----A---- C:\Windows\system32\d3d10_1.dll
2009-05-02 12:36:23 ----A---- C:\Windows\system32\d3d9.dll
2009-05-02 12:36:22 ----A---- C:\Windows\system32\d3d10.dll
2009-05-02 12:36:20 ----A---- C:\Windows\system32\devenum.dll
2009-05-02 12:36:20 ----A---- C:\Windows\system32\Defrag.exe
2009-05-02 12:36:18 ----A---- C:\Windows\system32\ddraw.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\dbnetlib.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\dbghelp.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\d3dxof.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\cscapi.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\cryptui.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\cryptnet.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\credui.dll
2009-05-02 12:36:18 ----A---- C:\Windows\system32\credssp.dll
2009-05-02 12:36:17 ----A---- C:\Windows\system32\crypt32.dll
2009-05-02 12:36:16 ----A---- C:\Windows\system32\csrstub.exe
2009-05-02 12:36:16 ----A---- C:\Windows\system32\csrss.exe
2009-05-02 12:36:16 ----A---- C:\Windows\system32\csrsrv.dll
2009-05-02 12:36:16 ----A---- C:\Windows\system32\cscui.dll
2009-05-02 12:36:16 ----A---- C:\Windows\system32\cscsvc.dll
2009-05-02 12:36:16 ----A---- C:\Windows\system32\cscript.exe
2009-05-02 12:36:16 ----A---- C:\Windows\system32\CscMig.dll
2009-05-02 12:36:16 ----A---- C:\Windows\system32\cscdll.dll
2009-05-02 12:36:16 ----A---- C:\Windows\system32\cryptdll.dll
2009-05-02 12:36:15 ----A---- C:\Windows\system32\dinput8.dll
2009-05-02 12:36:15 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-02 12:36:15 ----A---- C:\Windows\system32\dimsjob.dll
2009-05-02 12:36:15 ----A---- C:\Windows\system32\cscobj.dll
2009-05-02 12:36:14 ----A---- C:\Windows\system32\dispci.dll
2009-05-02 12:36:14 ----A---- C:\Windows\system32\diantz.exe
2009-05-02 12:36:13 ----A---- C:\Windows\system32\dispex.dll
2009-05-02 12:36:13 ----A---- C:\Windows\system32\dispdiag.exe
2009-05-02 12:36:13 ----A---- C:\Windows\system32\diskraid.exe
2009-05-02 12:36:13 ----A---- C:\Windows\system32\diskpart.exe
2009-05-02 12:36:12 ----A---- C:\Windows\system32\dfrgui.exe
2009-05-02 12:36:12 ----A---- C:\Windows\system32\DfrgNtfs.exe
2009-05-02 12:36:11 ----A---- C:\Windows\system32\dfsr.exe
2009-05-02 12:36:11 ----A---- C:\Windows\system32\dfshim.dll
2009-05-02 12:36:11 ----A---- C:\Windows\system32\dfdts.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\diagperf.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\dhcpsapi.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\DHCPQEC.DLL
2009-05-02 12:36:10 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\DfsShlEx.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\dfrgifc.exe
2009-05-02 12:36:10 ----A---- C:\Windows\system32\dfrgfat.exe
2009-05-02 12:36:10 ----A---- C:\Windows\system32\DFDWiz.exe
2009-05-02 12:36:10 ----A---- C:\Windows\system32\devmgr.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-02 12:36:10 ----A---- C:\Windows\system32\cmlua.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\cmd.exe
2009-05-02 12:36:10 ----A---- C:\Windows\system32\cmcfg32.dll
2009-05-02 12:36:10 ----A---- C:\Windows\system32\clusapi.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\comsnap.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\comres.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\comrepl.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\ComputerDefaults.exe
2009-05-02 12:36:09 ----A---- C:\Windows\system32\cmipnpinstall.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\cmifw.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\cmicryptinstall.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\cmdl32.exe
2009-05-02 12:36:09 ----A---- C:\Windows\system32\clfsw32.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\clbcatq.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\cipher.exe
2009-05-02 12:36:09 ----A---- C:\Windows\system32\cic.dll
2009-05-02 12:36:09 ----A---- C:\Windows\system32\ci.dll
2009-05-02 12:36:08 ----A---- C:\Windows\system32\convert.exe
2009-05-02 12:36:08 ----A---- C:\Windows\system32\compstui.dll
2009-05-02 12:36:08 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2009-05-02 12:36:08 ----A---- C:\Windows\system32\CompatUI.dll
2009-05-02 12:36:07 ----A---- C:\Windows\system32\comuid.dll
2009-05-02 12:36:07 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\consent.exe
2009-05-02 12:36:06 ----A---- C:\Windows\system32\connect.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\conime.exe
2009-05-02 12:36:06 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\colorui.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\COLORCNV.DLL
2009-05-02 12:36:06 ----A---- C:\Windows\system32\colbact.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\cofiredm.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\cmutil.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\cmstplua.dll
2009-05-02 12:36:06 ----A---- C:\Windows\system32\cmstp.exe
2009-05-02 12:36:06 ----A---- C:\Windows\system32\cmpbk32.dll
2009-05-02 12:36:03 ----A---- C:\Windows\system32\els.dll
2009-05-02 12:36:03 ----A---- C:\Windows\system32\comctl32.dll
2009-05-02 12:35:58 ----A---- C:\Windows\system32\esentutl.exe
2009-05-02 12:35:58 ----A---- C:\Windows\system32\esentprf.dll
2009-05-02 12:35:58 ----A---- C:\Windows\system32\esent.dll
2009-05-02 12:35:58 ----A---- C:\Windows\system32\es.dll
2009-05-02 12:35:57 ----A---- C:\Windows\system32\EncDump.dll
2009-05-02 12:35:57 ----A---- C:\Windows\system32\EncDec.dll
2009-05-02 12:35:57 ----A---- C:\Windows\system32\emdmgmt.dll
2009-05-02 12:35:56 ----A---- C:\Windows\system32\efsadu.dll
2009-05-02 12:35:56 ----A---- C:\Windows\system32\eapsvc.dll
2009-05-02 12:35:56 ----A---- C:\Windows\system32\EAPQEC.DLL
2009-05-02 12:35:56 ----A---- C:\Windows\system32\eappprxy.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\filemgmt.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\feclient.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-02 12:35:54 ----A---- C:\Windows\system32\fde.dll
2009-05-02 12:35:52 ----A---- C:\Windows\system32\fontsub.dll
2009-05-02 12:35:52 ----A---- C:\Windows\system32\fontext.dll
2009-05-02 12:35:52 ----A---- C:\Windows\system32\fmifs.dll
2009-05-02 12:35:52 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2009-05-02 12:35:52 ----A---- C:\Windows\system32\FirewallAPI.dll
2009-05-02 12:35:52 ----A---- C:\Windows\system32\findstr.exe
2009-05-02 12:35:52 ----A---- C:\Windows\system32\findnetprinters.dll
2009-05-02 12:35:52 ----A---- C:\Windows\system32\fdPHost.dll
2009-05-02 12:35:50 ----A---- C:\Windows\system32\evr.dll
2009-05-02 12:35:50 ----A---- C:\Windows\system32\eventcls.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\extrac32.exe
2009-05-02 12:35:49 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\expand.exe
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dpx.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3ui.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3svc.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3gpui.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3gpclnt.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3dlg.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-02 12:35:49 ----A---- C:\Windows\system32\dot3api.dll
2009-05-02 12:35:49 ----A---- C:\Windows\explorer.exe
2009-05-02 12:35:48 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-02 12:35:48 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-02 12:35:48 ----A---- C:\Windows\system32\driverquery.exe
2009-05-02 12:35:48 ----A---- C:\Windows\system32\dps.dll
2009-05-02 12:35:48 ----A---- C:\Windows\system32\dpnet.dll
2009-05-02 12:35:48 ----A---- C:\Windows\system32\DpiScaling.exe
2009-05-02 12:35:48 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-02 12:35:48 ----A---- C:\Windows\system32\dmime.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dnshc.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmvdsitf.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmutil.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmusic.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmscript.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmocx.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmloader.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmdskres2.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmdskmgr.dll
2009-05-02 12:35:47 ----A---- C:\Windows\system32\dmdlgs.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\eapphost.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dxva2.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dxmasf.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dxgi.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dxdiagn.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dxdiag.exe
2009-05-02 12:35:46 ----A---- C:\Windows\system32\DWWIN.EXE
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dwmredir.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dwmapi.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dwm.exe
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dsound.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dskquoui.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dskquota.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dsdmo.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\dsauth.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\drvstore.dll
2009-05-02 12:35:46 ----A---- C:\Windows\system32\drvinst.exe
2009-05-02 12:35:45 ----A---- C:\Windows\system32\duser.dll
2009-05-02 12:35:45 ----A---- C:\Windows\system32\dsuiext.dll
2009-05-02 12:35:45 ----A---- C:\Windows\system32\dssenh.dll
2009-05-02 12:35:45 ----A---- C:\Windows\system32\dssec.dll
2009-05-02 12:35:45 ----A---- C:\Windows\system32\dsquery.dll
2009-05-02 12:35:45 ----A---- C:\Windows\system32\dsprop.dll
2009-05-02 12:35:44 ----A---- C:\Windows\system32\audiodg.exe
2009-05-02 12:35:44 ----A---- C:\Windows\system32\atmfd.dll
2009-05-02 12:35:43 ----A---- C:\Windows\system32\authfwcfg.dll
2009-05-02 12:35:43 ----A---- C:\Windows\system32\AudioEng.dll
2009-05-02 12:35:43 ----A---- C:\Windows\system32\audiodev.dll
2009-05-02 12:35:43 ----A---- C:\Windows\system32\atl.dll
2009-05-02 12:35:43 ----A---- C:\Windows\system32\AtBroker.exe
2009-05-02 12:35:43 ----A---- C:\Windows\system32\at.exe
2009-05-02 12:35:40 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2009-05-02 12:35:40 ----A---- C:\Windows\system32\AuthFWGP.dll
2009-05-02 12:35:40 ----A---- C:\Windows\system32\auditpol.exe
2009-05-02 12:35:40 ----A---- C:\Windows\system32\audiosrv.dll
2009-05-02 12:35:40 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-02 12:35:40 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\bitsadmin.exe
2009-05-02 12:35:39 ----A---- C:\Windows\system32\BFE.DLL
2009-05-02 12:35:39 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\bcdsrv.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\bcdprov.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\bcdedit.exe
2009-05-02 12:35:39 ----A---- C:\Windows\system32\batt.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\basesrv.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\basecsp.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\autoplay.dll
2009-05-02 12:35:39 ----A---- C:\Windows\system32\autofmt.exe
2009-05-02 12:35:39 ----A---- C:\Windows\bfsvc.exe
2009-05-02 12:35:38 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-05-02 12:35:38 ----A---- C:\Windows\system32\autoconv.exe
2009-05-02 12:35:38 ----A---- C:\Windows\system32\autochk.exe
2009-05-02 12:35:38 ----A---- C:\Windows\system32\authz.dll
2009-05-02 12:35:38 ----A---- C:\Windows\system32\authui.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\AzSqlExt.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\azroleui.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\azroles.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\avrt.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\avifil32.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\ACW.exe
2009-05-02 12:35:37 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2009-05-02 12:35:37 ----A---- C:\Windows\system32\ActionQueue.dll
2009-05-02 12:35:36 ----A---- C:\Windows\system32\actxprxy.dll
2009-05-02 12:35:36 ----A---- C:\Windows\system32\activeds.dll
2009-05-02 12:35:35 ----A---- C:\Windows\system32\aclui.dll
2009-05-02 12:35:34 ----A---- C:\Windows\system32\aaclient.dll
2009-05-02 12:35:33 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\apss.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\appmgr.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\appmgmts.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\apircl.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\apilogen.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\apds.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\amxread.dll
2009-05-02 12:35:32 ----A---- C:\Windows\system32\amstream.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\appinfo.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\apphelp.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\alg.exe
2009-05-02 12:35:31 ----A---- C:\Windows\system32\advapi32.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\adtschema.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\adsnt.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-02 12:35:31 ----A---- C:\Windows\system32\adsldp.dll
2009-05-02 12:35:30 ----A---- C:\Windows\system32\catsrvut.dll
2009-05-02 12:35:30 ----A---- C:\Windows\system32\cabview.dll
2009-05-02 12:35:30 ----A---- C:\Windows\system32\cabinet.dll
2009-05-02 12:35:30 ----A---- C:\Windows\system32\btpanui.dll
2009-05-02 12:35:29 ----A---- C:\Windows\system32\catsrv.dll
2009-05-02 12:35:29 ----A---- C:\Windows\system32\capisp.dll
2009-05-02 12:35:29 ----A---- C:\Windows\system32\cacls.exe
2009-05-02 12:35:29 ----A---- C:\Windows\system32\brcplsiw.dll
2009-05-02 12:35:28 ----A---- C:\Windows\system32\bthci.dll
2009-05-02 12:35:28 ----A---- C:\Windows\system32\browseui.dll
2009-05-02 12:35:28 ----A---- C:\Windows\system32\browser.dll
2009-05-02 12:35:28 ----A---- C:\Windows\system32\bridgeunattend.exe
2009-05-02 12:35:28 ----A---- C:\Windows\system32\brcplsdw.dll
2009-05-02 12:35:28 ----A---- C:\Windows\system32\brcpl.dll
2009-05-02 12:35:28 ----A---- C:\Windows\system32\BOOTVID.DLL
2009-05-02 12:35:28 ----A---- C:\Windows\system32\bootstr.dll
2009-05-02 12:35:27 ----A---- C:\Windows\system32\chgport.exe
2009-05-02 12:35:27 ----A---- C:\Windows\system32\chglogon.exe
2009-05-02 12:35:27 ----A---- C:\Windows\system32\change.exe
2009-05-02 12:35:27 ----A---- C:\Windows\system32\certutil.exe
2009-05-02 12:35:27 ----A---- C:\Windows\system32\certreq.exe
2009-05-02 12:35:27 ----A---- C:\Windows\system32\certprop.dll
2009-05-02 12:35:27 ----A---- C:\Windows\system32\certmgr.dll
2009-05-02 12:35:27 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-02 12:35:27 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2009-05-02 12:35:27 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-02 12:35:27 ----A---- C:\Windows\system32\certcli.dll
2009-05-02 12:35:26 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-02 12:35:25 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-02 12:35:25 ----A---- C:\Windows\system32\chgusr.exe
2009-05-02 12:35:25 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-05-02 12:35:25 ----A---- C:\Windows\system32\cfgbkend.dll
2009-05-02 12:35:25 ----A---- C:\Windows\system32\cewmdm.dll
2009-05-02 12:35:24 ----A---- C:\Windows\system32\cdosys.dll
2009-05-02 12:35:24 ----A---- C:\Windows\system32\cdd.dll
2009-05-02 12:35:21 ----A---- C:\Windows\system32\bootcfg.exe
2009-05-02 12:35:21 ----A---- C:\Windows\system32\BlbEvents.dll
2009-05-02 12:35:21 ----A---- C:\Windows\system32\blb_ps.dll
2009-05-02 12:35:21 ----A---- C:\Windows\system32\blackbox.dll
2009-05-02 12:35:21 ----A---- C:\Windows\system32\bitsigd.dll
2009-05-02 12:35:14 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-02 12:35:12 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-02 12:35:12 ----A---- C:\Windows\system32\imapi2.dll
2009-05-02 12:35:12 ----A---- C:\Windows\system32\imapi.dll
2009-05-02 12:35:12 ----A---- C:\Windows\system32\imagesp1.dll
2009-05-02 12:35:12 ----A---- C:\Windows\system32\imagehlp.dll
2009-05-02 12:35:11 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-05-02 12:35:09 ----A---- C:\Windows\system32\inetppui.dll
2009-05-02 12:35:09 ----A---- C:\Windows\system32\inetpp.dll
2009-05-02 12:35:09 ----A---- C:\Windows\system32\inetmib1.dll
2009-05-02 12:35:09 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-02 12:35:08 ----A---- C:\Windows\system32\input.dll
2009-05-02 12:35:08 ----A---- C:\Windows\system32\InkEd.dll
2009-05-02 12:35:07 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-02 12:35:07 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2009-05-02 12:35:05 ----A---- C:\Windows\system32\imm32.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\icaapi.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iassdo.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iassam.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iasrad.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iasnap.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iashost.exe
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iasads.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\iasacct.dll
2009-05-02 12:35:04 ----A---- C:\Windows\system32\ias.dll
2009-05-02 12:35:00 ----A---- C:\Windows\system32\httpapi.dll
2009-05-02 12:34:58 ----A---- C:\Windows\system32\ifsutil.dll
2009-05-02 12:34:58 ----A---- C:\Windows\system32\ifmon.dll
2009-05-02 12:34:58 ----A---- C:\Windows\system32\icsunattend.exe
2009-05-02 12:34:58 ----A---- C:\Windows\system32\icsfiltr.dll
2009-05-02 12:34:57 ----A---- C:\Windows\system32\icm32.dll
2009-05-02 12:34:56 ----A---- C:\Windows\system32\idndl.dll
2009-05-02 12:34:55 ----A---- C:\Windows\system32\icfupgd.dll
2009-05-02 12:34:55 ----A---- C:\Windows\system32\icardres.dll
2009-05-02 12:34:55 ----A---- C:\Windows\system32\icardagt.exe
2009-05-02 12:34:55 ----A---- C:\Windows\system32\icacls.exe
2009-05-02 12:34:31 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2009-05-02 12:34:31 ----A---- C:\Windows\system32\hnetmon.dll
2009-05-02 12:34:31 ----A---- C:\Windows\system32\hnetcfg.dll
2009-05-02 12:34:31 ----A---- C:\Windows\system32\hlink.dll
2009-05-02 12:34:18 ----A---- C:\Windows\system32\FXSCOVER.exe
2009-05-02 12:34:18 ----A---- C:\Windows\system32\FXSCOMEX.dll
2009-05-02 12:34:17 ----A---- C:\Windows\system32\FXSCOMPOSE.dll
2009-05-02 12:34:16 ----A---- C:\Windows\system32\FXSMON.dll
2009-05-02 12:34:16 ----A---- C:\Windows\system32\FXSEXT32.dll
2009-05-02 12:34:16 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-02 12:34:14 ----A---- C:\Windows\system32\FXSCOM.dll
2009-05-02 12:34:14 ----A---- C:\Windows\system32\FXSAPI.dll
2009-05-02 12:34:14 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-02 12:34:13 ----A---- C:\Windows\system32\FXSUNATD.exe
2009-05-02 12:34:12 ----A---- C:\Windows\system32\FXSXP32.dll
2009-05-02 12:34:12 ----A---- C:\Windows\system32\FXSUTILITY.dll
2009-05-02 12:34:12 ----A---- C:\Windows\system32\FXSTIFF.dll
2009-05-02 12:34:09 ----A---- C:\Windows\system32\FXSROUTE.dll
2009-05-02 12:34:09 ----A---- C:\Windows\system32\FXSRESM.dll
2009-05-02 12:33:59 ----A---- C:\Windows\system32\FXST30.dll
2009-05-02 12:33:59 ----A---- C:\Windows\system32\FXSSVC.exe
2009-05-02 12:33:59 ----A---- C:\Windows\system32\FXSST.dll
2009-05-02 12:33:59 ----A---- C:\Windows\system32\fsmgmt.msc
2009-05-02 12:33:58 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\hcrstco.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\GuidedHelp.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\gdi32.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fwcfg.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fveui.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fveRecover.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fvenotify.exe
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fvecpl.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fveapi.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fundisc.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\ftp.exe
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fsutil.exe
2009-05-02 12:33:58 ----A---- C:\Windows\system32\framedynos.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\framedyn.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\framebuf.dll
2009-05-02 12:33:58 ----A---- C:\Windows\system32\fphc.dll
2009-05-02 12:33:58 ----A---- C:\Windows\HelpPane.exe
2009-05-02 12:33:58 ----A---- C:\Windows\fveupdate.exe
2009-05-02 12:33:57 ----A---- C:\Windows\system32\graftabl.com
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpsvc.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpscript.exe
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpscript.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpresult.exe
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpprnext.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpedit.msc
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpedit.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gpapi.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\getmac.exe
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gatherWirelessInfo.vbs
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gatherWiredInfo.vbs
2009-05-02 12:33:57 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gameux.dll
2009-05-02 12:33:57 ----A---- C:\Windows\system32\gacinstall.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wiadss.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wiadefui.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wiaacmgr.exe
2009-05-02 12:33:53 ----A---- C:\Windows\system32\whealogr.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\WFS.exe
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wfapigp.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wevtsvc.dll
2009-05-02 12:33:53 ----A---- C:\Windows\system32\wevtfwd.dll
2009-05-02 12:33:52 ----A---- C:\Windows\system32\win32spl.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\winusb.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\wintrust.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\winsta.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\winsrv.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\WINSRPC.DLL
2009-05-02 12:33:51 ----A---- C:\Windows\system32\WinSAT.exe
2009-05-02 12:33:51 ----A---- C:\Windows\system32\wiashext.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\wiaservc.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\wiascanprofiles.dll
2009-05-02 12:33:51 ----A---- C:\Windows\system32\wiarpc.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\WLanConn.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\wlancfg.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\wlanapi.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\wkssvc.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\wisptis.exe
2009-05-02 12:33:50 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\WinSATAPI.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\winrsmgr.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\winload.exe
2009-05-02 12:33:50 ----A---- C:\Windows\system32\winipsec.dll
2009-05-02 12:33:50 ----A---- C:\Windows\system32\wininit.exe
2009-05-02 12:33:50 ----A---- C:\Windows\system32\winethc.dll
2009-05-02 12:33:49 ----A---- C:\Windows\system32\winrshost.exe
2009-05-02 12:33:49 ----A---- C:\Windows\system32\winrscmd.dll
2009-05-02 12:33:49 ----A---- C:\Windows\system32\winrs.exe
2009-05-02 12:33:49 ----A---- C:\Windows\system32\winrm.vbs
2009-05-02 12:33:49 ----A---- C:\Windows\system32\winresume.exe
2009-05-02 12:33:49 ----A---- C:\Windows\system32\winhttp.dll
2009-05-02 12:33:49 ----A---- C:\Windows\system32\WinFax.dll
2009-05-02 12:33:49 ----A---- C:\Windows\system32\WindowsUltimateExtrasCPL.dll
2009-05-02 12:33:48 ----A---- C:\Windows\system32\winnsi.dll
2009-05-02 12:33:48 ----A---- C:\Windows\system32\winmm.dll
2009-05-02 12:33:48 ----A---- C:\Windows\system32\winlogon.exe
2009-05-02 12:33:48 ----A---- C:\Windows\system32\w32time.dll
2009-05-02 12:33:46 ----A---- C:\Windows\system32\wbemcomn.dll
2009-05-02 12:33:46 ----A---- C:\Windows\system32\wbadmin.exe
2009-05-02 12:33:46 ----A---- C:\Windows\system32\wavemsp.dll
2009-05-02 12:33:46 ----A---- C:\Windows\system32\WavDest.dll
2009-05-02 12:33:46 ----A---- C:\Windows\system32\waitfor.exe
2009-05-02 12:33:46 ----A---- C:\Windows\system32\w32tm.exe
2009-05-02 12:33:45 ----A---- C:\Windows\system32\VSSVC.exe
2009-05-02 12:33:45 ----A---- C:\Windows\system32\vsstrace.dll
2009-05-02 12:33:45 ----A---- C:\Windows\system32\vssapi.dll
2009-05-02 12:33:45 ----A---- C:\Windows\system32\vssadmin.exe
2009-05-02 12:33:45 ----A---- C:\Windows\system32\vss_ps.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wersvc.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wermgr.exe
2009-05-02 12:33:44 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-02 12:33:44 ----A---- C:\Windows\system32\WerFault.exe
2009-05-02 12:33:44 ----A---- C:\Windows\system32\werdiagcontroller.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wercplsupport.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wercon.exe
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wer.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wecutil.exe
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wecsvc.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wecapi.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wdscore.dll
2009-05-02 12:33:44 ----A---- C:\Windows\system32\wbengine.exe
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wship6.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wshext.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wshcon.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wsepno.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wsecedit.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscsvc.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscript.exe
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscproxystub.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscmisetup.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wscapi.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wdigest.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wdi.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wdc.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-02 12:33:43 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\XPSSHHDR.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\xolehlp.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\xmlprovi.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\xmllite.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\xcopy.exe
2009-05-02 12:33:42 ----A---- C:\Windows\system32\xactsrv.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wzcdlg.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wvc.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wuwebv.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wusa.exe
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wups2.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wups.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wudriver.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WUDFx.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WUDFSvc.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WUDFPlatform.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wucltux.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wsqmcons.exe
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wsock32.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WsmWmiPl.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WsmRes.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WsmProv.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WsmCl.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WsmAuto.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2009-05-02 12:33:42 ----A---- C:\Windows\system32\ws2_32.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpnpinst.exe
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpdwcn.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WPDSp.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpdshext.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpd_ci.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpclsp.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpccpl.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\wpcao.dll
2009-05-02 12:33:42 ----A---- C:\Windows\system32\Wpc.dll
2009-05-02 12:33:41 ----A---- C:\Windows\system32\xwizards.dll
2009-05-02 12:33:41 ----A---- C:\Windows\system32\xpssvcs.dll
2009-05-02 12:33:41 ----A---- C:\Windows\system32\WUDFHost.exe
2009-05-02 12:33:41 ----A---- C:\Windows\system32\wuaueng.dll
2009-05-02 12:33:41 ----A---- C:\Windows\system32\wuauclt.exe
2009-05-02 12:33:41 ----A---- C:\Windows\system32\wuapp.exe
2009-05-02 12:33:41 ----A---- C:\Windows\system32\wuapi.dll
2009-05-02 12:33:41 ----A---- C:\Windows\system32\wtsapi32.dll
2009-05-02 12:33:41 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wmidx.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlanui.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlansvc.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlansec.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\WlanMmHC.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\WlanMM.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\WLanHC.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlanext.exe
2009-05-02 12:33:40 ----A---- C:\Windows\system32\wlandlg.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2009-05-02 12:33:39 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wmpsrcwp.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wmpshell.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-05-02 12:33:39 ----A---- C:\Windows\system32\WMASF.DLL
2009-05-02 12:33:39 ----A---- C:\Windows\system32\WMADMOE.DLL
2009-05-02 12:33:39 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-05-02 12:33:39 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-02 12:33:38 ----A---- C:\Windows\system32\wow32.dll
2009-05-02 12:33:38 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\WMVSENCD.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\wmvdspa.dll
2009-05-02 12:33:38 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\wmploc.DLL
2009-05-02 12:33:38 ----A---- C:\Windows\system32\wmiprop.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\wmpdxm.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\wmpcm.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\wmp.dll
2009-05-02 12:33:37 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-02 12:33:36 ----A---- C:\Windows\system32\Tabbtn.dll
2009-05-02 12:33:36 ----A---- C:\Windows\system32\t2embed.dll
2009-05-02 12:33:36 ----A---- C:\Windows\system32\systeminfo.exe
2009-05-02 12:33:36 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-02 12:33:35 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-02 12:33:35 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-02 12:33:35 ----A---- C:\Windows\system32\tbssvc.dll
2009-05-02 12:33:35 ----A---- C:\Windows\system32\tbs.dll
2009-05-02 12:33:35 ----A---- C:\Windows\system32\taskmgr.exe
2009-05-02 12:33:35 ----A---- C:\Windows\system32\tasklist.exe
2009-05-02 12:33:35 ----A---- C:\Windows\system32\taskkill.exe
2009-05-02 12:33:34 ----A---- C:\Windows\system32\tdh.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\tcpmon.ini
2009-05-02 12:33:34 ----A---- C:\Windows\system32\taskschd.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\taskeng.exe
2009-05-02 12:33:34 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\takeown.exe
2009-05-02 12:33:34 ----A---- C:\Windows\system32\tabcal.exe
2009-05-02 12:33:34 ----A---- C:\Windows\system32\TabbtnEx.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\srcore.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\srclient.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-02 12:33:34 ----A---- C:\Windows\system32\sqmapi.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\sstpsvc.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\SSShim.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\ssdpsrv.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\srwmi.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\srvsvc.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\srrstr.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\srdelayed.exe
2009-05-02 12:33:33 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\sqlcese30.dll
2009-05-02 12:33:33 ----A---- C:\Windows\system32\sqlceqp30.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\sysmain.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\syskey.exe
2009-05-02 12:33:32 ----A---- C:\Windows\system32\SysFxUI.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\syncui.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\synceng.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\sxstrace.exe
2009-05-02 12:33:32 ----A---- C:\Windows\system32\sxsstore.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\sxs.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\swprv.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spwmp.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spwizres.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spwizimg.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spwizeng.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\sppnp.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spopk.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spoolsv.exe
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spoolss.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\spbcd.dll
2009-05-02 12:33:32 ----A---- C:\Windows\system32\SoundRecorder.exe
2009-05-02 12:33:31 ----A---- C:\Windows\system32\syssetup.dll
2009-05-02 12:33:31 ----A---- C:\Windows\system32\svchost.exe
2009-05-02 12:33:31 ----A---- C:\Windows\system32\sud.dll
2009-05-02 12:33:31 ----A---- C:\Windows\system32\Storprop.dll
2009-05-02 12:33:31 ----A---- C:\Windows\system32\stobject.dll
2009-05-02 12:33:31 ----A---- C:\Windows\system32\sti_ci.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\usp10.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\userinit.exe
2009-05-02 12:33:30 ----A---- C:\Windows\system32\userenv.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\usercpl.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\user32.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\usbui.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\usbperf.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\usbmon.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\upnphost.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\upnpcont.exe
2009-05-02 12:33:30 ----A---- C:\Windows\system32\upnp.dll
2009-05-02 12:33:30 ----A---- C:\Windows\system32\untfs.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\xwtpw32.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\VIDRESZR.DLL
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vga64k.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vga256.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vga.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vfwwdm32.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\version.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\verifier.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\verifier.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vdsldr.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vdsbas.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vds_ps.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vds.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vdmredir.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\VAN.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\uxtheme.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\uxsms.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\uudf.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\Utilman.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\utildll.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\umb.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\ulib.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\TSpkg.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tskill.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tsdiscon.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tsddd.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tscon.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tscfgwmi.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\trkwks.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tracerpt.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\tquery.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\TpmInit.exe
2009-05-02 12:33:29 ----A---- C:\Windows\system32\TMM.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\thumbcache.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\themeui.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\themecpl.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\termsrv.dll
2009-05-02 12:33:29 ----A---- C:\Windows\system32\termmgr.dll
2009-05-02 12:33:28 ----A---- C:\Windows\system32\unregmp2.exe
2009-05-02 12:33:28 ----A---- C:\Windows\system32\unlodctr.exe
2009-05-02 12:33:28 ----A---- C:\Windows\system32\unattendedjoin.exe
2009-05-02 12:33:28 ----A---- C:\Windows\system32\umrdp.dll
2009-05-02 12:33:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-05-02 12:33:28 ----A---- C:\Windows\system32\UIHub.dll
2009-05-02 12:33:27 ----A---- C:\Windows\system32\unbcl.dll
2009-05-02 12:33:27 ----A---- C:\Windows\system32\unattend.dll
2009-05-02 12:33:27 ----A---- C:\Windows\system32\ucsvc.exe
2009-05-02 12:33:27 ----A---- C:\Windows\system32\txfw32.dll
2009-05-02 12:33:27 ----A---- C:\Windows\system32\txflog.dll
2009-05-02 12:33:27 ----A---- C:\Windows\system32\twext.dll
2009-05-02 12:33:27 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-02 12:33:26 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-05-02 12:33:26 ----A---- C:\Windows\system32\ufat.dll
2009-05-02 12:33:26 ----A---- C:\Windows\system32\uexfat.dll
2009-05-02 12:33:26 ----A---- C:\Windows\system32\uDWM.dll
2009-05-02 12:33:25 ----A---- C:\Windows\system32\UI0Detect.exe
2009-05-02 12:23:14 ----A---- C:\Windows\system32\kbd106n.dll
2009-05-02 12:18:01 ----A---- C:\Windows\system32\cbsra.exe
2009-05-02 10:58:49 ----D---- C:\Windows\system32\Macromed
2009-05-02 10:28:06 ----D---- C:\Users\Mom\AppData\Roaming\LimeWire
2009-04-29 18:48:12 ----D---- C:\ProgramData\Hewlett-Packard
2009-04-29 18:41:28 ----A---- C:\Windows\system32\hpz3l5ha.dll
2009-04-29 18:31:38 ----A---- C:\Windows\system32\hpzids01.dll
2009-04-29 18:31:38 ----A---- C:\Windows\system32\hppldcoi.dll
2009-04-29 18:31:32 ----A---- C:\Windows\system32\difxapi.dll
2009-04-29 18:14:16 ----D---- C:\Users\Mom\AppData\Roaming\GetRightToGo
2009-04-29 17:07:55 ----A---- C:\Windows\system32\deploytk.dll
2009-04-29 17:07:54 ----A---- C:\Windows\system32\javaws.exe
2009-04-29 17:07:53 ----A---- C:\Windows\system32\javaw.exe
2009-04-29 17:07:53 ----A---- C:\Windows\system32\java.exe
2009-04-29 17:07:26 ----D---- C:\Users\Mom\AppData\Roaming\ImgBurn
2009-04-29 17:01:32 ----D---- C:\ProgramData\FlashFXP
2009-04-29 17:00:40 ----D---- C:\Users\Mom\AppData\Roaming\FlashFXP
2009-04-29 16:56:03 ----D---- C:\ProgramData\DVD Shrink
2009-04-29 16:51:05 ----D---- C:\ProgramData\HP
2009-04-29 16:51:01 ----D---- C:\Users\Mom\AppData\Roaming\DAZ 3D
2009-04-29 16:17:31 ----D---- C:\Users\Mom\AppData\Roaming\Vso
2009-04-29 16:12:32 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-04-29 16:12:30 ----D---- C:\Users\Mom\AppData\Roaming\Macromedia
2009-04-29 16:12:24 ----D---- C:\Users\Mom\AppData\Roaming\Adobe
2009-04-29 16:10:12 ----D---- C:\ProgramData\Adobe
2009-04-29 16:09:46 ----D---- C:\Program Files\Common Files\Adobe
2009-04-29 16:07:43 ----D---- C:\Program Files\Microsoft
2009-04-29 16:07:19 ----D---- C:\Program Files\Windows Live SkyDrive
2009-04-29 16:04:54 ----D---- C:\Program Files\Common Files\Windows Live
2009-04-28 20:45:41 ----D---- C:\Windows\Panther
2009-04-28 20:25:14 ----D---- C:\Windows.old
2009-04-28 20:04:31 ----A---- C:\Windows\system32\msonpmon.dll
2009-04-28 20:03:21 ----D---- C:\Program Files\Common Files\DESIGNER
2009-04-28 20:02:59 ----D---- C:\Windows\PCHEALTH
2009-04-28 19:57:23 ----D---- C:\ProgramData\NOS
2009-04-28 19:56:04 ----AD---- C:\ProgramData\TEMP
2009-04-28 19:55:29 ----D---- C:\ProgramData\Microsoft Help
2009-04-28 19:54:00 ----D---- C:\Windows\Debug
2009-04-28 19:53:59 ----D---- C:\Windows\CSC
2009-04-28 19:51:06 ----D---- C:\ProgramData\NVIDIA
2009-04-28 19:48:35 ----D---- C:\Windows\Prefetch
2009-04-28 19:03:24 ----D---- C:\Users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2009-04-28 19:03:24 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-04-28 18:58:25 ----D---- C:\Users\Mom\AppData\Roaming\uTorrent
2009-04-28 18:56:47 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-04-28 18:51:47 ----SHD---- C:\Windows\Installer
2009-04-28 18:51:42 ----D---- C:\ProgramData\Dell
2009-04-28 18:49:31 ----D---- C:\Users\Mom\AppData\Roaming\Mozilla
2009-04-28 18:47:08 ----D---- C:\Windows\system32\RTCOM
2009-04-28 18:46:42 ----A---- C:\Windows\DIFxAPI.dll
2009-04-28 18:46:41 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-28 18:46:41 ----A---- C:\Windows\system32\SRSWOW.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\SRSTSXT.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\RtkPgExt.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\RtkCoInst.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\RtkAPO.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\ppChain.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\DaisyWrp.dll
2009-04-28 18:46:41 ----A---- C:\Windows\system32\CTAPO32.dll
2009-04-28 18:46:41 ----A---- C:\Windows\RtlUpd.exe
2009-04-28 18:46:41 ----A---- C:\Windows\RtHDVCpl.exe
2009-04-28 18:45:46 ----A---- C:\Windows\RtlExUpd.dll
2009-04-28 18:45:46 ----A---- C:\Windows\HideWin.exe
2009-04-28 18:42:36 ----A---- C:\Windows\system32\nvexpbar.dll
2009-04-28 18:42:36 ----A---- C:\Windows\system32\nvcpluir.dll
2009-04-28 18:42:35 ----A---- C:\Windows\system32\nvcplui.exe
2009-04-28 18:41:06 ----D---- C:\Program Files\Common Files\InstallShield
2009-04-28 18:40:08 ----D---- C:\Users\Mom\AppData\Roaming\WinRAR
2009-04-28 18:36:58 ----D---- C:\Users\Mom\AppData\Roaming\InstallShield
2009-04-28 18:21:42 ----A---- C:\Windows\I531_1012.INI
2009-04-28 18:13:06 ----D---- C:\Users\Mom\AppData\Roaming\Identities
2009-04-28 18:12:59 ----SD---- C:\Users\Mom\AppData\Roaming\Microsoft
2009-04-28 18:12:59 ----D---- C:\Users\Mom\AppData\Roaming\Media Center Programs
2009-04-28 17:55:35 ----D---- C:\Windows\SoftwareDistribution
2009-04-25 12:49:34 ----D---- C:\Program Files\TiVo
2009-04-25 11:18:34 ----D---- C:\Program Files\pyTivo
2009-04-25 11:16:40 ----D---- C:\Python26
2009-04-25 11:10:29 ----D---- C:\Program Files\VideoraTiVoConverter
2009-04-24 22:56:39 ----D---- C:\Program Files\Adobe Media Player
2009-04-23 11:19:52 ----A---- C:\Windows\system32\unicows.dll
2009-04-12 23:26:57 ----D---- C:\Program Files\Bluetack
2009-04-12 12:52:34 ----D---- C:\PerfLogs
2009-04-11 18:26:37 ----D---- C:\Program Files\abgx360
2009-04-11 13:48:16 ----D---- C:\Program Files\Easy-Hide-IP
2009-04-10 20:39:51 ----D---- C:\Program Files\Norton Security Scan
2009-04-10 19:19:37 ----D---- C:\Program Files\Monster Trucks Nitro
2009-03-22 17:43:09 ----D---- C:\Program Files\DVDx
2009-03-19 18:04:38 ----D---- C:\Binaries
2009-03-17 20:26:45 ----D---- C:\Program Files\ApecSoft
2009-03-17 18:31:28 ----D---- C:\Program Files\Windows Media Components
2009-03-17 18:03:22 ----D---- C:\Program Files\QuickTime Alternative
2009-03-17 18:03:22 ----D---- C:\Program Files\Media Player Classic
2009-03-16 01:20:07 ----D---- C:\Program Files\Hewlett-Packard
2009-03-16 01:14:16 ----D---- C:\Program Files\HP

======List of files/folders modified in the last 3 months======

2009-05-28 15:25:08 ----D---- C:\Windows\System32
2009-05-28 00:05:28 ----D---- C:\Windows\system32\catroot2
2009-05-28 00:05:20 ----SHD---- C:\System Volume Information
2009-05-23 09:25:55 ----SD---- C:\Windows\Downloaded Program Files
2009-05-20 15:22:00 ----D---- C:\Windows\inf
2009-05-20 15:22:00 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-15 20:03:52 ----RD---- C:\Program Files
2009-05-13 22:52:09 ----D---- C:\Windows
2009-05-11 22:01:47 ----D---- C:\Windows\system32\en-US
2009-05-11 22:01:47 ----D---- C:\Qoobox
2009-05-11 22:01:01 ----A---- C:\Windows\system.ini
2009-05-11 22:00:14 ----D---- C:\Windows\system32\drivers
2009-05-11 22:00:14 ----D---- C:\Windows\AppPatch
2009-05-11 22:00:14 ----D---- C:\Program Files\Common Files
2009-05-11 21:44:52 ----D---- C:\Program Files\Mozilla Firefox
2009-05-10 19:27:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-10 19:27:43 ----HD---- C:\ProgramData
2009-05-10 17:10:39 ----D---- C:\Windows\system32\WDI
2009-05-10 02:49:34 ----D---- C:\Program Files\Yahoo!
2009-05-10 02:48:10 ----D---- C:\Windows\winsxs
2009-05-10 02:48:05 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-09 18:26:22 ----RSD---- C:\Windows\Fonts
2009-05-09 10:56:59 ----SHD---- C:\$Recycle.Bin
2009-05-07 23:07:41 ----D---- C:\Windows\twain_32
2009-05-06 17:45:24 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-06 16:23:13 ----D---- C:\Windows\rescache
2009-05-06 16:07:12 ----D---- C:\Windows\system32\Msdtc
2009-05-06 16:06:36 ----D---- C:\Program Files\Internet Explorer
2009-05-06 16:06:35 ----D---- C:\Windows\system32\migration
2009-05-06 16:06:35 ----D---- C:\Windows\PolicyDefinitions
2009-05-06 16:06:22 ----D---- C:\Windows\system32\wbem
2009-05-05 20:57:24 ----D---- C:\Windows\system32\config
2009-05-05 20:56:08 ----RSD---- C:\Windows\Media
2009-05-05 20:56:08 ----RD---- C:\Windows\Offline Web Pages
2009-05-05 20:56:08 ----D---- C:\Program Files\Windows Media Player
2009-05-05 20:55:21 ----D---- C:\Windows\Tasks
2009-05-05 20:55:20 ----D---- C:\Windows\system32\Tasks
2009-05-05 20:55:20 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-05 20:55:20 ----D---- C:\Windows\system32\spool
2009-05-05 20:55:20 ----D---- C:\Windows\system32\ru-RU
2009-05-05 20:55:20 ----D---- C:\Windows\system32\pl-PL
2009-05-05 20:55:19 ----D---- C:\Windows\system32\nl-NL
2009-05-05 20:55:19 ----D---- C:\Windows\system32\ja-JP
2009-05-05 20:55:19 ----D---- C:\Windows\system32\it-IT
2009-05-05 20:55:19 ----D---- C:\Windows\system32\he-IL
2009-05-05 20:55:18 ----D---- C:\Windows\system32\fr-FR
2009-05-05 20:55:18 ----D---- C:\Windows\system32\es-ES
2009-05-05 20:55:18 ----D---- C:\Windows\system32\el-GR
2009-05-05 20:55:18 ----D---- C:\Windows\system32\de-DE
2009-05-05 20:55:18 ----D---- C:\Windows\system32\CodeIntegrity
2009-05-05 20:55:16 ----D---- C:\Windows\system32\ar-SA
2009-05-05 20:54:42 ----RSD---- C:\Windows\assembly
2009-05-05 20:53:45 ----D---- C:\Program Files\AviSynth 2.5
2009-05-05 20:52:07 ----D---- C:\Windows\registration
2009-05-02 19:31:18 ----D---- C:\Windows\system32\catroot
2009-05-02 17:39:23 ----D---- C:\Windows\Logs
2009-05-02 15:59:32 ----D---- C:\Windows\Microsoft.NET
2009-05-02 14:53:54 ----D---- C:\Program Files\NOS
2009-05-02 14:47:16 ----ASH---- C:\Program Files\desktop.ini
2009-05-02 14:47:15 ----SHD---- C:\Boot
2009-05-02 14:07:55 ----D---- C:\Program Files\Windows Calendar
2009-05-02 14:07:49 ----D---- C:\Program Files\Windows Sidebar
2009-05-02 14:07:49 ----D---- C:\Program Files\Movie Maker
2009-05-02 14:07:46 ----D---- C:\Program Files\Windows Mail
2009-05-02 14:07:42 ----D---- C:\Program Files\Windows Collaboration
2009-05-02 14:07:40 ----D---- C:\Program Files\Windows Journal
2009-05-02 14:07:39 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-02 14:07:17 ----D---- C:\Program Files\Windows Defender
2009-05-02 14:07:17 ----D---- C:\Program Files\Common Files\System
2009-05-02 14:07:14 ----D---- C:\Windows\servicing
2009-05-02 14:07:12 ----D---- C:\Windows\ehome
2009-05-02 14:06:32 ----D---- C:\Windows\MSAgent
2009-05-02 14:06:22 ----D---- C:\Windows\L2Schemas
2009-05-02 14:06:22 ----D---- C:\Windows\IME
2009-05-02 14:06:22 ----D---- C:\Windows\DigitalLocker
2009-05-02 14:06:10 ----D---- C:\Windows\system32\com
2009-05-02 14:06:09 ----D---- C:\Windows\system32\XPSViewer
2009-05-02 14:06:09 ----D---- C:\Windows\system32\ko-KR
2009-05-02 14:06:09 ----D---- C:\Windows\system32\da-DK
2009-05-02 14:06:09 ----D---- C:\Windows\system32\0409
2009-05-02 14:05:28 ----D---- C:\Windows\system32\oobe
2009-05-02 14:05:27 ----D---- C:\Windows\system32\sysprep
2009-05-02 14:05:12 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-02 14:05:10 ----D---- C:\Windows\system32\sv-SE
2009-05-02 14:05:10 ----D---- C:\Windows\system32\ias
2009-05-02 14:05:09 ----D---- C:\Windows\system32\setup
2009-05-02 14:05:08 ----D---- C:\Windows\system32\hu-HU
2009-05-02 14:05:08 ----D---- C:\Windows\system32\fi-FI
2009-05-02 14:05:08 ----D---- C:\Windows\system32\cs-CZ
2009-05-02 14:05:07 ----D---- C:\Windows\system32\SLUI
2009-05-02 14:05:07 ----D---- C:\Windows\system32\ras
2009-05-02 14:05:07 ----D---- C:\Windows\system32\pt-PT
2009-05-02 14:04:53 ----D---- C:\Windows\system32\zh-CN
2009-05-02 14:04:52 ----D---- C:\Windows\system32\manifeststore
2009-05-02 14:04:52 ----D---- C:\Windows\system32\en
2009-05-02 14:04:51 ----D---- C:\Windows\system32\zh-TW
2009-05-02 14:04:49 ----D---- C:\Windows\system32\icsxml
2009-05-02 14:04:48 ----D---- C:\Windows\system32\ro-RO
2009-05-02 14:04:38 ----D---- C:\Windows\system32\tr-TR
2009-05-02 14:04:27 ----D---- C:\Windows\system32\nb-NO
2009-05-02 14:04:17 ----D---- C:\Windows\system32\migwiz
2009-05-02 14:04:15 ----D---- C:\Windows\system32\pt-BR
2009-05-02 13:59:40 ----D---- C:\Windows\Boot
2009-05-02 13:59:27 ----D---- C:\Windows\system32\Boot
2009-05-02 13:41:43 ----A---- C:\Windows\system32\mrt.exe
2009-05-02 13:41:43 ----A---- C:\Windows\system32\ifxcardm.dll
2009-05-02 13:41:26 ----A---- C:\Windows\system32\axaltocm.dll
2009-04-29 18:12:08 ----D---- C:\Program Files\FlashFXP
2009-04-29 18:01:09 ----D---- C:\Windows\system32\LogFiles
2009-04-29 17:10:31 ----D---- C:\Program Files\MagicDisc
2009-04-29 16:58:43 ----D---- C:\Program Files\Elaborate Bytes
2009-04-29 16:20:33 ----D---- C:\Program Files\Xilisoft
2009-04-29 16:06:59 ----D---- C:\Program Files\Windows Live
2009-04-29 16:04:52 ----SD---- C:\ProgramData\Microsoft
2009-04-28 20:45:27 ----RAS---- C:\BOOTSECT.BAK
2009-04-28 20:03:32 ----D---- C:\Program Files\MSBuild
2009-04-28 20:03:18 ----D---- C:\Windows\ShellNew
2009-04-28 19:56:42 ----A---- C:\Windows\win.ini
2009-04-28 18:44:16 ----D---- C:\Windows\system32\NDF
2009-04-28 18:42:27 ----D---- C:\Windows\Help
2009-04-28 18:35:18 ----D---- C:\Windows\system32\restore
2009-04-28 18:12:51 ----RD---- C:\Users
2009-04-26 14:31:09 ----D---- C:\Program Files\SlySoft
2009-04-25 10:56:51 ----D---- C:\Program Files\LimeWire
2009-04-25 00:24:25 ----D---- C:\Program Files\Adobe
2009-03-18 22:29:15 ----D---- C:\Program Files\Replay Media Catcher

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-18 350720]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-28 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-08-27 1062048]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-17 7624192]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S1 ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx;ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx; C:\Windows\system32\drivers\ovfsthnogvyqameclhsjvmqodjitokoymdropd.sys []
S3 aujasnkj;aujasnkj; \??\C:\Users\Mom\AppData\Local\Temp\aujasnkj.sys []
S3 catchme;catchme; \??\C:\Users\Mom\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 WINFLASH;WINFLASH; \??\C:\Users\Mom\Desktop\Drivers\WinFlash.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2009-01-27 233472]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-18 523776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-09 655624]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-18 917504]

-----------------EOF-----------------

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 29 May 2009 - 07:40 PM

Hi bink111,



Due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised. Sometimes, it will result into an unbootable machine. Since you have run it, may I see the log in C:\combofix.txt if it's still available.

I notice you have not any antivirus program installed in your system. it's somewhat suicidal in this digital world nowadays.
Please get ONE antivirus and install it. Restart the computer for changes to take effect.

AVG Free 8.0 for Windows
AntiVir Free Edition


Step1

Ensure all instances of Firefox are closed while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe on your Desktop to run it
  • Select 2. Fix Goored by typing 2 & pressing Enter
  • Type y at the prompt then press Enter
  • A log will open, post the contents of that log in your next reply.

Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Driver::
ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step3


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


In your next reply, please post back:


1.Combofix log(old log and new log)
2.Goored log
3.Kas online scan report.

Tell me how your pc is running now.

#10 bink111

bink111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 01 June 2009 - 05:23 PM

GooredFix v1.92 by jpshortstuff
Log created at 17:05 on 01/06/2009 running Option #2 (Mom)
Firefox version [Unable to determine]
(Subsequent Run)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{FD62D11E-B510-4DBF-91B4-356E0F89285A}
->Backing up folder... Failed.
C:\Program Files\Mozilla Firefox\extensions\{E6B0CC4B-0CD1-4422-A245-22B1EF5EAE10}
->Backing up folder... Failed.
C:\Program Files\Mozilla Firefox\extensions\{84EECCB2-F51E-42F2-AE12-D3118D7D2D60}
->Backing up folder... Failed.

=====Dumping Registry Values=====













ComboFix 09-05-31.06 - Mom 06/01/2009 16:24.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3070.1792 [GMT -5:00]
Running from: c:\users\Mom\Desktop\ComboFix.exe
Command switches used :: c:\users\Mom\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthqpplgtkrxrfuftdhmxvumtawymokyixx


((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 21:26 . 2009-06-01 21:32 -------- d-----w- c:\users\Mom\AppData\Local\temp
2009-06-01 20:56 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-01 20:56 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-01 20:56 . 2009-06-01 20:56 -------- d-----w- c:\programdata\Avira
2009-06-01 20:56 . 2009-06-01 20:56 -------- d-----w- c:\program files\Avira
2009-05-16 01:03 . 2009-05-16 01:03 -------- d-----w- c:\program files\DynamicPhotoHDR
2009-05-15 00:57 . 2009-05-15 00:57 -------- d-----w- c:\users\Mom\AppData\Local\Apple Computer
2009-05-12 02:58 . 2009-05-12 03:01 -------- d-----w- C:\Combo-Fix
2009-05-12 02:42 . 2009-05-12 02:42 -------- d-----w- C:\rsit
2009-05-11 00:27 . 2009-05-11 00:27 -------- d-----w- c:\users\Mom\AppData\Roaming\Malwarebytes
2009-05-11 00:27 . 2009-04-06 20:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-11 00:27 . 2009-04-06 20:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 00:27 . 2009-05-11 00:27 -------- d-----w- c:\programdata\Malwarebytes
2009-05-10 08:06 . 2009-05-10 08:06 -------- d-----w- c:\program files\Defraggler
2009-05-10 07:50 . 2009-05-10 07:50 -------- d-----w- c:\users\Mom\AppData\Local\Yahoo
2009-05-10 07:49 . 2009-05-10 07:49 -------- d-----w- c:\users\Mom\AppData\Roaming\Yahoo!
2009-05-10 07:49 . 2009-05-10 07:49 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-10 07:48 . 2009-05-10 07:50 -------- d-----w- c:\programdata\Yahoo!
2009-05-10 07:48 . 2009-03-18 22:55 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-05-09 23:20 . 2009-05-09 23:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\program files\Common Files\HP
2009-05-08 04:07 . 2009-05-08 04:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-05-08 03:55 . 2009-05-08 04:08 139575 ----a-w- c:\windows\hpoins21.dat
2009-05-08 03:55 . 2008-01-24 02:43 7262 ------w- c:\windows\hpomdl21.dat
2009-05-08 03:55 . 2007-11-02 02:28 729088 ----a-w- c:\windows\system32\hpowiax5.dll
2009-05-08 03:55 . 2007-11-02 02:28 303104 ----a-w- c:\windows\system32\hpovst12.dll
2009-05-08 03:55 . 2007-11-02 02:28 970752 ----a-w- c:\windows\system32\hpotiop5.dll
2009-05-07 02:40 . 2009-05-07 02:40 -------- d-sh--w- C:\found.000
2009-05-06 23:35 . 2009-05-09 19:12 -------- d-----w- c:\users\Mom\AppData\Roaming\Download Manager
2009-05-06 22:45 . 2009-05-06 22:45 65024 ----a-r- c:\users\Mom\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-05-06 22:45 . 2009-05-06 22:45 18944 ----a-r- c:\users\Mom\AppData\Roaming\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-05-06 22:44 . 2009-05-06 22:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-04 23:02 . 2009-05-04 23:02 -------- d-----w- c:\programdata\vsosdk
2009-05-04 22:30 . 2009-05-10 01:26 -------- d-----w- c:\programdata\FLEXnet
2009-05-03 00:27 . 2009-05-03 00:28 -------- d-----w- C:\11ab8d52b5fa5db5ed20
2009-05-03 00:19 . 2009-05-06 01:55 -------- d-----w- c:\windows\system32\URTTEMP
2009-05-03 00:15 . 2009-05-08 21:30 -------- d-----w- c:\program files\QuickTime
2009-05-03 00:15 . 2009-05-06 01:54 -------- d-----w- c:\programdata\Apple Computer
2009-05-03 00:15 . 2009-05-03 00:15 -------- d-----w- c:\users\Mom\AppData\Local\Apple
2009-05-03 00:15 . 2009-05-06 01:54 -------- d-----w- c:\programdata\Apple
2009-05-03 00:15 . 2009-05-06 01:53 -------- d-----w- c:\program files\Apple Software Update
2009-05-03 00:11 . 2009-05-06 01:53 -------- d-----w- c:\program files\Bonjour
2009-05-03 00:11 . 2009-05-06 01:53 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-05-03 00:11 . 2009-05-03 00:11 -------- d-----w- c:\programdata\TiVo
2009-05-03 00:07 . 2009-05-03 00:11 -------- d-----w- c:\users\Mom\AppData\Local\TiVo Desktop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 21:21 . 2009-04-28 23:58 -------- d-----w- c:\users\Mom\AppData\Roaming\uTorrent
2009-05-28 20:24 . 2009-04-29 21:17 -------- d-----w- c:\users\Mom\AppData\Roaming\Vso
2009-05-17 19:52 . 2009-04-29 00:03 117760 ----a-w- c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-15 02:01 . 2009-05-02 15:28 -------- d-----w- c:\users\Mom\AppData\Roaming\LimeWire
2009-05-11 00:27 . 2009-01-23 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 07:49 . 2009-02-12 06:10 -------- d-----w- c:\program files\Yahoo!
2009-05-10 01:26 . 2009-04-28 23:13 99864 ----a-w- c:\users\Mom\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-09 23:26 . 2009-04-29 21:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-08 03:52 . 2009-05-08 03:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-06 22:45 . 2009-01-07 23:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-06 01:54 . 2009-05-02 20:58 -------- dc-h--w- c:\programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}
2009-05-06 01:54 . 2009-04-25 16:10 -------- d-----w- c:\program files\VideoraTiVoConverter
2009-05-06 01:53 . 2009-05-02 21:02 -------- d-----w- c:\program files\Common Files\stardock
2009-05-06 01:53 . 2008-11-26 07:51 -------- d-----w- c:\program files\AviSynth 2.5
2009-05-02 20:58 . 2009-05-02 20:58 -------- d-----w- c:\users\Mom\AppData\Roaming\Stardock
2009-05-02 20:58 . 2009-05-02 20:44 -------- d-----w- c:\programdata\Stardock
2009-05-02 20:58 . 2009-05-02 20:44 -------- d-----w- c:\program files\Stardock
2009-05-02 20:48 . 2009-05-02 20:48 18332160 ----a-w- c:\windows\system32\imageres.dll
2009-05-02 20:37 . 2009-05-02 17:37 80051 ----a-w- c:\windows\system32\slmgr.vbs
2009-05-02 20:25 . 2009-05-02 20:25 97280 ----a-w- c:\users\Mom\AppData\Local\OptionalFeatures.exe
2009-05-02 20:25 . 2009-05-02 20:25 6136 ----a-w- c:\users\Mom\AppData\Local\TimerStop64.sys
2009-05-02 20:25 . 2009-05-02 20:25 4096 ----a-w- c:\users\Mom\AppData\Local\TimerStop.sys
2009-05-02 20:25 . 2009-05-02 20:25 143872 ----a-w- c:\users\Mom\AppData\Local\rebuild-script.exe
2009-05-02 20:25 . 2009-05-02 20:25 120 ----a-w- c:\users\Mom\AppData\Local\FeedBackTool.reg
2009-05-02 20:25 . 2009-05-02 20:25 1647358 ----a-w- c:\users\Mom\AppData\Local\Setup.exe
2009-05-02 20:18 . 2009-04-29 00:51 -------- d-----w- c:\programdata\NVIDIA
2009-05-02 19:53 . 2009-04-29 00:57 -------- d-----w- c:\programdata\NOS
2009-05-02 19:53 . 2008-08-27 00:10 -------- d-----w- c:\program files\NOS
2009-05-02 19:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-05-02 19:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-05-02 19:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-02 19:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-05-02 19:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-05-02 19:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-02 19:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-05-02 18:59 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-02 18:41 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-05-02 18:41 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-05-02 17:14 . 2009-05-02 18:32 47560 ----a-w- c:\windows\system32\SPReview.exe
2009-05-02 17:14 . 2009-05-02 18:32 152576 ----a-w- c:\windows\system32\SPWizUI.dll
2009-04-29 23:48 . 2009-04-29 23:48 -------- d-----w- c:\programdata\Hewlett-Packard
2009-04-29 23:22 . 2009-03-16 06:14 -------- d-----w- c:\program files\HP
2009-04-29 23:20 . 2009-04-29 23:20 45056 ----a-r- c:\users\Mom\AppData\Roaming\Microsoft\Installer\{5E06C076-E4E7-4239-A886-B3D8AC84C166}\NewShortcut2_1619669F516F4E609B6F837EFE21307A_7.exe
2009-04-29 23:20 . 2009-04-29 23:20 45056 ----a-r- c:\users\Mom\AppData\Roaming\Microsoft\Installer\{5E06C076-E4E7-4239-A886-B3D8AC84C166}\NewShortcut1_1619669F516F4E609B6F837EFE21307A_5.exe
2009-04-29 23:14 . 2009-04-29 23:14 -------- d-----w- c:\users\Mom\AppData\Roaming\GetRightToGo
2009-04-29 23:12 . 2009-01-17 07:53 -------- d-----w- c:\program files\FlashFXP
2009-04-29 22:10 . 2008-12-21 02:21 -------- d-----w- c:\program files\MagicDisc
2009-04-29 22:07 . 2009-04-29 22:07 -------- d-----w- c:\users\Mom\AppData\Roaming\ImgBurn
2009-04-29 22:07 . 2009-04-29 22:07 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-29 22:01 . 2009-04-29 22:01 -------- d-----w- c:\programdata\FlashFXP
2009-04-29 22:00 . 2009-04-29 22:00 -------- d-----w- c:\users\Mom\AppData\Roaming\FlashFXP
2009-04-29 21:58 . 2009-02-02 22:45 -------- d-----w- c:\program files\Elaborate Bytes
2009-04-29 21:56 . 2009-04-29 21:56 -------- d-----w- c:\programdata\DVD Shrink
2009-04-29 21:51 . 2009-04-29 21:51 -------- d-----w- c:\programdata\HP
2009-04-29 21:51 . 2009-04-29 21:51 -------- d-----w- c:\users\Mom\AppData\Roaming\DAZ 3D
2009-04-29 21:45 . 2009-04-28 23:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-29 21:20 . 2008-10-16 21:54 -------- d-----w- c:\program files\Xilisoft
2009-04-29 21:12 . 2009-04-29 21:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-29 21:07 . 2009-04-29 21:07 -------- d-----w- c:\program files\Microsoft
2009-04-29 21:07 . 2009-04-29 21:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-04-29 21:06 . 2008-08-27 03:14 -------- d-----w- c:\program files\Windows Live
2009-04-29 21:04 . 2009-04-29 21:04 -------- d-----w- c:\program files\Common Files\Windows Live
2009-04-29 01:05 . 2009-04-29 00:55 -------- d-----w- c:\programdata\Microsoft Help
2009-04-29 01:03 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-04-29 00:03 . 2009-04-29 00:03 -------- d-----w- c:\users\Mom\AppData\Roaming\SUPERAntiSpyware.com
2009-04-29 00:03 . 2009-04-29 00:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-04-28 23:56 . 2009-04-28 23:56 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-04-28 23:51 . 2009-04-28 23:51 -------- d-----w- c:\programdata\Dell
2009-04-28 23:46 . 2009-04-28 23:46 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-04-28 23:45 . 2009-04-28 23:13 680 ----a-w- c:\users\Mom\AppData\Local\d3d9caps.dat
2009-04-28 23:45 . 2009-04-28 23:45 315392 ----a-w- c:\windows\HideWin.exe
2009-04-28 23:41 . 2009-04-28 23:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-28 23:36 . 2009-04-28 23:36 -------- d-----w- c:\users\Mom\AppData\Roaming\InstallShield
2009-04-26 19:31 . 2008-12-07 17:28 -------- d-----w- c:\program files\SlySoft
2009-04-25 17:49 . 2009-04-25 17:49 -------- d-----w- c:\program files\TiVo
2009-04-25 16:46 . 2009-04-25 16:18 -------- d-----w- c:\program files\pyTivo
2009-04-25 15:56 . 2008-12-09 22:32 -------- d-----w- c:\program files\LimeWire
2009-04-25 03:56 . 2009-04-25 03:56 -------- d-----w- c:\program files\Adobe Media Player
2009-04-23 16:19 . 2009-04-23 16:19 256768 ----a-w- c:\windows\system32\unicows.dll
2009-04-15 23:07 . 2009-04-11 01:39 -------- d-----w- c:\program files\Norton Security Scan
2009-04-13 07:11 . 2009-04-13 04:26 -------- d-----w- c:\program files\Bluetack
2009-04-11 23:26 . 2009-04-11 23:26 -------- d-----w- c:\program files\abgx360
2009-04-11 18:48 . 2009-04-11 18:48 -------- d-----w- c:\program files\Easy-Hide-IP
2009-04-11 00:20 . 2009-04-11 00:19 -------- d-----w- c:\program files\Monster Trucks Nitro
2009-03-23 22:45 . 2009-05-02 20:58 2969080 -c--a-w- c:\programdata\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}\shareware.exe
2009-03-08 11:34 . 2009-05-03 00:29 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-03 00:29 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-03 00:29 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-03 00:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-03 00:29 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-03 00:29 132608 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-03 00:29 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-03 00:29 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-03 00:29 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-03 00:29 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-03 00:29 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-03 00:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-03 00:29 66560 ----a-w- c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-03 00:29 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-03 00:29 34816 ----a-w- c:\windows\system32\imgutil.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-12_03.01.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-01 20:53 . 2009-06-01 20:53 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2009-06-01 20:53 . 2009-06-01 20:53 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2009-06-01 20:53 . 2009-06-01 20:53 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2009-06-01 20:53 . 2009-06-01 20:53 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2009-04-28 23:25 . 2009-05-17 19:52 25718 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-05-17 19:52 48730 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-01 20:56 . 2009-02-13 17:50 28376 c:\windows\System32\drivers\ssmdrv.sys
- 2006-11-02 13:00 . 2009-05-10 16:41 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:00 . 2009-06-01 20:57 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-06 01:31 . 2009-06-01 20:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-06 01:31 . 2009-05-10 16:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:00 . 2009-05-10 16:41 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:00 . 2009-06-01 20:57 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-28 23:44 . 2009-04-28 23:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-28 23:44 . 2009-06-01 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-28 23:44 . 2009-04-28 23:44 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-28 23:44 . 2009-06-01 04:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-28 23:44 . 2009-04-28 23:44 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-28 23:44 . 2009-06-01 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-28 23:14 . 2009-05-17 19:52 5730 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1840087388-3616631091-4040212246-1000_UserData.bin
+ 2009-06-01 20:53 . 2009-06-01 20:53 655872 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcr90.dll
+ 2009-06-01 20:53 . 2009-06-01 20:53 572928 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcp90.dll
+ 2009-06-01 20:53 . 2009-06-01 20:53 225280 c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\msvcm90.dll
+ 2009-06-01 20:53 . 2009-06-01 20:53 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
- 2006-11-02 10:33 . 2009-05-12 00:16 604214 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-20 20:22 604214 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-12 00:15 105170 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-20 20:22 105170 c:\windows\System32\perfc009.dat
+ 2009-05-05 23:10 . 2009-05-19 05:46 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-05 23:10 . 2009-05-06 21:14 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-01 20:53 . 2009-06-01 20:53 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2009-06-01 20:53 . 2009-06-01 20:53 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2006-11-02 10:22 . 2009-06-01 21:27 6295552 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-06-01 21:27 . 2009-06-01 21:27 6295552 c:\windows\ERDNT\subs\schema.dat
+ 2009-06-01 21:23 . 2009-06-01 21:23 6295552 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-09-26 23:08 . 2008-09-26 23:08 3204368 c:\windows\Downloaded Program Files\EPUWALcontrol.dll
+ 2009-05-02 17:17 . 2009-06-01 20:53 88174919 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"TranscodingService"="c:\program files\TiVo\Desktop\TranscodingService.exe" [2009-01-27 520192]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-01-27 425472]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-01-27 2143232]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-29 148888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-11-12 4706304]

c:\users\Mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-12-20 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ED849AED-76BC-4E9F-B578-00FD991CCB51}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{470FC83C-A1EE-46AB-AE9A-5F4081133950}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{6A7C9249-6F1D-48A1-BD58-795E7509815B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6FCD88B-35C0-440A-9EAD-DCB0252BB677}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9D03EA8F-78F4-45E4-8E74-B54B97AD0467}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{ACFA62B7-9F59-459F-BAE4-4391A802A206}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D89B694-044A-4F7F-9A26-FEEBA798918F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8F8E814D-7BB5-4544-8F99-F9E90AB64FD5}"= UDP:c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{535F8125-BCA0-40C3-9830-60648858B6BE}"= TCP:c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{A2AC75D6-BBFD-424F-8C52-7E934C6746B6}"= UDP:c:\program files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{380BD189-1143-4491-8E99-9A883F142BA9}"= TCP:c:\program files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{59986F48-AA77-40E7-B56F-14AFF60E0F84}"= UDP:c:\program files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{4406B996-E0C8-42A1-83B8-A8E4A6F98FFE}"= TCP:c:\program files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{A54ABF00-ACD2-4B9B-A772-BCD29C0DEFC8}"= UDP:c:\program files\TiVo\Desktop\curl.exe:TiVo Curl Service
"{FADD2D5A-BBA0-4C91-A49B-2EBD2D128322}"= TCP:c:\program files\TiVo\Desktop\curl.exe:TiVo Curl Service
"{3A8B3DFE-8A0A-4904-A321-C44F87B90993}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{64E0439A-1F2B-4DDF-94DA-8511DF7BC937}"= Disabled:UDP:7288:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7288
"{73DA2CB2-0431-4114-A33A-43ED53D3DA5E}"= Disabled:UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{10625755-7019-4CB5-AEC1-CF037686A64C}"= Disabled:UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{023D07DD-4FD1-4C60-A809-5A5FE6B9C20B}"= Disabled:UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{04D8BBD7-A74F-459F-BF0F-4920C5F17C40}"= Disabled:UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{8E645839-905A-4DAC-AF63-586DA705F37F}"= Disabled:UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{9C649932-B7E7-4BFA-94B5-DBB2220AC0E1}"= Disabled:UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{8945E5F5-2058-41B3-BF54-12735FFAD1EE}"= Disabled:UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{24884A88-C987-4842-807D-A74E7FCAEDFC}"= Disabled:UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{4514904A-1DF3-49F3-B69A-1023D03AA166}"= Disabled:UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{22BDBB39-F114-4B49-82E8-8C063FA140F9}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{50C02E49-6085-429B-8A2F-04A6499CE194}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"TCP Query User{131F4C5E-5A2B-4170-969E-0EA835FB00BC}c:\\program files\\tivo\\desktop\\tivoserver.exe"= UDP:c:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"UDP Query User{D7E74C60-B8BB-4046-B285-29CCB434C694}c:\\program files\\tivo\\desktop\\tivoserver.exe"= TCP:c:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process
"{B5A162D0-7D6B-45A4-A6CD-32BF70F6C05E}"= UDP:c:\program files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop
"{67C0CBFB-3756-43EB-9927-56DC67D210DC}"= TCP:c:\program files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop
"{275C190B-EE0C-46C7-9F0A-2E45E5CCC510}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{E520B2CE-7231-4478-A6B9-7BFEA369356F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{8AF46870-4004-423C-A159-1F4E4041D5F9}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{BD3F923A-FDAA-4EE7-A962-AE741880BFC3}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"TCP Query User{ACB52B69-8D37-49D8-9D9E-426D8BB16940}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{3C7B521A-27D9-4B60-8789-026570973CEB}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{80D974EA-B140-48BE-B185-57885D0D667D}"= UDP:5353:Adobe CSI CS4
"{5C697E87-D7C9-4B77-977C-EB6090365380}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{535A346C-0E40-40C4-9171-4E541EF3554F}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{66935EED-3B8A-4F0F-A7F6-C4768298C22B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5CE8AD2C-E77A-40C3-9A57-2A8CC8B76EB8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{71522662-4F37-4AE4-A573-965627869EF2}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F36FBBAF-027C-4DDC-86F3-6F308142C320}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{A374D34F-60CF-4608-82C4-C8345E3DE965}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{0361A4FE-D296-4276-A5DE-846972C524B6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 55024]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [6/1/2009 3:56 PM 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/1/2009 3:56 PM 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [6/1/2009 3:56 PM 432897]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 16:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Mom\AppData\Roaming\Microsoft\Windows\Cookies\mom@insider.msg.yahoo[1].txt 81 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
.
**************************************************************************
.
Completion time: 2009-06-01 16:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 21:35
ComboFix2.txt 2009-05-12 03:01
ComboFix3.txt 2009-05-06 01:02
ComboFix4.txt 2009-05-05 23:20
ComboFix5.txt 2009-06-01 21:22

Pre-Run: 18,045,890,560 bytes free
Post-Run: 17,861,652,480 bytes free

362











Kaspersky Online Did not work because the database would not update properly.



My computer seems to be working better...tried it out on google a little bit and did not notice anymore redirectings.

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 01 June 2009 - 07:10 PM

Hi bink111,



Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.

I will give you another one, just in case. :thumbup2:


Please go to F-Secure Online Scanner Next Generation
  • Click on the link "Start your scan".
  • You may receive an alert on the address bar at this point to install the ActiveX control.
  • Read the license agreement and click "Accept".
  • Click "Full System Scan" to download the scanning components and begin scan and cleaning.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • When done click "Show report" and copy/paste its contents into your next reply.
  • If you have problems to run F-Secure Online Scanner, You may refer to this thread

In you next reply, please post back:

1.ESET online scan report
2.New HJT log

Tell me how things are going now.

#12 bink111

bink111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 06 June 2009 - 02:36 PM

ESET online scanner did not work for me so i used the F-Secure Scanner.

F-Secure
Scanning Report
Saturday, June 6, 2009 12:50:07 - 14:21:19
Computer name: MOM-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

15 malware found
TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Adtech (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Adrevolver (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Mediaplex (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
W32/Packed_FSG.D (virus)
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\MOM\DOWNLOADS\CLONE DVD 2.9.1.0 & CLONE CD 5.3.0.1\CLONEDVD 2.9.1.0 KEYGEN.EXE (Disinfected & Submitted)
W32/Packed_FSG.D (virus)
C:\USERS\MOM\DOWNLOADS\CLONE DVD 2.9.1.0 & CLONE CD 5.3.0.1\CLONEDVD 2.9.1.0 KEYGEN.EXE (Disinfected & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 118115
System: 3608
Not scanned: 160
Actions:
Disinfected: 15
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 2
Files not scanned:
C:\PAGEFILE.SYS
C:\HIBERFIL.SYS
C:\WINDOWS.OLD\WINDOWS\TEMP\MSB.DLL
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\LOADER49.EXE
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\LOADER266.EXE
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\LMPPCSETUP.EXE
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\OVFSTHWITCQXDMBNJQXJDFIEVHOVKUPXAITDMH.DLL
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\OVFSTHMWLPARRPBINACJUUAHOWETFXLGRBPAPV.DLL
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\OVFSTHOKOTRQQINDENXGHNKBJKKIBYPWCELBVL.DLL
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\WINGLSETUP.EXE
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3HUW09UW\PLDR8[2].HTM
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\I1EO63Y4\LSP[1].EXE
C:\WINDOWS.OLD\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\3HUW09UW\BASE64[1].JS
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04061DB38EADE072DFE1735FC7BD8A95_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01E95E3626B21EF18C7B34FCCC191349_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0616AE8C6EFB068C63125E46B9895110_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FE519DCC9B2353786D4B3233C73A4BF_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\214D7B9DE330B32606E32AF5A1546C57_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15A48CA7B62D8D5CF52560FDD1D7E270_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2847923FA09F7411A1D8C4ABAE124673_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B932892F0C60E1433228B0C7ADA7060_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5371DCEDFA2B7919B28BB2DD22B0E464_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DF5DEB2409A40DB895EF35ED374C8F9_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2B29FFF37BF24E22AB817A24F0063_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\691BE6C238F5C8209CE74C7A6CC75E52_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\513FCAAE5A7C86C5EBB7739ED05422FA_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BD4514674F86F40B89EEE1368B0B6C0_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6A0951FAF10D4579D61E46F719EAEB_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\805D9738CD17D1C5100E206E290A8A59_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90E2BC00D3195F92BBE4A8D0CB32A413_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A462BAC600E2869E482E491E0E58B2A1_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\996E0E5D99E5E125FE39F29759FA33C8_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC502986359BDB71A07403897FD3212_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF24BA1F4848C048588349F34DFA3282_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B759558367649181F6EF37958418A50C_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA5F64B260D78FA04759C548BD2FD98B_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94A5CDE4BE67914B503DF5936521142_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD18A00AB3D16AB0AD11C31EE434D65C_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3ECFAE6037B1DCEB6CF652830EFCDA1_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C42DCF9B386EB31BF638D73DEC2DEF99_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8874FEF714C8A2242224CEB7A34EE89_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA448D6D099A0CDC7820EC7467FB7C03_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEB11C8983B724CD34FDBD8D0C72B68D_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF474B1CFB9D0D9711C6317F04094D85_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\MOM\DOCUMENTS\LIMEWIRE\SAVED\BON JOVI - WHO SAYS YOU CANT GO HOME.ZIP
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\MOM\DOWNLOADS\ADOBE PHOTOSHOP CS4 EXTENDED KEYGEN [ KENTUCKYKIID ]\ADOBE PHOTOSHOP CS4 KEYGEN [ KENTUCKYKIID ].EXE
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\MOM\DOWNLOADS\AVIRA ANTIVIR PREMIUM V9.0.0.430+CRACK [ KK ]\CRACK\BOXAVIRA 9TR2.0A.EXE
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\MOM\APPDATA\LOCAL\TEMP\ETILQS_XTYBB7KEIIHHHXTPBQWF
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01E95E3626B21EF18C7B34FCCC191349_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04061DB38EADE072DFE1735FC7BD8A95_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0616AE8C6EFB068C63125E46B9895110_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15A48CA7B62D8D5CF52560FDD1D7E270_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FE519DCC9B2353786D4B3233C73A4BF_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2847923FA09F7411A1D8C4ABAE124673_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\214D7B9DE330B32606E32AF5A1546C57_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B932892F0C60E1433228B0C7ADA7060_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DF5DEB2409A40DB895EF35ED374C8F9_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\513FCAAE5A7C86C5EBB7739ED05422FA_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2B29FFF37BF24E22AB817A24F0063_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5371DCEDFA2B7919B28BB2DD22B0E464_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BD4514674F86F40B89EEE1368B0B6C0_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\691BE6C238F5C8209CE74C7A6CC75E52_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\805D9738CD17D1C5100E206E290A8A59_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6A0951FAF10D4579D61E46F719EAEB_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\996E0E5D99E5E125FE39F29759FA33C8_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A462BAC600E2869E482E491E0E58B2A1_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90E2BC00D3195F92BBE4A8D0CB32A413_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF24BA1F4848C048588349F34DFA3282_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B759558367649181F6EF37958418A50C_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC502986359BDB71A07403897FD3212_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA5F64B260D78FA04759C548BD2FD98B_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94A5CDE4BE67914B503DF5936521142_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3ECFAE6037B1DCEB6CF652830EFCDA1_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF474B1CFB9D0D9711C6317F04094D85_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8874FEF714C8A2242224CEB7A34EE89_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD18A00AB3D16AB0AD11C31EE434D65C_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C42DCF9B386EB31BF638D73DEC2DEF99_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEB11C8983B724CD34FDBD8D0C72B68D_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS.OLD\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA448D6D099A0CDC7820EC7467FB7C03_1632DA97-499C-48AC-ADE1-859D83155926
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0616AE8C6EFB068C63125E46B9895110_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04061DB38EADE072DFE1735FC7BD8A95_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FE519DCC9B2353786D4B3233C73A4BF_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15A48CA7B62D8D5CF52560FDD1D7E270_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01E95E3626B21EF18C7B34FCCC191349_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\214D7B9DE330B32606E32AF5A1546C57_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2847923FA09F7411A1D8C4ABAE124673_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DF5DEB2409A40DB895EF35ED374C8F9_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B932892F0C60E1433228B0C7ADA7060_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\513FCAAE5A7C86C5EBB7739ED05422FA_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2B29FFF37BF24E22AB817A24F0063_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5371DCEDFA2B7919B28BB2DD22B0E464_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\691BE6C238F5C8209CE74C7A6CC75E52_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BD4514674F86F40B89EEE1368B0B6C0_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6A0951FAF10D4579D61E46F719EAEB_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\805D9738CD17D1C5100E206E290A8A59_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90E2BC00D3195F92BBE4A8D0CB32A413_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\996E0E5D99E5E125FE39F29759FA33C8_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC502986359BDB71A07403897FD3212_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A462BAC600E2869E482E491E0E58B2A1_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B759558367649181F6EF37958418A50C_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF24BA1F4848C048588349F34DFA3282_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94A5CDE4BE67914B503DF5936521142_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD18A00AB3D16AB0AD11C31EE434D65C_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA5F64B260D78FA04759C548BD2FD98B_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C42DCF9B386EB31BF638D73DEC2DEF99_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3ECFAE6037B1DCEB6CF652830EFCDA1_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8874FEF714C8A2242224CEB7A34EE89_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF474B1CFB9D0D9711C6317F04094D85_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA448D6D099A0CDC7820EC7467FB7C03_1632DA97-499C-48AC-ADE1-859D83155926
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEB11C8983B724CD34FDBD8D0C72B68D_1632DA97-499C-48AC-ADE1-859D83155926
C:\SYSTEM VOLUME INFORMATION\{57A30BD7-525E-11DE-8FA8-001AA05B7C04}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{9867F16D-4EFB-11DE-B184-001AA05B7C04}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{9867F15D-4EFB-11DE-B184-001AA05B7C04}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\SYSTEM VOLUME INFORMATION\{F0A7CF4A-431B-11DE-A8B4-001AA05B7C04}{3808876B-C176-4E48-B7AE-04046E6CC752}
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\01E95E3626B21EF18C7B34FCCC191349_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04061DB38EADE072DFE1735FC7BD8A95_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0616AE8C6EFB068C63125E46B9895110_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FE519DCC9B2353786D4B3233C73A4BF_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\15A48CA7B62D8D5CF52560FDD1D7E270_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2847923FA09F7411A1D8C4ABAE124673_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\214D7B9DE330B32606E32AF5A1546C57_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B932892F0C60E1433228B0C7ADA7060_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DF5DEB2409A40DB895EF35ED374C8F9_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40A2B29FFF37BF24E22AB817A24F0063_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5371DCEDFA2B7919B28BB2DD22B0E464_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\513FCAAE5A7C86C5EBB7739ED05422FA_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\691BE6C238F5C8209CE74C7A6CC75E52_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BD4514674F86F40B89EEE1368B0B6C0_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E6A0951FAF10D4579D61E46F719EAEB_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\805D9738CD17D1C5100E206E290A8A59_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\996E0E5D99E5E125FE39F29759FA33C8_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\90E2BC00D3195F92BBE4A8D0CB32A413_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAC502986359BDB71A07403897FD3212_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A462BAC600E2869E482E491E0E58B2A1_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF24BA1F4848C048588349F34DFA3282_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B759558367649181F6EF37958418A50C_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B94A5CDE4BE67914B503DF5936521142_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA5F64B260D78FA04759C548BD2FD98B_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BD18A00AB3D16AB0AD11C31EE434D65C_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C3ECFAE6037B1DCEB6CF652830EFCDA1_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C42DCF9B386EB31BF638D73DEC2DEF99_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF474B1CFB9D0D9711C6317F04094D85_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DA448D6D099A0CDC7820EC7467FB7C03_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEB11C8983B724CD34FDBD8D0C72B68D_1632DA97-499C-48AC-ADE1-859D83155926
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8874FEF714C8A2242224CEB7A34EE89_1632DA97-499C-48AC-ADE1-859D83155926
C:\BOOT\BCD

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics















Hijack This Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:35 PM, on 6/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TiVo\Desktop\TranscodingService.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8081
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TranscodingService] "C:\Program Files\TiVo\Desktop\TranscodingService.exe" /auto
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader57.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://toad4.inkfrog.com/scripts/ImageUploader5.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 7270 bytes




Have not noticed any more problems yet.

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 06 June 2009 - 02:59 PM

Hi bink111,


The F-Secure online sacnner only picked up some tracking cookies and keygens and those were removed or submitted. Other than that, your logs look good. Now, you are all clean. :)

If you have no remaining issues on your pc, let's do some tidy up and we can send you on your way. :thumbup2:


Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2

Download and Run OTC

Download OTC by OldTimer and save it to your desktop.
  • Double click OTC and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check


  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

Edited by sundavis, 11 June 2009 - 12:17 AM.


#14 bink111

bink111
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 07 June 2009 - 08:41 AM

actually....i said yesterday that I hadn't noticed any more problems, but i did not test it enough yet and i have been getting more of the same problem again. When I click on a link to a website or on a website, I will get redirected to some random irrelevant page...many times it has redirected me to a yellowpages website page.
Sorry for the hassel and thanks for the help!

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:34 AM

Posted 07 June 2009 - 02:19 PM

Hi bink111,



Step1

Ensure all instances of Firefox are closed while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe on your Desktop to run it
  • Select 2. Fix Goored by typing 2 & pressing Enter
  • Type y at the prompt then press Enter
  • A log will open, post the contents of that log in your next reply .

Step2

I notice you have MBAM installed in your system, Please rerun it as instructed in the following. Update your virus definitions before proceeding. If you can't update the program, you can download the virus definitions from Here and install manually.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step3

Please go to Here to reset your Vista Hosts file. Download the Fix it and run it.

After that, please redownload a fresh Combofix and run it. Post the contents in your next reply.


In your next reply, please post back:


1.GooredFix log
2.MBAM log
2.Combofix log
3.New DDS log

Tell me how things are going now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users