Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.sdn


  • This topic is locked This topic is locked
21 replies to this topic

#1 AndroidSFV

AndroidSFV

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 June 2009 - 03:23 PM

Hi, first post on this board, and I've been having malware trouble for about the past half week. I've been quite successful in limiting (visible) damage, but I am unsure of what invisible damage could be occurring. Currently, I am trying to remove Virtumonde.sdn, it has been detected by only Spybot, out of Mcafee, Spybot, ad-aware (if that would even be able to..) and Malwarebytes' Anti-Malware, and none of them have been able to remove it. If you need further information, I'll be glad to supply, since I would really really prefer to not go down the reformatting route.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris at 15:11:38.31 on Wed 06/17/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1761 [GMT -5:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\Chris\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [SpybotDeletingB0] command.com /c del "c:\windows\system32\rpcnet.dll_old"
uRunOnce: [SpybotDeletingD2784] cmd.exe /c del "c:\windows\system32\rpcnet.dll_old"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Spybot - Search & Destroy] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
mRunOnce: [SpybotDeletingA7093] command.com /c del "c:\windows\system32\rpcnet.dll_old"
mRunOnce: [SpybotDeletingC6650] cmd.exe /c del "c:\windows\system32\rpcnet.dll_old"
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\7b1vyk6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www4.uwm.edu/
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\chris\appdata\roaming\mozilla\firefox\profiles\7b1vyk6f.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-14 64160]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-2-29 1053944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-8-9 548352]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-8-9 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-8-9 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_238116a1\AEstSrv.exe [2008-8-9 73728]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

=============== Created Last 30 ================

2009-06-17 13:49 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-17 13:43 <DIR> --ds---- C:\Combo-Fix
2009-06-17 13:31 56,680 -------- c:\windows\system32\rpcnet.dll_old
2009-06-17 11:43 <DIR> --d----- c:\users\chris\appdata\roaming\Malwarebytes
2009-06-17 11:43 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:42 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-17 11:42 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-17 11:42 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-17 11:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 14:58 <DIR> --d----- c:\users\chris\DoctorWeb
2009-06-16 14:46 253 a------- c:\windows\wininit.ini
2009-06-14 14:16 161,792 a------- c:\windows\SWREG.exe
2009-06-14 14:16 98,816 a------- c:\windows\sed.exe
2009-06-14 13:15 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-14 13:03 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-14 13:02 <DIR> -cd-h--- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 13:02 <DIR> -cd-h--- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 13:02 <DIR> --d----- c:\programdata\Lavasoft
2009-06-14 13:02 <DIR> --d----- c:\program files\Lavasoft
2009-06-14 12:57 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-14 12:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-14 12:57 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-14 00:09 <DIR> --d----- c:\program files\Trend Micro
2009-06-13 22:10 1,110,399 a------- c:\windows\system32\UACxejckoxnyhlxcst.db
2009-06-11 17:29 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-11 13:37 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 13:37 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 13:37 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-10 23:49 <DIR> --d----- c:\program files\USArmy
2009-06-10 22:35 <DIR> --d----- c:\programdata\AA3DeployClient
2009-06-10 22:35 <DIR> --d----- c:\progra~2\AA3DeployClient
2009-06-09 18:04 <DIR> --d----- c:\programdata\Spring
2009-06-09 18:04 <DIR> --d----- c:\progra~2\Spring
2009-06-09 18:04 <DIR> --d----- c:\users\chris\appdata\roaming\springlobby
2009-06-09 16:16 <DIR> --d----- c:\programdata\Isotx
2009-06-09 16:16 <DIR> --d----- c:\progra~2\Isotx
2009-06-07 15:53 <DIR> --d----- c:\program files\iPod
2009-06-07 15:53 <DIR> --d----- c:\program files\iTunes
2009-06-03 20:14 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-01 22:26 <DIR> --d----- c:\windows\system32\vmm32
2009-05-28 16:17 <DIR> --d----- c:\windows\system32\eu-ES
2009-05-28 16:17 <DIR> --d----- c:\windows\system32\ca-ES
2009-05-28 16:17 <DIR> --d----- c:\windows\system32\vi-VN
2009-05-28 16:03 <DIR> --d----- c:\windows\system32\EventProviders
2009-05-28 16:01 2,499,629 a------- c:\windows\system32\wlan.tmf
2009-05-28 16:00 777,216 a------- c:\windows\system32\slcc.dll
2009-05-28 15:59 247,808 a------- c:\windows\system32\drvstore.dll
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-17 13:53 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-06-17 13:52 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-06-13 14:30 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-13 14:30 51,200 a------- c:\windows\inf\infpub.dat
2009-06-13 14:30 143,360 a------- c:\windows\inf\infstor.dat
2009-06-10 12:55 56,680 a------- c:\windows\system32\rpcnet.exe
2009-05-28 16:17 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 01:14 14,736 a------- c:\windows\system32\drivers\nuidfltr.sys
2009-05-09 00:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 00:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-23 08:44 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-11 01:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 01:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 01:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 01:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 01:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 01:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 01:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 01:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 01:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 01:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 01:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 01:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 01:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 01:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 01:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 01:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 00:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 00:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-10 23:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-10 23:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-10 23:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-10 23:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-10 23:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-10 23:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 20:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-29 23:42 278,848 a------- c:\windows\system32\mscoree.dll
2009-03-29 23:42 155,456 a------- c:\windows\system32\mscorier.dll
2009-03-29 23:42 93,512 a------- c:\windows\system32\dfshim.dll
2009-03-29 23:42 80,720 a------- c:\windows\system32\mscories.dll
2009-03-25 17:55 33,280 a------- c:\windows\system32\identprv.dll
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-12-18 12:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 08:46 10,960 a------- c:\program files\EULA.txt
2008-08-09 04:21 76 a--shr-- c:\windows\CT4CET.bin
2009-01-09 14:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-09 14:47 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-09 14:47 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 15:12:34.86 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 17 June 2009 - 05:04 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. Again I repeat...from this point forward in order for me to adequately assist you it is critical that you make no changes in your computer unless directed to do so by me!! The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

**********

I need a deeper look at your computer. Please do this......
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
**********

And this........

* Go to start > Run copy/paste the contents of the code box excluding "code" in the run box and click OK.

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt&del log.txt
A command window opens. Wait until a log.txt file opens.

* Please copy/paste the log file in your reply.

**********

With your next post please provide:

* RSIT log.txt
* RSIT info.txt
* Internet connection log

I will review your logs and post instructions forthcoming.
Regards,
t

Edited by thcbytes, 17 June 2009 - 05:30 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 AndroidSFV

AndroidSFV
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 June 2009 - 07:09 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris at 2009-06-17 18:59:34
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 2
System drive C: has 101 GB (44%) free of 228 GB
Total RAM: 3069 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:59 PM, on 6/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Chris\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA7093] command.com /c del "C:\Windows\System32\rpcnet.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6650] cmd.exe /c del "C:\Windows\System32\rpcnet.dll_old"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB0] command.com /c del "C:\Windows\System32\rpcnet.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2784] cmd.exe /c del "C:\Windows\System32\rpcnet.dll_old"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7576 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\McDefragTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-01-09 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-04-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-23 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-03-11 163840]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-06-26 442467]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-14 518488]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-23 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]
"SpybotDeletingA7093"=command.com /c del C:\Windows\System32\rpcnet.dll_old []
"SpybotDeletingC6650"=cmd.exe /c del C:\Windows\System32\rpcnet.dll_old []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB0"=command.com /c del C:\Windows\System32\rpcnet.dll_old []
"SpybotDeletingD2784"=cmd.exe /c del C:\Windows\System32\rpcnet.dll_old []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
C:\Program Files\DigitalPersona\Bin\dpagent.exe [2008-03-25 699456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-09 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 842584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2008-01-14 132392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
C:\Program Files\Dell Video Chat\DellVideoChat.exe [2008-06-12 4758904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-23 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files\Xfire\xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mferkdk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-17 18:59:34 ----D---- C:\rsit
2009-06-17 16:54:21 ----A---- C:\Windows\system32\rpcnet.dll
2009-06-17 13:49:47 ----D---- C:\Windows\temp
2009-06-17 13:49:46 ----SHD---- C:\$RECYCLE.BIN
2009-06-17 13:49:45 ----A---- C:\ComboFix.txt
2009-06-17 13:43:30 ----SD---- C:\Combo-Fix
2009-06-17 13:42:39 ----D---- C:\Qoobox
2009-06-17 13:31:16 ----N---- C:\Windows\system32\rpcnet.dll_old
2009-06-17 11:43:05 ----D---- C:\Users\Chris\AppData\Roaming\Malwarebytes
2009-06-17 11:42:58 ----D---- C:\ProgramData\Malwarebytes
2009-06-17 11:42:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-16 14:46:19 ----A---- C:\Windows\wininit.ini
2009-06-14 14:16:16 ----A---- C:\Windows\zip.exe
2009-06-14 14:16:16 ----A---- C:\Windows\SWXCACLS.exe
2009-06-14 14:16:16 ----A---- C:\Windows\SWSC.exe
2009-06-14 14:16:16 ----A---- C:\Windows\SWREG.exe
2009-06-14 14:16:16 ----A---- C:\Windows\sed.exe
2009-06-14 14:16:16 ----A---- C:\Windows\NIRCMD.exe
2009-06-14 14:16:16 ----A---- C:\Windows\grep.exe
2009-06-14 14:15:54 ----D---- C:\Windows\ERDNT
2009-06-14 14:15:52 ----A---- C:\Windows\system32\MPFServiceFailureCount.txt
2009-06-14 13:15:54 ----A---- C:\Windows\system32\lsdelete.exe
2009-06-14 13:02:27 ----HDC---- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 13:02:20 ----D---- C:\ProgramData\Lavasoft
2009-06-14 13:02:20 ----D---- C:\Program Files\Lavasoft
2009-06-14 12:57:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-14 12:57:45 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-14 00:09:00 ----D---- C:\Program Files\Trend Micro
2009-06-13 22:42:47 ----A---- C:\Windows\system32\ieui.dll
2009-06-13 22:42:47 ----A---- C:\Windows\system32\iesetup.dll
2009-06-13 22:42:47 ----A---- C:\Windows\system32\iernonce.dll
2009-06-13 22:42:46 ----A---- C:\Windows\system32\wininet.dll
2009-06-13 22:42:46 ----A---- C:\Windows\system32\urlmon.dll
2009-06-13 22:42:46 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-13 22:42:46 ----A---- C:\Windows\system32\iertutil.dll
2009-06-13 22:42:46 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-13 22:42:46 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-13 22:42:44 ----A---- C:\Windows\system32\ieframe.dll
2009-06-13 22:42:43 ----A---- C:\Windows\system32\mshtml.dll
2009-06-13 22:41:12 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-13 22:41:11 ----A---- C:\Windows\system32\msls31.dll
2009-06-13 22:41:11 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-13 22:41:11 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-13 22:41:11 ----A---- C:\Windows\system32\icardie.dll
2009-06-13 22:41:11 ----A---- C:\Windows\system32\corpol.dll
2009-06-13 22:41:11 ----A---- C:\Windows\system32\admparse.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\inseng.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\imgutil.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\iepeers.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-13 22:41:10 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-13 22:41:09 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-13 22:41:09 ----A---- C:\Windows\system32\wextract.exe
2009-06-13 22:41:09 ----A---- C:\Windows\system32\webcheck.dll
2009-06-13 22:41:09 ----A---- C:\Windows\system32\occache.dll
2009-06-13 22:41:09 ----A---- C:\Windows\system32\mstime.dll
2009-06-13 22:41:09 ----A---- C:\Windows\system32\msrating.dll
2009-06-13 22:41:09 ----A---- C:\Windows\system32\msfeedssync.exe
2009-06-13 22:41:09 ----A---- C:\Windows\system32\ieakui.dll
2009-06-13 22:41:09 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\vbscript.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\url.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\jscript.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-13 22:41:08 ----A---- C:\Windows\system32\advpack.dll
2009-06-13 22:41:06 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\PDMSetup.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\mshta.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\iexpress.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-13 22:41:06 ----A---- C:\Windows\system32\iesysprep.dll
2009-06-11 17:29:50 ----A---- C:\Windows\system32\xfcodec.dll
2009-06-11 13:37:42 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 13:37:39 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-10 23:49:11 ----D---- C:\Program Files\USArmy
2009-06-10 22:35:13 ----D---- C:\ProgramData\AA3DeployClient
2009-06-09 18:04:24 ----D---- C:\ProgramData\Spring
2009-06-09 18:04:13 ----D---- C:\Users\Chris\AppData\Roaming\springlobby
2009-06-09 16:16:27 ----D---- C:\ProgramData\Isotx
2009-06-07 15:53:04 ----D---- C:\Program Files\iPod
2009-06-07 15:53:02 ----D---- C:\Program Files\iTunes
2009-06-07 15:51:11 ----D---- C:\Program Files\QuickTime
2009-06-03 20:14:53 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-01 22:26:06 ----D---- C:\Windows\system32\vmm32
2009-05-28 16:17:31 ----D---- C:\Windows\system32\eu-ES
2009-05-28 16:17:31 ----D---- C:\Windows\system32\ca-ES
2009-05-28 16:17:30 ----D---- C:\Windows\system32\vi-VN
2009-05-28 16:03:19 ----D---- C:\Windows\system32\EventProviders
2009-05-28 16:02:13 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-05-28 16:02:10 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-28 16:02:09 ----A---- C:\Windows\system32\SLsvc.exe
2009-05-28 16:02:08 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-05-28 16:02:07 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-05-28 16:02:06 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-05-28 16:02:04 ----A---- C:\Windows\system32\mssrch.dll
2009-05-28 16:02:02 ----A---- C:\Windows\system32\tquery.dll
2009-05-28 16:02:01 ----A---- C:\Windows\system32\scavenge.dll
2009-05-28 16:02:01 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-28 16:02:01 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-28 16:02:01 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-28 16:02:01 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-28 16:02:00 ----A---- C:\Windows\system32\msi.dll
2009-05-28 16:01:59 ----A---- C:\Windows\system32\WscEapPr.dll
2009-05-28 16:01:59 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-05-28 16:01:59 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-28 16:01:59 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-28 16:01:58 ----A---- C:\Windows\system32\sysmain.dll
2009-05-28 16:01:57 ----A---- C:\Windows\system32\mf.dll
2009-05-28 16:01:57 ----A---- C:\Windows\system32\icardagt.exe
2009-05-28 16:01:56 ----A---- C:\Windows\system32\EhStorShell.dll
2009-05-28 16:01:56 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-05-28 16:01:55 ----A---- C:\Windows\system32\spreview.exe
2009-05-28 16:01:55 ----A---- C:\Windows\system32\spinstall.exe
2009-05-28 16:01:55 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-28 16:01:54 ----A---- C:\Windows\system32\spwizui.dll
2009-05-28 16:01:54 ----A---- C:\Windows\system32\shell32.dll
2009-05-28 16:01:54 ----A---- C:\Windows\system32\secproc.dll
2009-05-28 16:01:54 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-05-28 16:01:53 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-28 16:01:53 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-28 16:01:52 ----A---- C:\Windows\system32\mssvp.dll
2009-05-28 16:01:52 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-28 16:01:52 ----A---- C:\Windows\system32\mssph.dll
2009-05-28 16:01:52 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-05-28 16:01:52 ----A---- C:\Windows\system32\mscoree.dll
2009-05-28 16:01:51 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-28 16:01:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-28 16:01:51 ----A---- C:\Windows\system32\imapi2.dll
2009-05-28 16:01:51 ----A---- C:\Windows\system32\esent.dll
2009-05-28 16:01:50 ----A---- C:\Windows\system32\sperror.dll
2009-05-28 16:01:50 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-28 16:01:50 ----A---- C:\Windows\system32\DevicePairing.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\wmp.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\wevtsvc.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\SLC.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-28 16:01:49 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-28 16:01:49 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\msshsq.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-28 16:01:49 ----A---- C:\Windows\system32\IasMigReader.exe
2009-05-28 16:01:48 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-28 16:01:48 ----A---- C:\Windows\system32\msjet40.dll
2009-05-28 16:01:48 ----A---- C:\Windows\system32\MPSSVC.dll
2009-05-28 16:01:47 ----A---- C:\Windows\system32\Query.dll
2009-05-28 16:01:47 ----A---- C:\Windows\system32\qmgr.dll
2009-05-28 16:01:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-28 16:01:47 ----A---- C:\Windows\system32\msxml6.dll
2009-05-28 16:01:46 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-28 16:01:46 ----A---- C:\Windows\system32\ole32.dll
2009-05-28 16:01:46 ----A---- C:\Windows\system32\ntdll.dll
2009-05-28 16:01:46 ----A---- C:\Windows\system32\msexch40.dll
2009-05-28 16:01:46 ----A---- C:\Windows\system32\diagperf.dll
2009-05-28 16:01:45 ----A---- C:\Windows\system32\winload.exe
2009-05-28 16:01:45 ----A---- C:\Windows\system32\uDWM.dll
2009-05-28 16:01:45 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-28 16:01:45 ----A---- C:\Windows\system32\msxml3.dll
2009-05-28 16:01:45 ----A---- C:\Windows\system32\mmc.exe
2009-05-28 16:01:45 ----A---- C:\Windows\system32\mblctr.exe
2009-05-28 16:01:45 ----A---- C:\Windows\system32\EncDec.dll
2009-05-28 16:01:44 ----A---- C:\Windows\system32\riched20.dll
2009-05-28 16:01:44 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-28 16:01:44 ----A---- C:\Windows\system32\fdBth.dll
2009-05-28 16:01:44 ----A---- C:\Windows\system32\dfsr.exe
2009-05-28 16:01:43 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-28 16:01:43 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-28 16:01:43 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-28 16:01:43 ----A---- C:\Windows\system32\kernel32.dll
2009-05-28 16:01:42 ----A---- C:\Windows\system32\spoolss.dll
2009-05-28 16:01:42 ----A---- C:\Windows\system32\schedsvc.dll
2009-05-28 16:01:42 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-28 16:01:42 ----A---- C:\Windows\system32\milcore.dll
2009-05-28 16:01:42 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-05-28 16:01:42 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-28 16:01:41 ----A---- C:\Windows\system32\WinSAT.exe
2009-05-28 16:01:41 ----A---- C:\Windows\system32\msvcp60.dll
2009-05-28 16:01:41 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-28 16:01:41 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-28 16:01:41 ----A---- C:\Windows\system32\gpedit.dll
2009-05-28 16:01:41 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-05-28 16:01:40 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-05-28 16:01:40 ----A---- C:\Windows\system32\mstext40.dll
2009-05-28 16:01:40 ----A---- C:\Windows\system32\Magnify.exe
2009-05-28 16:01:40 ----A---- C:\Windows\system32\es.dll
2009-05-28 16:01:40 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-05-28 16:01:40 ----A---- C:\Windows\system32\advapi32.dll
2009-05-28 16:01:39 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-28 16:01:39 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-28 16:01:39 ----A---- C:\Windows\system32\slwmi.dll
2009-05-28 16:01:39 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-28 16:01:38 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-05-28 16:01:38 ----A---- C:\Windows\system32\vssapi.dll
2009-05-28 16:01:38 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-28 16:01:38 ----A---- C:\Windows\system32\mstscax.dll
2009-05-28 16:01:38 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-28 16:01:38 ----A---- C:\Windows\system32\authui.dll
2009-05-28 16:01:37 ----A---- C:\Windows\system32\propsys.dll
2009-05-28 16:01:37 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-28 16:01:37 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-28 16:01:37 ----A---- C:\Windows\system32\newdev.dll
2009-05-28 16:01:37 ----A---- C:\Windows\system32\NetProjW.dll
2009-05-28 16:01:37 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-28 16:01:36 ----A---- C:\Windows\system32\setupapi.dll
2009-05-28 16:01:36 ----A---- C:\Windows\system32\rpcss.dll
2009-05-28 16:01:36 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-28 16:01:36 ----A---- C:\Windows\system32\gpsvc.dll
2009-05-28 16:01:36 ----A---- C:\Windows\system32\eudcedit.exe
2009-05-28 16:01:36 ----A---- C:\Windows\system32\crypt32.dll
2009-05-28 16:01:36 ----A---- C:\Windows\explorer.exe
2009-05-28 16:01:35 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-28 16:01:35 ----A---- C:\Windows\system32\msltus40.dll
2009-05-28 16:01:35 ----A---- C:\Windows\system32\davclnt.dll
2009-05-28 16:01:35 ----A---- C:\Windows\system32\d3d9.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\photowiz.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\msdtctm.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\mfc42.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-05-28 16:01:34 ----A---- C:\Windows\system32\browseui.dll
2009-05-28 16:01:33 ----A---- C:\Windows\system32\user32.dll
2009-05-28 16:01:33 ----A---- C:\Windows\system32\samsrv.dll
2009-05-28 16:01:33 ----A---- C:\Windows\system32\ci.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\win32spl.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\quartz.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-28 16:01:32 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\netshell.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\kerberos.dll
2009-05-28 16:01:32 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-05-28 16:01:32 ----A---- C:\Windows\system32\compcln.exe
2009-05-28 16:01:31 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-28 16:01:31 ----A---- C:\Windows\system32\winhttp.dll
2009-05-28 16:01:31 ----A---- C:\Windows\system32\mswstr10.dll
2009-05-28 16:01:31 ----A---- C:\Windows\system32\msctf.dll
2009-05-28 16:01:31 ----A---- C:\Windows\system32\emdmgmt.dll
2009-05-28 16:01:31 ----A---- C:\Windows\system32\audiosrv.dll
2009-05-28 16:01:31 ----A---- C:\Windows\system32\apds.dll
2009-05-28 16:01:30 ----A---- C:\Windows\system32\VSSVC.exe
2009-05-28 16:01:30 ----A---- C:\Windows\system32\SLUI.exe
2009-05-28 16:01:30 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-05-28 16:01:30 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-28 16:01:30 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-28 16:01:30 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-05-28 16:01:30 ----A---- C:\Windows\system32\gdi32.dll
2009-05-28 16:01:30 ----A---- C:\Windows\system32\eapphost.dll
2009-05-28 16:01:29 ----A---- C:\Windows\system32\winresume.exe
2009-05-28 16:01:29 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-28 16:01:29 ----A---- C:\Windows\system32\propdefs.dll
2009-05-28 16:01:29 ----A---- C:\Windows\system32\odbc32.dll
2009-05-28 16:01:29 ----A---- C:\Windows\system32\msrd2x40.dll
2009-05-28 16:01:28 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-28 16:01:27 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-28 16:01:26 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-28 16:01:26 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-28 16:01:26 ----A---- C:\Windows\system32\swprv.dll
2009-05-28 16:01:26 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-28 16:01:26 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-28 16:01:25 ----A---- C:\Windows\system32\vds.exe
2009-05-28 16:01:25 ----A---- C:\Windows\system32\usp10.dll
2009-05-28 16:01:25 ----A---- C:\Windows\system32\netlogon.dll
2009-05-28 16:01:25 ----A---- C:\Windows\system32\msscb.dll
2009-05-28 16:01:25 ----A---- C:\Windows\system32\msctfp.dll
2009-05-28 16:01:25 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-05-28 16:01:25 ----A---- C:\Windows\system32\drvinst.exe
2009-05-28 16:01:25 ----A---- C:\Windows\system32\devmgr.dll
2009-05-28 16:01:24 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-28 16:01:24 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-28 16:01:24 ----A---- C:\Windows\system32\schannel.dll
2009-05-28 16:01:24 ----A---- C:\Windows\system32\evr.dll
2009-05-28 16:01:24 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-05-28 16:01:24 ----A---- C:\Windows\system32\BFE.DLL
2009-05-28 16:01:24 ----A---- C:\Windows\system32\autochk.exe
2009-05-28 16:01:24 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-28 16:01:23 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-28 16:01:23 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-28 16:01:23 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-28 16:01:23 ----A---- C:\Windows\system32\wercon.exe
2009-05-28 16:01:23 ----A---- C:\Windows\system32\services.exe
2009-05-28 16:01:23 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-28 16:01:23 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-28 16:01:23 ----A---- C:\Windows\system32\adtschema.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\taskeng.exe
2009-05-28 16:01:22 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\mswdat10.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\msjter40.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\msdrm.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-28 16:01:22 ----A---- C:\Windows\system32\certcli.dll
2009-05-28 16:01:21 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-28 16:01:21 ----A---- C:\Windows\system32\w32time.dll
2009-05-28 16:01:21 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-05-28 16:01:21 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-28 16:01:21 ----A---- C:\Windows\system32\reg.exe
2009-05-28 16:01:21 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-05-28 16:01:21 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-28 16:01:21 ----A---- C:\Windows\system32\certutil.exe
2009-05-28 16:01:21 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-28 16:01:20 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\msstrc.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\msshooks.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\msihnd.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-28 16:01:20 ----A---- C:\Windows\system32\bthserv.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\profsvc.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\netapi32.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\mscories.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\inetpp.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\hidserv.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\fundisc.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\dfshim.dll
2009-05-28 16:01:19 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-28 16:01:18 ----A---- C:\Windows\system32\termsrv.dll
2009-05-28 16:01:18 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-28 16:01:18 ----A---- C:\Windows\system32\msiexec.exe
2009-05-28 16:01:18 ----A---- C:\Windows\system32\imapi.dll
2009-05-28 16:01:18 ----A---- C:\Windows\system32\gameux.dll
2009-05-28 16:01:17 ----A---- C:\Windows\system32\wdc.dll
2009-05-28 16:01:17 ----A---- C:\Windows\system32\rasmans.dll
2009-05-28 16:01:17 ----A---- C:\Windows\system32\pnidui.dll
2009-05-28 16:01:17 ----A---- C:\Windows\system32\iassdo.dll
2009-05-28 16:01:17 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-28 16:01:16 ----A---- C:\Windows\system32\spoolsv.exe
2009-05-28 16:01:16 ----A---- C:\Windows\system32\scrrun.dll
2009-05-28 16:01:16 ----A---- C:\Windows\system32\icardres.dll
2009-05-28 16:01:16 ----A---- C:\Windows\system32\autofmt.exe
2009-05-28 16:01:15 ----A---- C:\Windows\system32\wersvc.dll
2009-05-28 16:01:15 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-28 16:01:15 ----A---- C:\Windows\system32\PSHED.DLL
2009-05-28 16:01:15 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-28 16:01:15 ----A---- C:\Windows\system32\pdh.dll
2009-05-28 16:01:15 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-28 16:01:15 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-28 16:01:15 ----A---- C:\Windows\system32\azroles.dll
2009-05-28 16:01:14 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-28 16:01:14 ----A---- C:\Windows\system32\winlogon.exe
2009-05-28 16:01:14 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-28 16:01:13 ----A---- C:\Windows\system32\SLUINotify.dll
2009-05-28 16:01:13 ----A---- C:\Windows\system32\sethc.exe
2009-05-28 16:01:13 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-28 16:01:13 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-28 16:01:13 ----A---- C:\Windows\system32\kd1394.dll
2009-05-28 16:01:13 ----A---- C:\Windows\system32\comuid.dll
2009-05-28 16:01:13 ----A---- C:\Windows\system32\certmgr.dll
2009-05-28 16:01:12 ----A---- C:\Windows\system32\wisptis.exe
2009-05-28 16:01:12 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-28 16:01:12 ----A---- C:\Windows\system32\untfs.dll
2009-05-28 16:01:12 ----A---- C:\Windows\system32\spp.dll
2009-05-28 16:01:12 ----A---- C:\Windows\system32\scrobj.dll
2009-05-28 16:01:12 ----A---- C:\Windows\system32\rtutils.dll
2009-05-28 16:01:12 ----A---- C:\Windows\system32\iassam.dll
2009-05-28 16:01:11 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-28 16:01:11 ----A---- C:\Windows\system32\printui.dll
2009-05-28 16:01:11 ----A---- C:\Windows\system32\iasnap.dll
2009-05-28 16:01:11 ----A---- C:\Windows\system32\dwm.exe
2009-05-28 16:01:11 ----A---- C:\Windows\system32\autoconv.exe
2009-05-28 16:01:10 ----A---- C:\Windows\system32\winsrv.dll
2009-05-28 16:01:10 ----A---- C:\Windows\system32\onex.dll
2009-05-28 16:01:10 ----A---- C:\Windows\system32\kdcom.dll
2009-05-28 16:01:10 ----A---- C:\Windows\system32\cscript.exe
2009-05-28 16:01:10 ----A---- C:\Windows\system32\basecsp.dll
2009-05-28 16:01:09 ----A---- C:\Windows\system32\wow32.dll
2009-05-28 16:01:09 ----A---- C:\Windows\system32\userenv.dll
2009-05-28 16:01:09 ----A---- C:\Windows\system32\spcmsg.dll
2009-05-28 16:01:09 ----A---- C:\Windows\system32\osk.exe
2009-05-28 16:01:09 ----A---- C:\Windows\system32\mswsock.dll
2009-05-28 16:01:09 ----A---- C:\Windows\system32\kdusb.dll
2009-05-28 16:01:09 ----A---- C:\Windows\system32\audiodg.exe
2009-05-28 16:01:08 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-28 16:01:08 ----A---- C:\Windows\system32\winmm.dll
2009-05-28 16:01:08 ----A---- C:\Windows\system32\RelMon.dll
2009-05-28 16:01:08 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-28 16:01:08 ----A---- C:\Windows\system32\msftedit.dll
2009-05-28 16:01:07 ----A---- C:\Windows\system32\wsepno.dll
2009-05-28 16:01:07 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-28 16:01:07 ----A---- C:\Windows\system32\WerFault.exe
2009-05-28 16:01:07 ----A---- C:\Windows\system32\Utilman.exe
2009-05-28 16:01:07 ----A---- C:\Windows\system32\stobject.dll
2009-05-28 16:01:07 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-28 16:01:07 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-28 16:01:07 ----A---- C:\Windows\system32\offfilt.dll
2009-05-28 16:01:07 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\wiaservc.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\sysclass.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\SndVol.exe
2009-05-28 16:01:06 ----A---- C:\Windows\system32\secur32.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\mscms.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\mfplat.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\mcmde.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\diskraid.exe
2009-05-28 16:01:06 ----A---- C:\Windows\system32\apphelp.dll
2009-05-28 16:01:06 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\wscript.exe
2009-05-28 16:01:05 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\wlansvc.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\ulib.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\rastapi.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-28 16:01:05 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\fdProxy.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\dsound.dll
2009-05-28 16:01:05 ----A---- C:\Windows\system32\cryptui.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\wscsvc.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-28 16:01:04 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\regsvc.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\rastls.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\ntprint.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\logman.exe
2009-05-28 16:01:04 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\gpapi.dll
2009-05-28 16:01:04 ----A---- C:\Windows\system32\diskpart.exe
2009-05-28 16:01:04 ----A---- C:\Windows\system32\brcpl.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\wusa.exe
2009-05-28 16:01:03 ----A---- C:\Windows\system32\wshext.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\wpccpl.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\netcenter.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\mscorier.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\iasrad.dll
2009-05-28 16:01:03 ----A---- C:\Windows\system32\findstr.exe
2009-05-28 16:01:02 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-28 16:01:02 ----A---- C:\Windows\system32\wer.dll
2009-05-28 16:01:02 ----A---- C:\Windows\system32\themecpl.dll
2009-05-28 16:01:02 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-28 16:01:02 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-28 16:01:01 ----A---- C:\Windows\system32\uxsms.dll
2009-05-28 16:01:01 ----A---- C:\Windows\system32\srvsvc.dll
2009-05-28 16:01:01 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-28 16:01:00 ----A---- C:\Windows\system32\tsbyuv.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\slcc.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\scansetting.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\powrprof.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\msutb.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\mstsc.exe
2009-05-28 16:00:59 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\iasads.dll
2009-05-28 16:00:59 ----A---- C:\Windows\system32\iasacct.dll
2009-05-28 16:00:58 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-28 16:00:58 ----A---- C:\Windows\system32\powercpl.dll
2009-05-28 16:00:58 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-28 16:00:58 ----A---- C:\Windows\system32\newdev.exe
2009-05-28 16:00:58 ----A---- C:\Windows\system32\networkmap.dll
2009-05-28 16:00:58 ----A---- C:\Windows\system32\connect.dll
2009-05-28 16:00:58 ----A---- C:\Windows\system32\authz.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\usercpl.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\themeui.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\sud.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\samlib.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\pcaui.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\mmci.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\dot3svc.dll
2009-05-28 16:00:57 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\wpcao.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\regapi.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\qdvd.dll
2009-05-28 16:00:56 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-28 16:00:56 ----A---- C:\Windows\system32\autoplay.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\scksp.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\scesrv.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-28 16:00:55 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\oleprn.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\mpr.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\imm32.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\feclient.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-28 16:00:55 ----A---- C:\Windows\system32\DeviceEject.exe
2009-05-28 16:00:55 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-28 16:00:54 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\sdclt.exe
2009-05-28 16:00:54 ----A---- C:\Windows\system32\scecli.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\rasplap.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\qedit.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\pnpui.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\perfdisk.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-28 16:00:54 ----A---- C:\Windows\system32\hdwwiz.exe
2009-05-28 16:00:54 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-28 16:00:54 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-28 16:00:54 ----A---- C:\Windows\system32\certreq.exe
2009-05-28 16:00:53 ----A---- C:\Windows\system32\whealogr.dll
2009-05-28 16:00:53 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-28 16:00:53 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-28 16:00:53 ----A---- C:\Windows\system32\spwinsat.dll
2009-05-28 16:00:53 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-05-28 16:00:53 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-28 16:00:53 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-28 16:00:52 ----A---- C:\Windows\system32\wlanui.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\srcore.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\SnippingTool.exe
2009-05-28 16:00:52 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\raschap.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\fontext.dll
2009-05-28 16:00:52 ----A---- C:\Windows\system32\conime.exe
2009-05-28 16:00:52 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-28 16:00:51 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-28 16:00:51 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-28 16:00:51 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-28 16:00:51 ----A---- C:\Windows\system32\rasppp.dll
2009-05-28 16:00:51 ----A---- C:\Windows\system32\PnPutil.exe
2009-05-28 16:00:51 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-28 16:00:51 ----A---- C:\Windows\system32\dsprop.dll
2009-05-28 16:00:51 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\shsetup.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\mscandui.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\modemui.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\dataclen.dll
2009-05-28 16:00:50 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\smss.exe
2009-05-28 16:00:49 ----A---- C:\Windows\system32\rdpwsx.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\credui.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\certprop.dll
2009-05-28 16:00:49 ----A---- C:\Windows\system32\blackbox.dll
2009-05-28 16:00:48 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-28 16:00:48 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-28 16:00:48 ----A---- C:\Windows\system32\msscp.dll
2009-05-28 16:00:48 ----A---- C:\Windows\system32\logagent.exe
2009-05-28 16:00:48 ----A---- C:\Windows\system32\InkEd.dll
2009-05-28 16:00:48 ----A---- C:\Windows\system32\ifmon.dll
2009-05-28 16:00:48 ----A---- C:\Windows\system32\cipher.exe
2009-05-28 16:00:47 ----A---- C:\Windows\system32\wscapi.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\thawbrkr.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\softkbd.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\sendmail.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\msimtf.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\msctfui.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-28 16:00:47 ----A---- C:\Windows\system32\gpresult.exe
2009-05-28 16:00:46 ----A---- C:\Windows\system32\puiapi.dll
2009-05-28 16:00:46 ----A---- C:\Windows\system32\olepro32.dll
2009-05-28 16:00:46 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-28 16:00:46 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-28 16:00:46 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\wshbth.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\version.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\SLLUA.exe
2009-05-28 16:00:45 ----A---- C:\Windows\system32\msisip.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\mprapi.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\input.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\fc.exe
2009-05-28 16:00:45 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-28 16:00:45 ----A---- C:\Windows\system32\cdd.dll
2009-05-28 16:00:44 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-28 16:00:44 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-28 16:00:44 ----A---- C:\Windows\system32\dmusic.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\wsdchngr.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-28 16:00:43 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\msjint40.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\ftp.exe
2009-05-28 16:00:43 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\cscdll.dll
2009-05-28 16:00:43 ----A---- C:\Windows\system32\cscapi.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\Storprop.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\rasdial.exe
2009-05-28 16:00:42 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\bthudtask.exe
2009-05-28 16:00:42 ----A---- C:\Windows\system32\bthci.dll
2009-05-28 16:00:42 ----A---- C:\Windows\system32\aaclient.dll
2009-05-28 16:00:41 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-28 16:00:41 ----A---- C:\Windows\system32\slcinst.dll
2009-05-28 16:00:41 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-28 16:00:41 ----A---- C:\Windows\system32\nslookup.exe
2009-05-28 16:00:41 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-28 16:00:41 ----A---- C:\Windows\system32\mfps.dll
2009-05-28 16:00:41 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-28 16:00:41 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-28 16:00:41 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-28 16:00:41 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-05-28 16:00:40 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-05-28 16:00:40 ----A---- C:\Windows\system32\mmcico.dll
2009-05-28 16:00:40 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-28 16:00:40 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-28 16:00:40 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-28 16:00:39 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-28 16:00:39 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-28 16:00:39 ----A---- C:\Windows\system32\csrstub.exe
2009-05-28 16:00:39 ----A---- C:\Windows\system32\cbsra.exe
2009-05-28 16:00:39 ----A---- C:\Windows\system32\atmlib.dll
2009-05-28 16:00:38 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-28 16:00:38 ----A---- C:\Windows\system32\iscsilog.dll
2009-05-28 16:00:38 ----A---- C:\Windows\system32\bitsigd.dll
2009-05-28 16:00:37 ----A---- C:\Windows\system32\winrnr.dll
2009-05-28 16:00:37 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-28 16:00:37 ----A---- C:\Windows\system32\slwga.dll
2009-05-28 16:00:37 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-28 16:00:37 ----A---- C:\Windows\system32\inetppui.dll
2009-05-28 16:00:36 ----A---- C:\Windows\system32\midimap.dll
2009-05-28 16:00:36 ----A---- C:\Windows\system32\atmfd.dll
2009-05-28 16:00:34 ----A---- C:\Windows\system32\wmploc.DLL
2009-05-28 16:00:34 ----A---- C:\Windows\system32\spwmp.dll
2009-05-28 16:00:34 ----A---- C:\Windows\system32\dxmasf.dll
2009-05-28 16:00:33 ----A---- C:\Windows\system32\msimsg.dll
2009-05-28 16:00:33 ----A---- C:\Windows\system32\mferror.dll
2009-05-28 16:00:33 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-28 16:00:16 ----A---- C:\Windows\system32\SmiEngine.dll
2009-05-28 16:00:11 ----A---- C:\Windows\system32\wdscore.dll
2009-05-28 16:00:11 ----A---- C:\Windows\system32\PkgMgr.exe
2009-05-28 15:59:58 ----A---- C:\Windows\system32\drvstore.dll

======List of files/folders modified in the last 1 months======

2009-06-17 18:59:47 ----D---- C:\Windows\Prefetch
2009-06-17 18:58:03 ----D---- C:\Program Files\Mozilla Firefox
2009-06-17 17:31:36 ----SHD---- C:\System Volume Information
2009-06-17 16:54:21 ----D---- C:\Windows\System32
2009-06-17 14:00:18 ----D---- C:\Windows\inf
2009-06-17 14:00:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-17 13:58:43 ----D---- C:\Windows
2009-06-17 13:57:33 ----RD---- C:\Program Files
2009-06-17 13:53:47 ----A---- C:\Windows\system32\rpcnetp.dll
2009-06-17 13:52:02 ----A---- C:\Windows\system32\rpcnetp.exe
2009-06-17 13:49:47 ----D---- C:\Windows\system32\en-US
2009-06-17 13:47:55 ----A---- C:\Windows\system.ini
2009-06-17 13:45:47 ----D---- C:\Windows\system32\drivers
2009-06-17 13:45:47 ----D---- C:\Windows\AppPatch
2009-06-17 13:45:46 ----D---- C:\Program Files\Common Files
2009-06-17 13:43:34 ----A---- C:\Windows\ntbtlog.txt
2009-06-17 11:42:58 ----HD---- C:\ProgramData
2009-06-16 21:02:54 ----D---- C:\Program Files\Steam
2009-06-16 18:08:28 ----D---- C:\Users\Chris\AppData\Roaming\Xfire
2009-06-16 17:53:20 ----D---- C:\Windows\system32\Tasks
2009-06-16 15:07:59 ----SHD---- C:\Windows\Installer
2009-06-16 15:07:55 ----D---- C:\Program Files\Java
2009-06-16 12:50:46 ----D---- C:\ProgramData\Xfire
2009-06-16 12:50:46 ----D---- C:\Program Files\Xfire
2009-06-14 14:36:00 ----D---- C:\Windows\rescache
2009-06-14 14:14:34 ----D---- C:\Windows\Minidump
2009-06-14 13:03:42 ----D---- C:\Windows\Tasks
2009-06-14 13:03:35 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-14 13:03:35 ----D---- C:\Windows\system32\catroot
2009-06-14 13:02:18 ----D---- C:\Windows\winsxs
2009-06-13 23:12:47 ----D---- C:\Windows\system32\catroot2
2009-06-13 22:45:18 ----D---- C:\Windows\system32\migration
2009-06-13 22:45:18 ----D---- C:\Windows\PolicyDefinitions
2009-06-13 22:45:18 ----D---- C:\Program Files\Internet Explorer
2009-06-13 19:46:20 ----D---- C:\Program Files\Common Files\Steam
2009-06-13 14:41:10 ----D---- C:\Windows\Microsoft.NET
2009-06-13 14:40:30 ----RSD---- C:\Windows\assembly
2009-06-13 14:33:19 ----D---- C:\Windows\ehome
2009-06-10 22:37:21 ----D---- C:\Program Files\Football Superstars
2009-06-10 12:55:12 ----A---- C:\Windows\system32\rpcnet.exe
2009-06-07 15:53:03 ----D---- C:\Program Files\Common Files\Apple
2009-06-03 20:17:01 ----D---- C:\Program Files\DivX
2009-06-03 20:16:15 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-06-01 22:26:06 ----D---- C:\Program Files\Dell
2009-06-01 11:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-30 13:03:42 ----D---- C:\Program Files\mIRC
2009-05-28 16:26:45 ----SHD---- C:\Boot
2009-05-28 16:18:19 ----D---- C:\Program Files\Windows Sidebar
2009-05-28 16:18:19 ----D---- C:\Program Files\Windows Mail
2009-05-28 16:18:19 ----D---- C:\Program Files\Windows Calendar
2009-05-28 16:18:19 ----D---- C:\Program Files\Movie Maker
2009-05-28 16:18:18 ----D---- C:\Program Files\Windows Media Player
2009-05-28 16:18:18 ----D---- C:\Program Files\Windows Journal
2009-05-28 16:18:18 ----D---- C:\Program Files\Windows Collaboration
2009-05-28 16:18:17 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-28 16:18:17 ----D---- C:\Program Files\Common Files\System
2009-05-28 16:18:16 ----D---- C:\Windows\servicing
2009-05-28 16:18:16 ----D---- C:\Program Files\Windows Defender
2009-05-28 16:18:11 ----D---- C:\Windows\system32\XPSViewer
2009-05-28 16:18:11 ----D---- C:\Windows\system32\sk-SK
2009-05-28 16:18:11 ----D---- C:\Windows\system32\lv-LV
2009-05-28 16:18:11 ----D---- C:\Windows\system32\ko-KR
2009-05-28 16:18:11 ----D---- C:\Windows\system32\hr-HR
2009-05-28 16:18:11 ----D---- C:\Windows\system32\et-EE
2009-05-28 16:18:11 ----D---- C:\Windows\system32\da-DK
2009-05-28 16:18:11 ----D---- C:\Windows\IME
2009-05-28 16:18:09 ----D---- C:\Windows\system32\oobe
2009-05-28 16:18:09 ----D---- C:\Windows\system32\it-IT
2009-05-28 16:18:09 ----D---- C:\Windows\system32\el-GR
2009-05-28 16:18:09 ----D---- C:\Windows\system32\de-DE
2009-05-28 16:18:07 ----D---- C:\Windows\system32\sv-SE
2009-05-28 16:18:07 ----D---- C:\Windows\system32\SLUI
2009-05-28 16:18:07 ----D---- C:\Windows\system32\setup
2009-05-28 16:18:07 ----D---- C:\Windows\system32\ru-RU
2009-05-28 16:18:07 ----D---- C:\Windows\system32\pt-PT
2009-05-28 16:18:07 ----D---- C:\Windows\system32\hu-HU
2009-05-28 16:18:07 ----D---- C:\Windows\system32\he-IL
2009-05-28 16:18:07 ----D---- C:\Windows\system32\fr-FR
2009-05-28 16:18:07 ----D---- C:\Windows\system32\fi-FI
2009-05-28 16:18:07 ----D---- C:\Windows\system32\cs-CZ
2009-05-28 16:18:07 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-28 16:18:06 ----D---- C:\Windows\system32\zh-CN
2009-05-28 16:18:06 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-28 16:18:06 ----D---- C:\Windows\system32\manifeststore
2009-05-28 16:18:06 ----D---- C:\Windows\system32\es-ES
2009-05-28 16:18:06 ----D---- C:\Windows\system32\en
2009-05-28 16:18:05 ----D---- C:\Windows\system32\zh-TW
2009-05-28 16:18:05 ----D---- C:\Windows\system32\uk-UA
2009-05-28 16:18:05 ----D---- C:\Windows\system32\th-TH
2009-05-28 16:18:05 ----D---- C:\Windows\system32\sl-SI
2009-05-28 16:18:05 ----D---- C:\Windows\system32\ro-RO
2009-05-28 16:18:05 ----D---- C:\Windows\system32\pl-PL
2009-05-28 16:18:05 ----D---- C:\Windows\system32\ja-JP
2009-05-28 16:18:05 ----D---- C:\Windows\system32\bg-BG
2009-05-28 16:18:04 ----D---- C:\Windows\system32\wbem
2009-05-28 16:18:04 ----D---- C:\Windows\system32\tr-TR
2009-05-28 16:18:03 ----D---- C:\Windows\system32\nl-NL
2009-05-28 16:18:03 ----D---- C:\Windows\system32\nb-NO
2009-05-28 16:18:03 ----D---- C:\Windows\system32\lt-LT
2009-05-28 16:18:03 ----D---- C:\Windows\system32\ar-SA
2009-05-28 16:18:02 ----D---- C:\Windows\system32\pt-BR
2009-05-28 16:18:02 ----D---- C:\Windows\system32\migwiz
2009-05-28 16:17:37 ----RSD---- C:\Windows\Fonts
2009-05-28 16:17:30 ----D---- C:\Windows\system32\Boot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2008-10-23 130424]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-03-11 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-03-11 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2008-03-11 38400]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-03-11 164400]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-04 3548672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2008-03-13 548352]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-03-11 1205240]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 dc3d;USBCCGP filter driver (dc3d); C:\Windows\system32\DRIVERS\dc3d.sys [2009-01-15 15360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2008-03-14 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-03-11 203264]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\Windows\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver; C:\Windows\system32\DRIVERS\OA001Vid.sys [2009-03-08 280096]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-08 24064]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-06-26 380928]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 a3s5apdv;a3s5apdv; C:\Windows\system32\drivers\a3s5apdv.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys [2008-03-11 18424]
S3 catchme;catchme; \??\C:\Users\Chris\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 efipsk;efipsk; \??\C:\Users\Chris\AppData\Local\Temp\efipsk.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-04 3548672]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-04 667648]
R2 ATService;AuthenTec Fingerprint Service; C:\Program Files\Fingerprint Sensor\AtService.exe [2008-02-29 1053944]
R2 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-08-09 72704]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2007-04-09 44032]
R2 DpHost;Biometric Authentication Service; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-03-25 302144]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-14 1005904]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-01-09 26640]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\System32\rpcnet.exe [2009-06-10 56680]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe [2008-06-26 221273]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-03-11 24064]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-11 316664]
S4 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe [2008-06-26 73728]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S4 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-09 29744]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S4 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S4 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]
S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-06-17 19:00:02

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
AuthenTec Fingerprint System-->MsiExec.exe /I{140BF0D0-E848-405C-9A01-D3256B918B6D}
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Catalyst Control Center - Branding-->MsiExec.exe /I{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{6D3963B0-E13B-4FC3-B0FF-506A304BB043}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquerâ„¢ 3: Kane's Wrath-->MsiExec.exe /I{CC2422C9-F7B5-4175-B295-5EC2283AA674}
Command & Conquerâ„¢ Red Alertâ„¢ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Complete Care Consumer Service Agreement-->MsiExec.exe /I{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Video Chat (remove only)-->C:\Program Files\Dell Video Chat\uninst.exe
Dell Webcam Central-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DigitalPersona Personal 3.0.1-->MsiExec.exe /I{6F633E95-3196-4FAC-9BD0-7E90CED5057A}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dystopia-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17580
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Integrated Webcam Driver (1.06.03.0309) -->C:\Windows\CtDrvIns.exe -uninstall -script OA001.uns -plugin OA001Pin.dll -pluginres OA001Pin.crl -nodisconprompt -langid 0x0409
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
ITECIR Driver-->C:\Program Files\InstallShield Installation Information\{FCED9B62-34FF-4C15-8A23-F65221F7874D}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
LoJack Factory Installer-->"C:\Program Files\InstallShield Installation Information\{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}\setup.exe" -runfromtemp -l0x0409 -removeonly
LoJack Factory Installer-->MsiExec.exe /I{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft XNA Framework Redistributable 1.0 Refresh-->MsiExec.exe /I{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mozilla Firefox (3.0.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U /S
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~2\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Source SDK Base - Orange Box-->"C:\Program Files\Steam\steam.exe" steam://uninstall/218
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stargate Online TCG-->C:\Program Files\InstallShield Installation Information\{FDA52B14-0D3A-4138-98D3-3875423ED191}\setup.exe -runfromtemp -l0x0009 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sword of the Stars-->C:\Program Files\Lighthouse Interactive\Sword of the Stars\Uninstall.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
World in Conflict: Soviet Assault-->C:\Program Files\InstallShield Installation Information\{F11ADC64-C89E-47F4-A0B3-3665FF859397}\setup.exe -runfromtemp -l0x0009 -removeonly
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

=====HijackThis Backups=====

O13 - Gopher Prefix: [2009-06-14]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [2009-06-14]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Lavasoft Ad-Watch Live!
AS: Windows Defender

======System event log======

Computer Name: Chris******-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {41C81662-C084-4AF3-9FF8-926335CCCA14}
User: Chris******-PC\Chris
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: service:INSTB32
Alert Type: Unclassified software
Detection Type:
Record Number: 58132
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090115001254.000000-000
Event Type: Warning
User:

Computer Name: Chris******-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {68269952-9877-41F3-A301-D0492889583E}
User: Chris******-PC\Chris
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: driver:INSTB32
Alert Type: Unclassified software
Detection Type:
Record Number: 58131
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090115001254.000000-000
Event Type: Warning
User:

Computer Name: Chris******-PC
Event Code: 7000
Message: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 58110
Source Name: Service Control Manager
Time Written: 20090114195246.000000-000
Event Type: Error
User:

Computer Name: Chris******-PC
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Record Number: 58109
Source Name: Service Control Manager
Time Written: 20090114195246.000000-000
Event Type: Error
User:

Computer Name: Chris******-PC
Event Code: 7031
Message: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Record Number: 58104
Source Name: Service Control Manager
Time Written: 20090114194742.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Chris******-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 294327
Source Name: SideBySide
Time Written: 20090611025047.000000-000
Event Type: Error
User:

Computer Name: Chris******-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 294326
Source Name: SideBySide
Time Written: 20090611025040.000000-000
Event Type: Error
User:

Computer Name: Chris******-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 294325
Source Name: SideBySide
Time Written: 20090611025033.000000-000
Event Type: Error
User:

Computer Name: Chris******-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 294324
Source Name: SideBySide
Time Written: 20090611025026.000000-000
Event Type: Error
User:

Computer Name: Chris******-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\System32\bcmwltry.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 294323
Source Name: SideBySide
Time Written: 20090611025019.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Chris******-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\DigitalPersona\Bin\DpOFeedb.dll
Record Number: 10561
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081031014350.152947-000
Event Type: Audit Failure
User:

Computer Name: Chris******-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\Xfire\xfire_toucan_34432.dll
Record Number: 10560
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081031014350.136947-000
Event Type: Audit Failure
User:

Computer Name: Chris******-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\DigitalPersona\Bin\DpOFeedb.dll
Record Number: 10559
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081031014350.119947-000
Event Type: Audit Failure
User:

Computer Name: Chris******-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\Xfire\xfire_toucan_34432.dll
Record Number: 10558
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081031014350.102947-000
Event Type: Audit Failure
User:

Computer Name: Chris******-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume3\Program Files\DigitalPersona\Bin\DpOFeedb.dll
Record Number: 10557
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081031014350.086947-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Windows IP Configuration

Host Name . . . . . . . . . . . . : Chris******-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wi.rr.com

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : imt.uwm.edu
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 00-22-68-DB-B7-DA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : wi.rr.com
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-21-70-70-C2-54
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, June 17, 2009 1:52:12 PM
Lease Expires . . . . . . . . . . : Thursday, June 18, 2009 1:52:10 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.67.100
74.125.127.100
74.125.45.100



Pinging google.com [74.125.45.100] with 32 bytes of data:

Reply from 74.125.45.100: bytes=32 time=28ms TTL=53

Reply from 74.125.45.100: bytes=32 time=29ms TTL=53



Ping statistics for 74.125.45.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 29ms, Average = 28ms

===========================================================================
Interface List
12 ...00 22 68 db b7 da ...... Dell Wireless 1510 Wireless-N WLAN Mini-Card
11 ...00 21 70 70 c2 54 ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.199 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.199 276
192.168.0.199 255.255.255.255 On-link 192.168.0.199 276
192.168.0.255 255.255.255.255 On-link 192.168.0.199 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.199 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.199 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


Note: I censored part of the computer name, because it containes my full name. If it matters any, there is one * per letter censored and if its needed info, I will supply it. I hope you can understand.

Edited by AndroidSFV, 17 June 2009 - 07:16 PM.


#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 17 June 2009 - 07:47 PM

Hi,
Censoring your name is fine. :thumbup2: Please do not alter the logs otherwise.

Speaking of log's.....
I see that you have run Combofix. This is a very powerful tool that can result in permanent damage to your OS and should not be run except for under the supervision of a Malware Expert!

I need a copy of the log(s). The log(s) will be found here:

* C:\ComboFix.txt

If you have run it more than once you will find the other copies here:

* C:\Qoobox\ComboFix2.txt
* C:\Qoobox\ComboFix3.txt
* C:\Qoobox\ComboFix4.txt
* C:\Qoobox\ComboFix5.txt

Please copy and paste the logs in your next reply.

Kind regards,
t

Edited by thcbytes, 17 June 2009 - 07:49 PM.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 AndroidSFV

AndroidSFV
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 June 2009 - 07:49 PM

ComboFix 09-06-16.05 - Chris 06/17/2009 13:44.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2500 [GMT -5:00]
Running from: c:\users\Chris\Desktop\Combo-Fix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\users\Chris\AppData\Roaming\install.dat
c:\windows\system32\uactmp.db
C:\xcrashdump.dat

c:\windows\System32\autochk.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-17 18:47 . 2009-06-17 18:47 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-06-17 18:31 . 2009-06-17 18:31 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-06-17 16:43 . 2009-06-17 16:43 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 16:43 . 2009-06-17 16:43 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-06-17 16:43 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:42 . 2009-06-17 16:42 -------- d-----w- c:\programdata\Malwarebytes
2009-06-17 16:42 . 2009-06-17 16:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:42 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 19:58 . 2009-06-16 19:58 -------- d-----w- c:\users\Chris\DoctorWeb
2009-06-14 18:15 . 2009-06-14 18:03 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-14 18:02 . 2009-06-14 18:02 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 18:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-14 18:02 . 2009-06-14 18:03 -------- d-----w- c:\programdata\Lavasoft
2009-06-14 18:02 . 2009-06-14 18:02 -------- d-----w- c:\program files\Lavasoft
2009-06-14 17:57 . 2009-06-14 19:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-14 17:57 . 2009-06-14 18:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 05:09 . 2009-06-14 05:09 -------- d-----w- c:\program files\Trend Micro
2009-06-14 03:42 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-14 03:42 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-11 18:37 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 18:37 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 18:37 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 04:49 . 2009-06-11 04:49 -------- d-----w- c:\program files\USArmy
2009-06-11 03:35 . 2009-06-14 22:29 -------- d-----w- c:\users\Chris\AppData\Local\AA3DeployClient
2009-06-11 03:35 . 2009-06-11 17:25 -------- d-----w- c:\programdata\AA3DeployClient
2009-06-09 23:04 . 2009-06-09 23:34 -------- d-----w- c:\programdata\Spring
2009-06-09 23:04 . 2009-06-09 23:04 -------- d-----w- c:\users\Chris\AppData\Roaming\springlobby
2009-06-09 21:16 . 2009-06-09 21:16 -------- d-----w- c:\programdata\Isotx
2009-06-07 20:53 . 2009-06-07 20:53 -------- d-----w- c:\program files\iPod
2009-06-07 20:53 . 2009-06-07 20:53 -------- d-----w- c:\program files\iTunes
2009-06-07 20:51 . 2009-06-07 20:51 -------- d-----w- c:\program files\QuickTime
2009-06-07 20:45 . 2009-06-07 20:45 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 17:24 . 2008-12-04 06:25 120832 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-04 01:14 . 2009-06-04 01:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-02 03:26 . 2009-06-02 03:26 45056 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-06-02 03:26 . 2009-06-02 03:26 10134 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-06-02 03:26 . 2009-06-02 03:26 -------- d-----w- c:\windows\system32\vmm32
2009-05-28 21:17 . 2009-05-28 21:18 -------- d-----w- c:\windows\system32\ca-ES
2009-05-28 21:17 . 2009-05-28 21:18 -------- d-----w- c:\windows\system32\eu-ES
2009-05-28 21:17 . 2009-05-28 21:18 -------- d-----w- c:\windows\system32\vi-VN
2009-05-28 21:03 . 2009-05-28 21:03 -------- d-----w- c:\windows\system32\EventProviders
2009-05-28 21:01 . 2009-04-11 06:28 291328 ----a-w- c:\windows\system32\WscEapPr.dll
2009-05-28 21:00 . 2009-04-11 06:28 777216 ----a-w- c:\windows\system32\slcc.dll
2009-05-28 20:59 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 18:36 . 2008-08-16 14:58 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-06-17 18:31 . 2008-08-16 14:58 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-06-17 02:02 . 2008-08-14 23:06 -------- d-----w- c:\program files\Steam
2009-06-16 23:08 . 2008-08-14 23:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Xfire
2009-06-16 20:07 . 2008-08-09 09:02 -------- d-----w- c:\program files\Java
2009-06-16 17:50 . 2008-08-14 23:05 -------- d-----w- c:\programdata\Xfire
2009-06-16 17:50 . 2008-08-14 23:05 -------- d-----w- c:\program files\Xfire
2009-06-14 00:46 . 2008-08-14 23:06 -------- d-----w- c:\program files\Common Files\Steam
2009-06-11 03:37 . 2009-01-10 00:47 -------- d-----w- c:\program files\Football Superstars
2009-06-10 17:55 . 2007-12-19 22:50 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-06-07 20:53 . 2008-08-19 21:17 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 01:17 . 2008-09-26 20:11 -------- d-----w- c:\program files\DivX
2009-06-04 01:16 . 2008-08-09 09:23 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-02 03:26 . 2008-08-09 09:07 -------- d-----w- c:\program files\Dell
2009-05-30 18:03 . 2008-08-14 22:12 -------- d-----w- c:\program files\mIRC
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 21:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 21:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-11 23:34 . 2008-08-26 18:19 -------- d-----w- c:\users\Chris\AppData\Roaming\OpenOffice.org2
2009-05-11 23:29 . 2008-08-26 18:20 1 ----a-w- c:\users\Chris\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-09 06:14 . 2007-09-01 01:01 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2009-05-09 06:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-08 21:35 . 2008-12-16 00:38 -------- d-----w- c:\program files\PKR
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-23 13:44 . 2009-04-23 13:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 01:12 . 2008-08-16 02:26 -------- d-----w- c:\programdata\Media Center Programs
2009-04-23 01:11 . 2008-08-09 09:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-11 06:33 . 2009-05-28 21:01 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-28 21:01 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-28 21:01 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-28 21:01 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-28 21:01 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-28 21:01 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-28 21:01 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-28 21:00 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-28 21:00 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-28 21:00 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-28 21:02 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-28 21:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-28 21:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-28 21:00 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-28 21:00 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-28 21:00 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-28 21:00 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-28 21:00 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-28 21:00 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-28 21:00 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-28 21:00 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-28 21:00 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-28 21:00 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-28 21:00 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-28 21:01 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-28 21:01 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-28 21:00 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-28 21:00 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-28 21:00 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-28 21:01 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-05-28 21:00 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:43 . 2009-05-28 21:00 236544 ----a-w- c:\windows\system32\drivers\HdAudio.sys
2009-04-11 04:42 . 2009-05-28 21:01 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-28 21:00 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-28 21:00 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-28 21:01 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-28 21:00 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-28 21:00 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-28 21:00 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-28 21:00 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-28 21:02 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-28 21:00 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-28 21:00 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-28 21:00 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-28 21:00 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-05-28 21:00 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-05-28 21:00 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-05-28 21:01 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-28 21:00 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-28 21:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-28 21:00 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-28 21:00 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-28 21:01 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-28 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-28 21:01 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-28 21:01 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-28 21:01 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-28 21:01 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-28 21:01 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-28 21:01 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-28 21:00 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-28 21:00 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-09 09:21 . 2008-08-09 09:21 76 --sha-r- c:\windows\CT4CET.bin
2008-08-09 11:43 . 2008-08-09 11:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD8141"="del" [X]
"SpybotDeletingD8150"="del" [X]
"SpybotDeletingB9368"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648]
"SpybotDeletingB6280"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-23 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC1567"="del" [X]
"SpybotDeletingC5982"="del" [X]
"GrpConv"="grpconv -o" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"SpybotDeletingA9267"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648]
"SpybotDeletingA7024"="command.com" - c:\windows\System32\COMMAND.COM [2006-11-02 50648]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-11 3182928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::4a,6e,6a,10,db,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1718433626-2084869986-3254386905-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C00B0AAB-AFA0-4D29-9B1B-9996C2444298}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{75923754-22B4-4C3C-B1D3-DB4AD161AD5A}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{D59E4AD2-6E1F-47D6-BE3D-936CC9E3AE66}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{FAC3DD28-C179-46C8-955D-22C445364724}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E4D8715F-E7F4-4271-BFC0-998B022FC626}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{7ED17CBA-783D-4E82-A2A1-D7D6CD88495E}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{29CE4B6D-0C30-4FC0-A2FE-CE53D6104B92}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{C9DEA6A2-B08B-4AFF-BEC7-C6287EF4EC1F}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{0B471B6D-2F50-4D6F-9B21-31C93BFF0B44}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{10DD891B-6CD4-470A-A1A7-310E77F65822}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{500886E4-7DCE-44CA-B425-BDA25FF9D3B2}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{E3D442CA-AD53-487E-B4AF-32C2013BF5AC}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{BE47C76B-7200-4D14-B9CD-5A9477CB0C5D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{DE50950C-CE6A-406A-B33D-03413396022D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{1B8F3722-BE53-46D2-AA2B-6041EFF54E7C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{E0588DF5-4043-4816-AC4F-B3D33E4FB35B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{7D096155-57A9-4084-88C0-F6F226EF5094}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{677C69E2-2E7B-4976-88CF-139DAAC8353C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{FADFFA7E-17C0-427A-9F18-265ABA41CE12}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{CFD89548-E8A3-4AEF-B533-31C85229390E}"= UDP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals (DEMO)\LostEmpire.exe:Lost Empire - Immortals
"{B85F1DA3-FCBE-4778-A131-D2DCF8072EB6}"= TCP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals (DEMO)\LostEmpire.exe:Lost Empire - Immortals
"{C77AAD7B-1C3C-458C-8FC4-5A4ABE0517F7}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F1C121BE-4A65-43E2-8046-B2621A3DE3B8}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{22B236DB-A1FC-4DF3-A703-0A0F71482DED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16381690-C37D-4344-A8FB-B7A1F3255A73}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{814BCA53-E827-4666-8A3C-BFBA83451340}"= TCP:67:DHCP Discovery Service
"{B9DB430E-D737-4ED5-A99C-9F5B4DC11836}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{A8B7DF9E-CE7E-40AA-BB50-FEEDE351EFD9}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{911EF033-F3D6-44D4-8CBC-64E6EB751E6E}"= TCP:67:0.0.0.0:DHCP Discovery Service
"{3AAB5BEF-4ADF-44CC-A392-D300C4D24FFF}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{ACBB5B8D-A5B7-4F2F-9797-6A8DF7B0E2DD}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{B98545C9-7993-4AB2-8BE2-5664B8F698B7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{667B667E-AB1B-4B82-8E9A-5ADAF7F81655}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6A0D8FBB-0832-4F89-9B9B-F6D43FE2B6DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1558EC4A-9E97-4F4C-8495-CDD3D79DDD1C}"= UDP:c:\program files\Ubisoft\World in Conflict\wic.exe:World in Conflict
"{48C1936C-1C18-4550-B328-D405F6C28DF4}"= TCP:c:\program files\Ubisoft\World in Conflict\wic.exe:World in Conflict
"{FC81910F-B9B2-48D8-B0C1-64819C6FEB0B}"= UDP:c:\program files\Ubisoft\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{64EDEF39-4B6B-45B9-9940-BF718BED32EC}"= TCP:c:\program files\Ubisoft\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{75C09EDF-F8D5-4135-866F-6623C9B7293E}"= UDP:c:\program files\Ubisoft\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{46939CE3-41FF-4B08-95CD-B8DB4E9FC4BD}"= TCP:c:\program files\Ubisoft\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{466CC506-B8BA-43BB-8030-20029C4E9874}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{135354AD-0B42-4A15-B3BE-BCFE508EBD76}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9666B6B9-0F7D-4C39-B0FA-9F8F1CD1CAD8}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{3C1F3EC4-2EED-40C9-A3D9-DAB87F58BC0C}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/14/2009 1:03 PM 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [1/15/2009 10:15 AM 15360]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [8/9/2008 6:44 AM 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [8/9/2008 6:44 AM 203264]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 4:37 AM 1053944]
S2 rpcnetp;rpcnetp;c:\windows\System32\rpcnetp.exe [8/16/2008 9:58 AM 17408]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [8/9/2008 6:44 AM 548352]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [3/6/2009 7:30 AM 133632]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [3/8/2009 5:06 PM 280096]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [8/9/2008 6:44 AM 73728]
S4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:03]

2008-08-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-18 15:53]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7b1vyk6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www4.uwm.edu/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 13:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B183FBA-530F-B955-8E91-580EB60FA4C1}*]
"gafelklkdhfnce"=hex:63,61,65,61,61,6c,00,00

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,a2,bb,ab,f6,16,99,5b,6d,c1,aa,25,46,99,ce,bc,d2,84,2d,c6,4a,aa,c5,
ab,ca,5a,d9,51,92,14,9b,d2,a9,1f,8f,74,8c,29,21,16,59,21,21,75,1a,62,4a,4e,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,db,48,18,5f,a1,8e,41,58,71,28,f5,f7,38,2a,9a,a7,3d,d5,8d,78,
72,54,e0,50,02,84,42,f5,fe,23,0b,31,4e,ca,8f,44,f3,5b,b2,d7,5f,39,fc,e0,77,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-06-17 13:49
ComboFix-quarantined-files.txt 2009-06-17 18:49

Pre-Run: 116,517,629,952 bytes free
Post-Run: 116,684,386,304 bytes free

360 --- E O F --- 2009-06-15 18:02

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 17 June 2009 - 08:03 PM

Thanks :thumbup2:
I will review your logs and create a fix. Please be patient now. Your instructions will be forthcoming.
Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 17 June 2009 - 08:09 PM

Question's: Tell me how your computer is running? Any redirection? Troubles connecting to any sites? You use FF or IE?
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 AndroidSFV

AndroidSFV
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 17 June 2009 - 08:50 PM

I use FF mainly, sometimes IE, I had google links being redirected this weekend but I fixed that. Currently, the only symptoms I notice are those black command windows (3 of them) appearing for less than a second each on startup and I am getting a windows error saying something about the host process being bad, I'll edit this post when it appears again and I can tell you the exact error.

edit: the error reads "Host Process for Windows Services stopped working and was closed" "A problem caused the application to stop working correctly. Windows will notify you if a solution is available"

Edited by AndroidSFV, 17 June 2009 - 09:16 PM.


#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 18 June 2009 - 07:10 AM

Hello again & thanks for being patient,
Please note.....

==========

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

==========

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
==========

Please use you IE browser (not FF) and.......

Perform an online scan with Kaspersky WebScanner.
(Requires free Java Runtime Environment (JRE) be installed before scanning for malware as ActiveX is no longer being used.)
  • Click on the Posted Image ...button.
  • The program will launch and fill in the Information section ... on the left.
  • Read the "Requirements and Limitations" then press... the Posted Image ...button.
  • The program will begin downloading the latest program and definition files.
    It takes a while... please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image ...button, if you made any changes.
  • Now under the Scan section on the left:Select My Computer
  • The program will start and scan your system. This will run for a while, be patient... let it run.
    Once the scan is complete, it will display if your system has been infected.
  • Save the scan results as a Text file ... save it to your desktop.
  • Copy and paste the saved scan results file in your next reply.
Posted Image


==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Kaspersky log
* Gmer.log
* How's it running now?

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 AndroidSFV

AndroidSFV
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 18 June 2009 - 04:48 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 18, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 18, 2009 16:16:47
Records in database: 2361103
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 160491
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 06:03:23


File name / Threat name / Threats count
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1

The selected area was scanned.


------------------------------------------------

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-18 16:28:59
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 871CEF00
INT 0x72 ? 871CEF00
INT 0x72 ? 871CEF00
INT 0x72 ? 871CEF00
INT 0x82 ? 871CEF00
INT 0x82 ? 871CEF00
INT 0x82 ? 871CEF00
INT 0x82 ? 871CEF00
INT 0xA2 ? 8591EBF8
INT 0xA2 ? 8591EBF8

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8F3114FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8F311498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8F3114AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8F31153C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8F31157F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8F311470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8F311484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8F311512]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8F3115A7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8F311593]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8F3114EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8F3114D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8F31156B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8F311552]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8F311528]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8F3114C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8223D982 5 Bytes JMP 8F31152C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 823D15B5 5 Bytes JMP 8F311583 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateUserProcess 823DBB82 5 Bytes JMP 8F3114C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 82402D5D 5 Bytes JMP 8F31156F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 82422446 7 Bytes JMP 8F311540 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82422709 5 Bytes JMP 8F311556 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 82426474 5 Bytes JMP 8F3114DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 8242BE7D 7 Bytes JMP 8F311516 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 8242E09A 5 Bytes JMP 8F311488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 82432B48 5 Bytes JMP 8F311474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 82453D59 5 Bytes JMP 8F311502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 824647B2 5 Bytes JMP 8F311597 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 824659B6 5 Bytes JMP 8F3115AB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 824A374B 5 Bytes JMP 8F31149C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 824A3796 7 Bytes JMP 8F3114B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 824A4253 5 Bytes JMP 8F3114EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? System32\Drivers\spvj.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E3B541B 5 Bytes JMP 871CE4E0
.text afqwey2d.SYS 8EA09000 22 Bytes [82, 23, 5D, 82, 6C, 22, 5D, ...]
.text afqwey2d.SYS 8EA09017 45 Bytes [00, 32, 07, 7A, 80, 3D, 05, ...]
.text afqwey2d.SYS 8EA09045 135 Bytes [8A, 2B, 82, FD, 09, 25, 82, ...]
.text afqwey2d.SYS 8EA090CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text afqwey2d.SYS 8EA090DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 0007008A
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 0007006F
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00070F15
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 000700AC
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00070F55
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00070FC3
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00070FA8
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00070F3A
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00070F66
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00070F8D
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 0007002F
.text C:\Windows\system32\services.exe[700] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 0007000A
.text C:\Windows\system32\services.exe[700] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 0007004A
.text C:\Windows\system32\services.exe[700] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 000700C7
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00070FD4
.text C:\Windows\system32\services.exe[700] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00070FE5
.text C:\Windows\system32\services.exe[700] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 0007009B
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00090040
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 0009001E
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00090FEF
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 0009002F
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00090F8D
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00090FC3
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00090FDE
.text C:\Windows\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00090FB2
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 001D003D
.text C:\Windows\system32\services.exe[700] msvcrt.dll!system 7674804B 5 Bytes JMP 001D002C
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 001D0FBC
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_open 7674D106 5 Bytes JMP 001D0000
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 001D0011
.text C:\Windows\system32\services.exe[700] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 001D0FD7
.text C:\Windows\system32\services.exe[700] WS2_32.dll!socket 762836D1 5 Bytes JMP 001C0000
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 000800B6
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 000800A5
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00080F4B
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 000800E2
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00080F8B
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00080FD4
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 0008002F
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00080F7A
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00080065
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00080FB9
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00080FA8
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00080040
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00080080
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00080F30
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00080FE5
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00080000
.text C:\Windows\system32\lsass.exe[712] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 000800C7
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00090FE5
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00090062
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00090000
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 0009007D
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00090FCA
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 0009002C
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 0009001B
.text C:\Windows\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00090051
.text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00270FB4
.text C:\Windows\system32\lsass.exe[712] msvcrt.dll!system 7674804B 5 Bytes JMP 0027003F
.text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0027001D
.text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_open 7674D106 5 Bytes JMP 00270FEF
.text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 0027002E
.text C:\Windows\system32\lsass.exe[712] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 0027000C
.text C:\Windows\system32\lsass.exe[712] WS2_32.dll!socket 762836D1 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 000D0F24
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 000D0F35
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 000D0085
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 000D0EF8
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 000D0F57
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 000D0FCA
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 000D001B
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 000D0F46
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 000D0F68
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 000D0F94
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 000D0F79
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 000D0FAF
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 000D0056
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 000D0096
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 000D000A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 000D0FEF
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 000D0F09
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00180FBE
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!system 7674804B 5 Bytes JMP 0018003F
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0018001D
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_open 7674D106 5 Bytes JMP 00180000
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 0018002E
.text C:\Windows\system32\svchost.exe[852] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00180FE3
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 000E0F9E
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 000E0FC0
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 000E0FAF
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 000E0F8D
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 000E002C
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 000E001B
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 000E0FD1
.text C:\Windows\system32\svchost.exe[852] WS2_32.dll!socket 762836D1 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 0057008F
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00570F49
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 005700AA
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00570F13
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00570F7C
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00570014
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00570FC3
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00570F5A
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00570F97
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00570039
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 0057004A
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00570FB2
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00570F6B
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetProcAddress 75CB903B 3 Bytes JMP 005700C5
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!GetProcAddress + 4 75CB903F 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileW 75CBAECB 3 Bytes JMP 00570FD4
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileW + 4 75CBAECF 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileA 75CBCE5F 3 Bytes JMP 00570FEF
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateFileA + 4 75CBCE63 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00570F2E
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 008D0F95
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!system 7674804B 5 Bytes JMP 008D0020
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 008D0FB7
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_open 7674D106 5 Bytes JMP 008D0FEF
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 008D0FA6
.text C:\Windows\system32\svchost.exe[944] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 008D0FD2
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00580F86
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00580FA1
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00580FEF
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00580028
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00580F75
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00580FC3
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00580FDE
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00580FB2
.text C:\Windows\system32\svchost.exe[944] WS2_32.dll!socket 762836D1 5 Bytes JMP 006A0000
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 001A008B
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 001A007A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 001A009C
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 001A0F05
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 001A0F6A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 001A0FB9
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 001A0000
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 001A0F4F
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 001A0044
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 001A0022
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 001A0033
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 001A0011
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 001A005F
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 001A00B7
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 001A0FCA
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 001A0FE5
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 001A0F2A
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 0066003D
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!system 7674804B 5 Bytes JMP 00660FB2
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0066001B
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_open 7674D106 5 Bytes JMP 00660000
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 0066002C
.text C:\Windows\System32\svchost.exe[1024] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00660FD7
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 001B0F86
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 001B0FB2
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 001B0FEF
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 001B0FA1
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 001B0F75
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 001B0FD4
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 001B000A
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 001B0FC3
.text C:\Windows\System32\svchost.exe[1024] WS2_32.dll!socket 762836D1 5 Bytes JMP 001C0000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00160F5E
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 001600AE
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00160F21
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00160F3C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 0016008C
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00160FD4
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00160025
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00160F8D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00160FA8
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00160FB9
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00160065
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00160040
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 0016009D
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 001600D3
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00160FEF
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00160000
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00160F4D
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00A20070
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!system 7674804B 5 Bytes JMP 00A2005F
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00A20029
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_open 7674D106 5 Bytes JMP 00A2000C
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00A2003A
.text C:\Windows\System32\svchost.exe[1096] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00A20FEF
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 0017005B
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00170FCA
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00170FB9
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00170076
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00170025
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00170FEF
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00170036
.text C:\Windows\System32\svchost.exe[1096] WS2_32.dll!socket 762836D1 5 Bytes JMP 00A10000
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00AE009B
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00AE0F55
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00AE00E2
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00AE00D1
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00AE0065
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00AE0FCD
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00AE0FB2
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00AE0080
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00AE0054
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00AE0FA1
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00AE0043
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00AE0028
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00AE0F70
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00AE0107
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00AE0FDE
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00AE0FEF
.text C:\Windows\System32\svchost.exe[1132] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00AE00AC
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00FE0FCA
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!system 7674804B 5 Bytes JMP 00FE0055
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00FE003A
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_open 7674D106 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00FE0FE5
.text C:\Windows\System32\svchost.exe[1132] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00FE0029
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00AF0039
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00AF0FBC
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00AF0FEF
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00AF0F97
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00AF0054
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00AF0FDE
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00AF0014
.text C:\Windows\System32\svchost.exe[1132] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00AF0FCD
.text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!socket 762836D1 3 Bytes JMP 00B40FEF
.text C:\Windows\System32\svchost.exe[1132] WS2_32.dll!socket + 4 762836D5 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 012F0F1F
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 012F0065
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 012F0EE9
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 012F0F04
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 012F0F4E
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 012F0FDE
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 012F0FC3
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 012F004A
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 012F0F6B
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 012F0F97
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 012F0F7C
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 012F0FB2
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 012F0039
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 012F00A5
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 012F0014
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 012F0FEF
.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 012F0080
.text C:\Windows\system32\svchost.exe[1164] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 01360075
.text C:\Windows\system32\svchost.exe[1164] msvcrt.dll!system 7674804B 5 Bytes JMP 0136005A
.text C:\Windows\system32\svchost.exe[1164] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0136002E
.text C:\Windows\system32\svchost.exe[1164] msvcrt.dll!_open 7674D106 5 Bytes JMP 0136000C
.text C:\Windows\system32\svchost.exe[1164] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 0136003F
.text C:\Windows\system32\svchost.exe[1164] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 0136001D
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 01300040
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 0130002F
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 01300FEF
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 01300FA8
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 0130005B
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 0130000A
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 01300FD4
.text C:\Windows\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 01300FB9
.text C:\Windows\system32\svchost.exe[1164] WS2_32.dll!socket 762836D1 5 Bytes JMP 01350000
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00B30093
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00B30082
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00B300C6
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00B300B5
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00B30F79
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00B30011
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00B3002C
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00B30F57
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00B30F8A
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00B3003D
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00B30F9B
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00B30FC0
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00B30F68
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00B300E1
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00B30000
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00B30FE5
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00B300A4
.text C:\Windows\system32\svchost.exe[1364] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00B70051
.text C:\Windows\system32\svchost.exe[1364] msvcrt.dll!system 7674804B 5 Bytes JMP 00B7002C
.text C:\Windows\system32\svchost.exe[1364] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00B70000
.text C:\Windows\system32\svchost.exe[1364] msvcrt.dll!_open 7674D106 5 Bytes JMP 00B70FE3
.text C:\Windows\system32\svchost.exe[1364] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00B7001B
.text C:\Windows\system32\svchost.exe[1364] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00B70FD2
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00B40F97
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00B40FBC
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00B40FEF
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00B40039
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00B40F86
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00B40014
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00B40FDE
.text C:\Windows\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00B40FCD
.text C:\Windows\system32\svchost.exe[1364] WS2_32.dll!socket 762836D1 5 Bytes JMP 00B6000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1420] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 054BAC6B C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1420] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 054BAB6B C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 000900C4
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 000900B3
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00090F52
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00090F63
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00090087
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00090025
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00090040
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00090098
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00090FB9
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00090FCA
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00090051
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00090F92
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 000900FA
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 0009000A
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00090FE5
.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 000900D5
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00EF0FBC
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!system 7674804B 5 Bytes JMP 00EF0FCD
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00EF0FDE
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_open 7674D106 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00EF0033
.text C:\Windows\system32\svchost.exe[1436] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00A10F7C
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00A10FA8
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00A10FEF
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00A10F97
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00A10F61
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00A10FD4
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00A1000A
.text C:\Windows\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00A10FB9
.text C:\Windows\system32\svchost.exe[1436] WS2_32.dll!socket 762836D1 5 Bytes JMP 00EE0000
.text C:\Windows\system32\svchost.exe[1436] WinInet.dll!InternetOpenA 75E9D6C0 5 Bytes JMP 00AE0FEF
.text C:\Windows\system32\svchost.exe[1436] WinInet.dll!InternetOpenW 75E9DB39 5 Bytes JMP 00AE0FDE
.text C:\Windows\system32\svchost.exe[1436] WinInet.dll!InternetOpenUrlA 75E9F3D4 5 Bytes JMP 00AE0FCD
.text C:\Windows\system32\svchost.exe[1436] WinInet.dll!InternetOpenUrlW 75EE6DD7 5 Bytes JMP 00AE0FB2
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00FA0086
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00FA0F40
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00FA00AB
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00FA0F0A
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00FA006B
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00FA001B
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00FA002C
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00FA0F51
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00FA004E
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00FA0FB6
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00FA0F9B
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00FA003D
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00FA0F6C
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00FA0EF9
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00FA000A
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00FA0FEF
.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00FA0F1B
.text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 01210F77
.text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!system 7674804B 5 Bytes JMP 01210F92
.text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0121000C
.text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_open 7674D106 5 Bytes JMP 01210FEF
.text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 01210FAD
.text C:\Windows\system32\svchost.exe[1656] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 01210FD2
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00FB0F9B
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00FB0036
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00FB0000
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00FB0047
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00FB0058
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00FB001B
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00FB0FE5
.text C:\Windows\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00FB0FCA
.text C:\Windows\system32\svchost.exe[1656] WS2_32.dll!socket 762836D1 5 Bytes JMP 01200000
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 021900BF
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 021900A4
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 021900EE
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 02190F4D
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 02190067
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 02190FD4
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 02190FC3
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 02190093
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 0219004A
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 02190F9E
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 02190F8D
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 0219002F
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 02190078
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 02190F3C
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 0219000A
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 02190FEF
.text C:\Windows\system32\svchost.exe[1788] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 02190F5E
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 02240042
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!system 7674804B 5 Bytes JMP 02240031
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 02240FC1
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_open 7674D106 5 Bytes JMP 02240FEF
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 02240016
.text C:\Windows\system32\svchost.exe[1788] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 02240FDE
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 021A0FB9
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 021A0040
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 021A0FEF
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 021A0051
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 021A0FA8
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 021A0025
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 021A0000
.text C:\Windows\system32\svchost.exe[1788] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 021A0FCA
.text C:\Windows\system32\svchost.exe[1788] WS2_32.dll!socket 762836D1 5 Bytes JMP 021F0FEF
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00AB00B1
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00AB0F61
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00AB0F2B
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00AB00C2
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00AB0F97
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00AB0FDE
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00AB0FCD
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreatePipe 75C98E6E 1 Byte [E9]
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00AB0F72
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00AB0FA8
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00AB004A
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00AB005B
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00AB0039
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00AB008C
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00AB00DD
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00AB000A
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00AB0FEF
.text C:\Windows\Explorer.EXE[2432] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00AB0F46
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 027D006C
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 027D0051
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 027D0000
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 027D0FCA
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 027D0FA5
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 027D0FE5
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 027D001B
.text C:\Windows\Explorer.EXE[2432] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 027D0036
.text C:\Windows\Explorer.EXE[2432] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 0306003D
.text C:\Windows\Explorer.EXE[2432] msvcrt.dll!system 7674804B 5 Bytes JMP 03060FB2
.text C:\Windows\Explorer.EXE[2432] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 03060FD7
.text C:\Windows\Explorer.EXE[2432] msvcrt.dll!_open 7674D106 5 Bytes JMP 03060000
.text C:\Windows\Explorer.EXE[2432] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 03060022
.text C:\Windows\Explorer.EXE[2432] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 03060011
.text C:\Windows\Explorer.EXE[2432] WS2_32.dll!socket 762836D1 5 Bytes JMP 03050FEF
.text C:\Windows\Explorer.EXE[2432] WININET.dll!InternetOpenA 75E9D6C0 5 Bytes JMP 03040FE5
.text C:\Windows\Explorer.EXE[2432] WININET.dll!InternetOpenW 75E9DB39 5 Bytes JMP 03040000
.text C:\Windows\Explorer.EXE[2432] WININET.dll!InternetOpenUrlA 75E9F3D4 5 Bytes JMP 0304001B
.text C:\Windows\Explorer.EXE[2432] WININET.dll!InternetOpenUrlW 75EE6DD7 5 Bytes JMP 03040FCA
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00140F3F
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00140F5A
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 001400D6
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 001400BB
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 0014007B
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00140FC3
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 0014001E
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00140F6B
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 0014005E
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00140FA1
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00140043
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00140FB2
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00140F86
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00140F24
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00140FD4
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00140FE5
.text C:\Windows\system32\svchost.exe[2764] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 001400AA
.text C:\Windows\system32\svchost.exe[2764] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00280F9E
.text C:\Windows\system32\svchost.exe[2764] msvcrt.dll!system 7674804B 5 Bytes JMP 00280FC3
.text C:\Windows\system32\svchost.exe[2764] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00280029
.text C:\Windows\system32\svchost.exe[2764] msvcrt.dll!_open 7674D106 5 Bytes JMP 0028000C
.text C:\Windows\system32\svchost.exe[2764] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00280FD4
.text C:\Windows\system32\svchost.exe[2764] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00280FEF
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00160F97
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00160FC3
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00160000
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00160FA8
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 0016005E
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00160FE5
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00160011
.text C:\Windows\system32\svchost.exe[2764] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00160FD4
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2900] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2900] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 001200BD
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00120F77
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 001200FD
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 001200EC
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00120FA3
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00120FDE
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 0012002F
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 001200AC
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 0012007D
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 0012005B
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 0012006C
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00120040
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00120F92
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00120F4B
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00120FEF
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00120000
.text C:\Windows\System32\svchost.exe[3156] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00120F66
.text C:\Windows\System32\svchost.exe[3156] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 0015005A
.text C:\Windows\System32\svchost.exe[3156] msvcrt.dll!system 7674804B 5 Bytes JMP 00150FCF
.text C:\Windows\System32\svchost.exe[3156] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0015002E
.text C:\Windows\System32\svchost.exe[3156] msvcrt.dll!_open 7674D106 5 Bytes JMP 00150000
.text C:\Windows\System32\svchost.exe[3156] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 0015003F
.text C:\Windows\System32\svchost.exe[3156] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 0015001D
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00130F79
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00130F8A
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00130FEF
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00130011
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00130F68
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00130FC0
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00130000
.text C:\Windows\System32\svchost.exe[3156] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00130FAF
.text C:\Windows\System32\svchost.exe[3156] WS2_32.dll!socket 762836D1 5 Bytes JMP 00140FEF
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00120F32
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00120082
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00120F06
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 0012009D
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00120042
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00120FCA
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00120FA5
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00120067
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00120025
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00120F79
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00120F68
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00120F94
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00120F57
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00120EEB
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00120000
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00120FE5
.text C:\Windows\System32\svchost.exe[3304] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00120F21
.text C:\Windows\System32\svchost.exe[3304] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00190FCD
.text C:\Windows\System32\svchost.exe[3304] msvcrt.dll!system 7674804B 5 Bytes JMP 00190058
.text C:\Windows\System32\svchost.exe[3304] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00190022
.text C:\Windows\System32\svchost.exe[3304] msvcrt.dll!_open 7674D106 5 Bytes JMP 00190000
.text C:\Windows\System32\svchost.exe[3304] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 0019003D
.text C:\Windows\System32\svchost.exe[3304] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00190011
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00170051
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00170025
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00170FE5
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00170036
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00170062
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 0017000A
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00170FD4
.text C:\Windows\System32\svchost.exe[3304] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00170FB9
.text C:\Windows\System32\svchost.exe[3304] WS2_32.dll!socket 762836D1 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 001F00C6
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 001F00B5
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 001F00FC
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 001F0F65
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 001F0090
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 001F002C
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 001F0F80
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 001F0073
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 001F0062
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 001F0FC0
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 001F003D
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 001F0F9B
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 001F0121
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[3328] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 001F00E1
.text C:\Windows\system32\svchost.exe[3328] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 008C0F9C
.text C:\Windows\system32\svchost.exe[3328] msvcrt.dll!system 7674804B 5 Bytes JMP 008C0027
.text C:\Windows\system32\svchost.exe[3328] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 008C0FB7
.text C:\Windows\system32\svchost.exe[3328] msvcrt.dll!_open 7674D106 5 Bytes JMP 008C0FE3
.text C:\Windows\system32\svchost.exe[3328] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 008C000C
.text C:\Windows\system32\svchost.exe[3328] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 008C0FD2
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 00200065
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00200FD4
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00200FC3
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00200FB2
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 0020002F
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 00200014
.text C:\Windows\system32\svchost.exe[3328] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00200040
.text C:\Windows\system32\svchost.exe[3328] WS2_32.dll!socket 762836D1 5 Bytes JMP 008B0000
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 002600B6
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00260F66
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 002600D1
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 00260F3A
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00260FAD
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 0026001B
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 0026002C
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00260F77
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00260087
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 00260051
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00260076
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 00260FCA
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 00260F88
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 00260F1F
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00260FE5
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[3500] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00260F55
.text C:\Windows\system32\svchost.exe[3500] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00940058
.text C:\Windows\system32\svchost.exe[3500] msvcrt.dll!system 7674804B 5 Bytes JMP 0094003D
.text C:\Windows\system32\svchost.exe[3500] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 00940022
.text C:\Windows\system32\svchost.exe[3500] msvcrt.dll!_open 7674D106 5 Bytes JMP 00940000
.text C:\Windows\system32\svchost.exe[3500] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00940FCD
.text C:\Windows\system32\svchost.exe[3500] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00940011
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 002B0F9E
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 002B0036
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 002B0FB9
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 002B0F8D
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 002B0FDB
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 002B0011
.text C:\Windows\system32\svchost.exe[3500] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 002B0FCA
.text C:\Windows\system32\svchost.exe[3500] WS2_32.dll!socket 762836D1 5 Bytes JMP 00930FEF
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!GetStartupInfoW 75C71929 5 Bytes JMP 00050F63
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!GetStartupInfoA 75C719C9 5 Bytes JMP 00050F7E
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreateProcessW 75C71BF3 5 Bytes JMP 00050F2D
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 000500C4
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!VirtualProtect 75C71DC3 5 Bytes JMP 00050FBE
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreateNamedPipeA 75C72EF5 5 Bytes JMP 00050036
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreateNamedPipeW 75C75C0C 5 Bytes JMP 00050051
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreatePipe 75C98E6E 5 Bytes JMP 00050F8F
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!LoadLibraryExW 75C99109 5 Bytes JMP 00050098
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!LoadLibraryW 75C99362 5 Bytes JMP 0005007D
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!LoadLibraryExA 75C994B4 5 Bytes JMP 00050FDB
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!LoadLibraryA 75C994DC 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!VirtualProtectEx 75C9DBDA 5 Bytes JMP 000500A9
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!GetProcAddress 75CB903B 5 Bytes JMP 000500E9
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreateFileW 75CBAECB 5 Bytes JMP 00050011
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!CreateFileA 75CBCE5F 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3584] kernel32.dll!WinExec 75D05CF7 5 Bytes JMP 00050F52
.text C:\Windows\System32\svchost.exe[3584] msvcrt.dll!_wsystem 76747F2F 5 Bytes JMP 00070042
.text C:\Windows\System32\svchost.exe[3584] msvcrt.dll!system 7674804B 5 Bytes JMP 00070FB7
.text C:\Windows\System32\svchost.exe[3584] msvcrt.dll!_creat 7674BBE1 5 Bytes JMP 0007001D
.text C:\Windows\System32\svchost.exe[3584] msvcrt.dll!_open 7674D106 5 Bytes JMP 00070FE3
.text C:\Windows\System32\svchost.exe[3584] msvcrt.dll!_wcreat 7674D326 5 Bytes JMP 00070FC8
.text C:\Windows\System32\svchost.exe[3584] msvcrt.dll!_wopen 7674D501 5 Bytes JMP 00070000
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegCreateKeyExA 75DC39AB 5 Bytes JMP 0006005B
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegCreateKeyA 75DC3BA9 5 Bytes JMP 00060FCA
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegOpenKeyA 75DC89C7 5 Bytes JMP 00060FEF
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegCreateKeyW 75DD391E 5 Bytes JMP 00060FB9
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegCreateKeyExW 75DD41F1 5 Bytes JMP 00060F9E
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegOpenKeyExA 75DD7C42 5 Bytes JMP 00060025
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegOpenKeyW 75DDE2B5 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[3584] ADVAPI32.dll!RegOpenKeyExW 75DE7BA1 5 Bytes JMP 00060036
.text C:\Program Files\Xfire\xfire.exe[4056] kernel32.dll!CreateProcessA 75C71C28 5 Bytes JMP 043D26DA C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] kernel32.dll!CreateThread 75CBC90E 5 Bytes JMP 043D207E C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] GDI32.dll!BitBlt 75D570A6 5 Bytes JMP 043D1AF6 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!CreateDialogParamW 760872A2 5 Bytes JMP 043D21C9 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!WindowFromPoint 7608884F 5 Bytes JMP 043D1EAA C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!InvalidateRgn 76088F3B 5 Bytes JMP 043D1CDC C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!SetForegroundWindow 7608B8A6 5 Bytes JMP 043D2317 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!RegisterClassA 7608DF42 5 Bytes JMP 043D1FE6 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!CreateWindowExW 76091305 5 Bytes JMP 043D23AF C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!SetWindowPos 760935E3 5 Bytes JMP 043D226D C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!SetFocus 76093684 5 Bytes JMP 043D1BA6 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!IsWindowVisible 7609878A 7 Bytes JMP 043D2468 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!InvalidateRect 76099062 5 Bytes JMP 043D1C3E C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!GetDC 76099C31 5 Bytes JMP 043D19C7 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!ReleaseDC 76099CED 5 Bytes JMP 043D1A5B C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!BeginPaint 7609A2A3 5 Bytes JMP 043D1933 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!RedrawWindow 7609A2E5 5 Bytes JMP 043D1F45 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!GetCursorPos 760A0B88 5 Bytes JMP 043D1E12 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!TrackPopupMenu 760A14F3 5 Bytes JMP 043D2630 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!DialogBoxParamW 760B10B0 5 Bytes JMP 043D2125 C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\xfire.exe[4056] USER32.dll!SetCapture 760B30AF 5 Bytes JMP 043D1D7A C:\Program Files\Xfire\xfire_toucan_37590.dll (Xfire Toucan DLL/Xfire Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A7048] \SystemRoot\System32\Drivers\spvj.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74117817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7416A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7411BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7410F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7410E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74148395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7411DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7410FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7410FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7419CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7413C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7410D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74106853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7410687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2432] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74112AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8591F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\fastfat \FatCdrom 88D90500
Device \Driver\netbt \Device\NetBT_Tcpip_{1EAD1735-E5A0-4702-9DE4-550B831627EF} 882831F8
Device \Driver\volmgr \Device\VolMgrControl 84B8D1F8
Device \Driver\usbuhci \Device\USBPDO-0 87189500
Device \Driver\usbuhci \Device\USBPDO-1 87189500
Device \Driver\usbehci \Device\USBPDO-2 872551F8
Device \Driver\PCI_PNP3380 \Device\00000053 spvj.sys
Device \Driver\usbuhci \Device\USBPDO-3 87189500
Device \Driver\usbuhci \Device\USBPDO-4 87189500

AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 87189500
Device \Driver\usbehci \Device\USBPDO-6 872551F8
Device \Driver\volmgr \Device\HarddiskVolume1 84B8D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84B8D1F8
Device \Driver\cdrom \Device\CdRom0 871931F8
Device \Driver\volmgr \Device\HarddiskVolume3 84B8D1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 882831F8
Device \Driver\Smb \Device\NetbiosSmb 878451F8
Device \Driver\iScsiPrt \Device\RaidPort0 872331F8

AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 87189500
Device \Driver\usbuhci \Device\USBFDO-1 87189500
Device \Driver\usbehci \Device\USBFDO-2 872551F8
Device \Driver\usbuhci \Device\USBFDO-3 87189500
Device \Driver\usbuhci \Device\USBFDO-4 87189500
Device \Driver\netbt \Device\NetBT_Tcpip_{5B453BCA-378C-4B22-AAEC-2E0A8418D65B} 882831F8
Device \Driver\usbuhci \Device\USBFDO-5 87189500
Device \Driver\usbehci \Device\USBFDO-6 872551F8
Device \Driver\sptd \Device\2945155402 spvj.sys
Device \Driver\afqwey2d \Device\Scsi\afqwey2d1 8720C1F8
Device \FileSystem\fastfat \Fat 88D90500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\cdfs \Cdfs 88E8B1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0x46 0xF8 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x69 0x90 0x1A 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4F 0x1C 0xE3 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x72 0xDB 0x69 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x8E 0x46 0xF8 0x91 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x69 0x90 0x1A 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4F 0x1C 0xE3 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x72 0xDB 0x69 0x1A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B183FBA-530F-B955-8E91-580EB60FA4C1}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B183FBA-530F-B955-8E91-580EB60FA4C1}@gafelklkdhfnce 0x63 0x61 0x65 0x61 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.15 ----

I am not getting the host process error in any sense of the word frequent, but I still noticed one or 2 of the black command windows I reported earlier. Another symptom I noticed on my first startup of the day happened when i logged onto the profile, the screen was completely black with the exception of seeing spybot running a scan. On the second reboot, seeing if this was persistent, I had normal operation, with the above stated symptom.

I also want to apologize for the delay in getting back to you, kaspersky was not too happy (efficiency) in scanning some of my larger folders (containing movies).

In regard to the reformatting question you posed to me, if you believe there is a reasonable expectation that we can fix the major problems caused by this (closing the backdoor, removing the malware on the computer) I would like to avoid reformatting. My reasoning is that I am uncertain how to install all of the old drivers back. But for me to make an informed decision, what kind of "not-commonly-thought-of-files" would you say be important to back up? Additional reading material would be appriciated.

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 19 June 2009 - 09:01 AM

Hello again.
Please do this......

:thumbup2: Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1718433626-2084869986-3254386905-1000]"EnableNotificationsRef"=dword:00000000

RegNull::
[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2B183FBA-530F-B955-8E91-580EB60FA4C1}*]
"gafelklkdhfnce"=hex:63,61,65,61,61,6c,00,00


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

You may have corrupt critical system files. Let's see if we can fix that.

* Click Start > Run and type sfc /scannow and the click OK.
- Note the space between the c and the /
* You may need your Windows XP CD so have it ready.
- If you have Service Pack 2 (SP2) or SP3 installed, you will need the SP2 or SP3 version of the version of the CD. This can be done with a borrowed CD, if you don't have one.
* Allow the scan to run and when completed, reboot the system.

==========

With your next post please provide:

* Combofix.txt
* Did System Flie Check find anything?
* How is it running?

Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 AndroidSFV

AndroidSFV
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 19 June 2009 - 02:06 PM

ComboFix 09-06-16.01 - Chris 06/19/2009 13:28.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1972 [GMT -5:00]
Running from: c:\users\Chris\Desktop\Combofix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 18:30 . 2009-06-19 18:34 -------- d-----w- c:\users\Chris\AppData\Local\temp
2009-06-17 23:59 . 2009-06-18 00:00 -------- d-----w- C:\rsit
2009-06-17 21:54 . 2009-06-19 18:33 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-06-17 18:43 . 2009-06-17 18:49 -------- d-s---w- C:\Combo-Fix
2009-06-17 16:43 . 2009-06-17 16:43 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 16:43 . 2009-06-17 16:43 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-06-17 16:43 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:42 . 2009-06-17 16:42 -------- d-----w- c:\programdata\Malwarebytes
2009-06-17 16:42 . 2009-06-17 16:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 16:42 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 19:58 . 2009-06-16 19:58 -------- d-----w- c:\users\Chris\DoctorWeb
2009-06-14 18:15 . 2009-06-14 18:03 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-14 18:02 . 2009-06-14 18:02 -------- dc-h--w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 18:02 . 2009-03-12 08:17 2902048 -c--a-w- c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-14 18:02 . 2009-06-14 18:03 -------- d-----w- c:\programdata\Lavasoft
2009-06-14 18:02 . 2009-06-14 18:02 -------- d-----w- c:\program files\Lavasoft
2009-06-14 17:57 . 2009-06-14 19:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-14 17:57 . 2009-06-14 18:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-14 05:09 . 2009-06-14 05:09 -------- d-----w- c:\program files\Trend Micro
2009-06-14 03:42 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-14 03:42 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-11 18:37 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 18:37 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 18:37 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 04:49 . 2009-06-11 04:49 -------- d-----w- c:\program files\USArmy
2009-06-11 03:35 . 2009-06-14 22:29 -------- d-----w- c:\users\Chris\AppData\Local\AA3DeployClient
2009-06-11 03:35 . 2009-06-11 17:25 -------- d-----w- c:\programdata\AA3DeployClient
2009-06-09 23:04 . 2009-06-09 23:34 -------- d-----w- c:\programdata\Spring
2009-06-09 23:04 . 2009-06-09 23:04 -------- d-----w- c:\users\Chris\AppData\Roaming\springlobby
2009-06-09 21:16 . 2009-06-09 21:16 -------- d-----w- c:\programdata\Isotx
2009-06-07 20:53 . 2009-06-07 20:53 -------- d-----w- c:\program files\iPod
2009-06-07 20:53 . 2009-06-07 20:53 -------- d-----w- c:\program files\iTunes
2009-06-07 20:51 . 2009-06-07 20:51 -------- d-----w- c:\program files\QuickTime
2009-06-07 20:45 . 2009-06-07 20:45 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-04 17:24 . 2008-12-04 06:25 120832 ----a-w- c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-04 01:14 . 2009-06-04 01:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-02 03:26 . 2009-06-02 03:26 45056 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2009-06-02 03:26 . 2009-06-02 03:26 10134 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2009-06-02 03:26 . 2009-06-02 03:26 -------- d-----w- c:\windows\system32\vmm32
2009-05-28 21:17 . 2009-05-28 21:18 -------- d-----w- c:\windows\system32\ca-ES
2009-05-28 21:17 . 2009-05-28 21:18 -------- d-----w- c:\windows\system32\eu-ES
2009-05-28 21:17 . 2009-05-28 21:18 -------- d-----w- c:\windows\system32\vi-VN
2009-05-28 21:03 . 2009-05-28 21:03 -------- d-----w- c:\windows\system32\EventProviders
2009-05-28 21:01 . 2009-04-11 06:28 291328 ----a-w- c:\windows\system32\WscEapPr.dll
2009-05-28 21:00 . 2009-04-11 06:28 777216 ----a-w- c:\windows\system32\slcc.dll
2009-05-28 20:59 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 18:33 . 2008-08-16 14:58 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-06-19 18:31 . 2008-08-16 14:58 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-06-18 21:48 . 2008-08-14 23:05 -------- d-----w- c:\users\Chris\AppData\Roaming\Xfire
2009-06-18 14:48 . 2008-08-14 23:05 -------- d-----w- c:\programdata\Xfire
2009-06-18 14:43 . 2008-08-09 09:02 -------- d-----w- c:\program files\Java
2009-06-17 02:02 . 2008-08-14 23:06 -------- d-----w- c:\program files\Steam
2009-06-16 17:50 . 2008-08-14 23:05 -------- d-----w- c:\program files\Xfire
2009-06-14 00:46 . 2008-08-14 23:06 -------- d-----w- c:\program files\Common Files\Steam
2009-06-11 03:37 . 2009-01-10 00:47 -------- d-----w- c:\program files\Football Superstars
2009-06-10 17:55 . 2007-12-19 22:50 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-06-07 20:53 . 2008-08-19 21:17 -------- d-----w- c:\program files\Common Files\Apple
2009-06-04 01:17 . 2008-09-26 20:11 -------- d-----w- c:\program files\DivX
2009-06-04 01:16 . 2008-08-09 09:23 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-06-02 03:26 . 2008-08-09 09:07 -------- d-----w- c:\program files\Dell
2009-05-30 18:03 . 2008-08-14 22:12 -------- d-----w- c:\program files\mIRC
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-05-28 21:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-05-28 21:18 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-05-28 21:17 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-21 16:33 . 2009-04-23 13:45 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 23:34 . 2008-08-26 18:19 -------- d-----w- c:\users\Chris\AppData\Roaming\OpenOffice.org2
2009-05-11 23:29 . 2008-08-26 18:20 1 ----a-w- c:\users\Chris\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-09 06:14 . 2007-09-01 01:01 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 06:14 . 2009-05-09 06:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-08 21:35 . 2008-12-16 00:38 -------- d-----w- c:\program files\PKR
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-23 01:12 . 2008-08-16 02:26 -------- d-----w- c:\programdata\Media Center Programs
2009-04-23 01:11 . 2008-08-09 09:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-11 06:33 . 2009-05-28 21:01 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-28 21:01 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-28 21:01 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-28 21:01 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-28 21:01 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-28 21:01 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-28 21:01 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-28 21:00 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-28 21:00 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-28 21:00 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-28 21:02 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-28 21:02 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-28 21:00 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-28 21:00 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-28 21:00 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-28 21:00 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-28 21:00 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-28 21:00 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-28 21:00 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-28 21:00 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-28 21:00 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-28 21:00 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-28 21:00 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-28 21:00 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-28 21:01 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-28 21:01 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-28 21:00 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-28 21:00 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-28 21:00 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-28 21:01 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-05-28 21:00 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:43 . 2009-05-28 21:00 236544 ----a-w- c:\windows\system32\drivers\HdAudio.sys
2009-04-11 04:42 . 2009-05-28 21:01 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-28 21:00 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-28 21:00 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-28 21:01 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-28 21:00 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-28 21:00 12800 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-28 21:00 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-28 21:00 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-28 21:02 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-28 21:00 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-28 21:00 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-28 21:00 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-28 21:00 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-05-28 21:00 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-05-28 21:00 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-05-28 21:01 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-28 21:00 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-28 21:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-28 21:00 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:19 . 2009-05-28 21:00 89088 ----a-w- c:\windows\system32\drivers\sdbus.sys
2009-04-11 04:15 . 2009-05-28 21:01 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-28 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-28 21:01 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-28 21:01 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-28 21:01 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-28 21:01 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-28 21:01 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-28 21:01 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-28 21:00 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-28 21:00 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-09 09:21 . 2008-08-09 09:21 76 --sha-r- c:\windows\CT4CET.bin
2008-08-09 11:43 . 2008-08-09 11:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-17_18.47.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-06-19 18:19 59912 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-14 20:10 . 2009-06-19 18:19 12014 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1718433626-2084869986-3254386905-1000_UserData.bin
+ 2008-08-14 19:45 . 2009-06-19 18:29 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-14 19:45 . 2009-06-17 15:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-14 19:45 . 2009-06-19 18:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-14 19:45 . 2009-06-17 15:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-14 19:45 . 2009-06-19 18:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-14 19:45 . 2009-06-17 15:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-19 18:31 . 2009-06-19 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-19 18:31 . 2009-06-19 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-06-19 18:19 102226 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-06-19 18:23 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-06-19 18:23 101350 c:\windows\System32\perfc009.dat
- 2009-04-23 13:45 . 2009-04-23 13:44 148888 c:\windows\System32\javaws.exe
+ 2009-06-18 14:43 . 2009-05-21 16:34 148888 c:\windows\System32\javaws.exe
- 2009-04-23 13:45 . 2009-04-23 13:44 144792 c:\windows\System32\javaw.exe
+ 2009-06-18 14:43 . 2009-05-21 16:34 144792 c:\windows\System32\javaw.exe
+ 2009-06-18 14:43 . 2009-05-21 16:34 144792 c:\windows\System32\java.exe
- 2009-04-23 13:45 . 2009-04-23 13:44 144792 c:\windows\System32\java.exe
+ 2009-06-14 04:00 . 2009-06-19 18:23 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-14 04:00 . 2009-06-17 15:56 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-18 14:43 . 2009-06-18 14:43 262144 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2009-06-19 18:26 . 2009-06-19 18:26 318976 c:\windows\System32\CF4085.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-14 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-6-11 3182928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::4a,6e,6a,10,db,df,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1718433626-2084869986-3254386905-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C00B0AAB-AFA0-4D29-9B1B-9996C2444298}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{75923754-22B4-4C3C-B1D3-DB4AD161AD5A}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{D59E4AD2-6E1F-47D6-BE3D-936CC9E3AE66}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{FAC3DD28-C179-46C8-955D-22C445364724}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{E4D8715F-E7F4-4271-BFC0-998B022FC626}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{7ED17CBA-783D-4E82-A2A1-D7D6CD88495E}"= UDP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{29CE4B6D-0C30-4FC0-A2FE-CE53D6104B92}"= TCP:c:\program files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{C9DEA6A2-B08B-4AFF-BEC7-C6287EF4EC1F}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{0B471B6D-2F50-4D6F-9B21-31C93BFF0B44}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{10DD891B-6CD4-470A-A1A7-310E77F65822}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{500886E4-7DCE-44CA-B425-BDA25FF9D3B2}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{E3D442CA-AD53-487E-B4AF-32C2013BF5AC}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{BE47C76B-7200-4D14-B9CD-5A9477CB0C5D}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{DE50950C-CE6A-406A-B33D-03413396022D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{1B8F3722-BE53-46D2-AA2B-6041EFF54E7C}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{E0588DF5-4043-4816-AC4F-B3D33E4FB35B}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{7D096155-57A9-4084-88C0-F6F226EF5094}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{677C69E2-2E7B-4976-88CF-139DAAC8353C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{FADFFA7E-17C0-427A-9F18-265ABA41CE12}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{CFD89548-E8A3-4AEF-B533-31C85229390E}"= UDP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals (DEMO)\LostEmpire.exe:Lost Empire - Immortals
"{B85F1DA3-FCBE-4778-A131-D2DCF8072EB6}"= TCP:c:\program files\Pollux Gamelabs\Lost Empire - Immortals (DEMO)\LostEmpire.exe:Lost Empire - Immortals
"{C77AAD7B-1C3C-458C-8FC4-5A4ABE0517F7}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F1C121BE-4A65-43E2-8046-B2621A3DE3B8}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{22B236DB-A1FC-4DF3-A703-0A0F71482DED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16381690-C37D-4344-A8FB-B7A1F3255A73}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{814BCA53-E827-4666-8A3C-BFBA83451340}"= TCP:67:DHCP Discovery Service
"{B9DB430E-D737-4ED5-A99C-9F5B4DC11836}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{A8B7DF9E-CE7E-40AA-BB50-FEEDE351EFD9}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{911EF033-F3D6-44D4-8CBC-64E6EB751E6E}"= TCP:67:0.0.0.0:DHCP Discovery Service
"{3AAB5BEF-4ADF-44CC-A392-D300C4D24FFF}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{ACBB5B8D-A5B7-4F2F-9797-6A8DF7B0E2DD}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{B98545C9-7993-4AB2-8BE2-5664B8F698B7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{667B667E-AB1B-4B82-8E9A-5ADAF7F81655}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6A0D8FBB-0832-4F89-9B9B-F6D43FE2B6DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1558EC4A-9E97-4F4C-8495-CDD3D79DDD1C}"= UDP:c:\program files\Ubisoft\World in Conflict\wic.exe:World in Conflict
"{48C1936C-1C18-4550-B328-D405F6C28DF4}"= TCP:c:\program files\Ubisoft\World in Conflict\wic.exe:World in Conflict
"{FC81910F-B9B2-48D8-B0C1-64819C6FEB0B}"= UDP:c:\program files\Ubisoft\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{64EDEF39-4B6B-45B9-9940-BF718BED32EC}"= TCP:c:\program files\Ubisoft\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{75C09EDF-F8D5-4135-866F-6623C9B7293E}"= UDP:c:\program files\Ubisoft\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{46939CE3-41FF-4B08-95CD-B8DB4E9FC4BD}"= TCP:c:\program files\Ubisoft\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{466CC506-B8BA-43BB-8030-20029C4E9874}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{135354AD-0B42-4A15-B3BE-BCFE508EBD76}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9666B6B9-0F7D-4C39-B0FA-9F8F1CD1CAD8}"= UDP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"{3C1F3EC4-2EED-40C9-A3D9-DAB87F58BC0C}"= TCP:c:\program files\IGWarlord\igwarlord.exe:IGWarlord
"TCP Query User{2A07CD6E-FF7D-4B6C-91B3-3D3E7C247DD7}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5BA51761-CD8B-4270-85C4-811BACC5155B}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/14/2009 1:03 PM 64160]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [8/9/2008 6:44 AM 548352]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [1/15/2009 10:15 AM 15360]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [8/9/2008 6:44 AM 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [8/9/2008 6:44 AM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [3/6/2009 7:30 AM 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [3/8/2009 5:06 PM 280096]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 4:37 AM 1053944]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1005904]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [8/9/2008 6:44 AM 73728]
S4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:03]

2008-08-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-18 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7b1vyk6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www4.uwm.edu/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 13:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,a2,bb,ab,f6,16,99,5b,6d,c1,aa,25,46,99,ce,bc,d2,84,2d,c6,4a,aa,c5,
ab,ca,5a,d9,51,92,14,9b,d2,a9,1f,8f,74,8c,29,21,16,59,21,21,75,1a,62,4a,4e,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,db,48,18,5f,a1,8e,41,58,71,28,f5,f7,38,2a,9a,a7,3d,d5,8d,78,
72,54,e0,50,02,84,42,f5,fe,23,0b,31,4e,ca,8f,44,f3,5b,b2,d7,5f,39,fc,e0,77,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(4980)
c:\program files\Xfire\xfire_toucan_37590.dll
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\rpcnet.exe
c:\program files\DigitalPersona\Bin\DpAgent.exe
c:\windows\System32\CF4085.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-19 13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 18:40
ComboFix2.txt 2009-06-17 18:49

Pre-Run: 101,453,664,256 bytes free
Post-Run: 101,304,541,184 bytes free

392 --- E O F --- 2009-06-18 14:13

the SFC scan did not find anything

There is nothing new to report on how my system is performing

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 20 June 2009 - 07:20 AM

Hello again,
Please note.....

In reference to your command windows and error message. It may or may not be malware related. This message is sometimes related to an incompatibility between a program and Vista. Here is a link http://www.online-tech-tips.com/computer-t...topped-working/

==========

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

==========

I see that you have McAfee installed. Is it fully functional and up to date?

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please copy/paste the contents of that document in your next reply.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* McAfee question answer
* SecurityCheck log
* MBAM log
* OTL.txt
* OTL extra.txt
* How's it running?

Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 AndroidSFV

AndroidSFV
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:18 PM

Posted 20 June 2009 - 12:07 PM

My McAfee is updated and functional

Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 2
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
McAfeeSecurityCenter
ECHO is off.
Error obtaining update status for antivirus!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Ad-Aware
Spybot - Search & Destroy
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 14
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot SDHelper is disabled!
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

Request Timed Out (Check Internet connection?)

Scan took 43 seconds.
`````````End of Log```````````



Malwarebytes' Anti-Malware 1.38
Database version: 2315
Windows 6.0.6002 Service Pack 2

6/20/2009 11:58:52 AM
mbam-log-2009-06-20 (11-58-52).txt

Scan type: Quick Scan
Objects scanned: 77784
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 6/20/2009 12:00:32 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 91.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 90.28 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISENGLES-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/02/29 04:37:16 | 01,053,944 | R--- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/05/04 03:42:16 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe
PRC - [2008/06/26 06:10:00 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
PRC - [2008/05/04 03:42:16 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe
PRC - [2008/03/11 09:26:10 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2009/06/14 13:03:13 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/03/25 21:53:16 | 00,302,144 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2008/08/09 04:05:30 | 00,072,704 | R--- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2007/04/09 01:48:34 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\system32\CTsvcCDA.exe
PRC - [2007/10/03 15:45:02 | 00,358,936 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2009/06/10 12:55:12 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2008/03/25 21:53:16 | 00,699,456 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/10/03 15:44:58 | 00,178,712 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | R--- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/03/11 01:22:46 | 00,163,840 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/06/26 06:10:06 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/14 13:03:13 | 00,518,488 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/01/20 21:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/06/11 17:29:44 | 03,182,928 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire.exe
PRC - [2008/01/20 21:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/03/11 01:22:44 | 00,050,736 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/03/11 01:22:50 | 00,040,960 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2008/03/11 01:22:44 | 00,049,152 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | R--- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/04/11 01:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/09/25 08:07:33 | 00,307,712 | R--- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/20 12:00:01 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/26 06:09:50 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe -- (AESTFilters [Disabled | Stopped])
SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2008/05/04 03:42:16 | 00,667,648 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2008/02/29 04:37:16 | 01,053,944 | R--- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/08/09 04:05:30 | 00,072,704 | R--- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Auto | Running])
SRV - [2007/04/09 01:48:34 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\system32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/04/28 16:56:28 | 00,161,048 | R--- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Disabled | Stopped])
SRV - [2008/03/25 21:53:16 | 00,302,144 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost [Auto | Running])
SRV - [2008/01/20 21:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/08/09 04:15:25 | 00,029,744 | R--- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-010708-104812 [Disabled | Stopped])
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2007/10/03 15:45:02 | 00,358,936 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/06/14 13:03:13 | 01,005,904 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/04/01 14:21:30 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/03/25 11:05:48 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/05/21 18:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache [Disabled | Stopped])
SRV - [2008/05/16 07:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice [Disabled | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/06/10 12:55:12 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe -- (rpcnet [Auto | Running])
SRV - [2008/03/11 12:44:38 | 00,202,544 | R--- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Disabled | Stopped])
SRV - [2008/06/26 06:10:00 | 00,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2009/06/11 22:49:48 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [Disabled | Stopped])
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/03/11 09:26:10 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Start_Pending])
SRV - [2008/01/20 21:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/03/11 01:22:44 | 00,164,400 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008/05/04 03:42:18 | 03,548,672 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2008/03/13 06:45:50 | 00,548,352 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\Drivers\ATSwpWDF.sys -- (ATSwpWDF [On_Demand | Running])
DRV - [2008/03/11 09:24:46 | 00,018,424 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\drivers\BCM42RLY.sys -- (BCM42RLY [On_Demand | Stopped])
DRV - [2008/03/11 09:25:46 | 01,205,240 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Running])
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2009/01/15 10:15:26 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\dc3d.sys -- (dc3d [On_Demand | Running])
DRV - [2008/01/20 21:23:25 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/03/11 01:44:12 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2008/03/14 08:04:26 | 00,054,784 | ---- | M] (ITE Tech. Inc. ) -- C:\Windows\system32\DRIVERS\itecir.sys -- (itecir [On_Demand | Running])
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/03/11 01:42:24 | 00,203,264 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\k57nd60x.sys -- (k57nd60x [On_Demand | Running])
DRV - [2009/06/14 13:03:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2009/03/25 11:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2009/03/25 11:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/03/25 11:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/03/25 11:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2008/10/23 13:08:54 | 00,130,424 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2009/03/06 07:30:08 | 00,133,632 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\system32\DRIVERS\OA001Ufd.sys -- (OA001Ufd [On_Demand | Running])
DRV - [2009/03/08 17:06:00 | 00,280,096 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\system32\DRIVERS\OA001Vid.sys -- (OA001Vid [On_Demand | Running])
DRV - [2008/05/16 07:10:32 | 00,024,888 | ---- | M] (Pure Networks, Inc.) -- C:\Windows\system32\DRIVERS\pnarp.sys -- (pnarp [Auto | Running])
DRV - [2006/11/08 02:02:38 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\point32k.sys -- (Point32 [On_Demand | Running])
DRV - [2008/05/16 07:10:30 | 00,026,424 | ---- | M] (Pure Networks, Inc.) -- C:\Windows\system32\DRIVERS\purendis.sys -- (purendis [Auto | Running])
DRV - [2007/11/14 03:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/05/04 03:42:18 | 03,548,672 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2008/03/11 01:24:44 | 00,046,592 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2008/03/11 01:24:42 | 00,043,008 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2008/03/11 01:24:46 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/08/15 14:33:45 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/06/26 06:10:08 | 00,380,928 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\DRIVERS\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www4.uwm.edu/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/11 14:56:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/07 15:51:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/07 15:51:48 | 00,000,000 | ---D | M]

[2008/08/14 15:03:43 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2008/08/14 15:03:43 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/20 11:48:48 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions
[2009/06/04 12:24:26 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/08/20 11:10:42 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(26)
[2009/06/04 12:24:19 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/02/18 17:58:18 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/04/13 20:59:15 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\moveplayer@movenetworks.com
[2009/06/04 12:24:26 | 00,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\7b1vyk6f.default\extensions\staged-xpis
[2009/06/20 11:48:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/09/25 08:07:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/23 08:45:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/20 11:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2008/09/25 08:07:32 | 00,023,040 | R--- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/09/25 08:07:32 | 00,134,656 | R--- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 11:31:38 | 00,001,394 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 11:31:38 | 00,002,193 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 11:31:38 | 00,001,534 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 11:31:38 | 00,002,642 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 11:31:38 | 00,001,706 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 11:31:38 | 00,001,178 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 11:31:38 | 00,000,792 | R--- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe (Xfire Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1718433626-2084869986-3254386905-1000\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe ()
O34 - HKLM BootExecute: (*) - * [2009/06/20 11:48:46 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/20 12:00:01 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2009/06/19 13:30:40 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/06/19 13:26:52 | 00,155,136 | ---- | C] () -- C:\Windows\PEV.exe
[2009/06/19 13:26:47 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF4085.exe
[2009/06/18 09:29:47 | 32,170,43456 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/17 18:59:34 | 00,000,000 | ---D | C] -- C:\rsit
[2009/06/17 16:54:21 | 00,056,680 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/06/17 15:27:52 | 00,000,000 | ---D | C] -- C:\Users\Chris\Desktop\debugging folder
[2009/06/17 13:49:46 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/06/17 13:43:30 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/06/17 13:42:39 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/17 11:43:05 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2009/06/17 11:43:02 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 11:43:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:42:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/17 11:42:57 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/17 11:42:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/17 10:57:45 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/06/17 10:57:45 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/06/16 15:40:00 | 03,027,424 | R--- | C] () -- C:\Users\Chris\Desktop\Combofix.exe
[2009/06/16 15:39:50 | 03,027,424 | ---- | C] () -- C:\Users\Chris\Documents\Combo-Fix - Copy.exe
[2009/06/16 14:46:19 | 00,000,253 | ---- | C] () -- C:\Windows\wininit.ini
[2009/06/14 14:16:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/06/14 14:16:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/06/14 14:16:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/06/14 14:16:16 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/06/14 14:16:16 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/06/14 14:16:16 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/06/14 14:16:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/06/14 14:15:54 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/06/14 13:15:54 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/06/14 13:03:42 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/14 13:03:35 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/06/14 13:02:27 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/14 13:02:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/06/14 13:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/14 12:57:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/06/14 12:57:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/06/14 00:09:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/13 22:42:48 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/13 22:42:47 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/13 22:42:47 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/13 22:42:47 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/13 22:42:46 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/13 22:42:46 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/13 22:42:46 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/13 22:42:46 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/13 22:42:46 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/13 22:42:46 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/13 22:42:45 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/13 22:42:44 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/13 22:42:43 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/13 22:41:12 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/13 22:41:11 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/06/13 22:41:11 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/06/13 22:41:11 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/13 22:41:11 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/06/13 22:41:11 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/13 22:41:11 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/13 22:41:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/06/13 22:41:10 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/13 22:41:10 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/13 22:41:10 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/06/13 22:41:10 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/06/13 22:41:10 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/06/13 22:41:10 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/06/13 22:41:10 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/06/13 22:41:09 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/13 22:41:09 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/06/13 22:41:09 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/13 22:41:09 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/06/13 22:41:09 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/06/13 22:41:09 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/13 22:41:09 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/13 22:41:09 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/06/13 22:41:09 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/13 22:41:08 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/06/13 22:41:08 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/13 22:41:08 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/13 22:41:08 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/06/13 22:41:08 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/13 22:41:08 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/06/13 22:41:08 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/06/13 22:41:08 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/13 22:41:07 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/13 22:41:06 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/06/13 22:41:06 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/06/13 22:41:06 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/13 22:41:06 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/06/13 22:41:06 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/06/13 22:41:06 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/06/13 22:41:06 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/06/13 22:41:06 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/06/13 22:41:06 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/06/13 22:10:36 | 01,110,399 | ---- | C] () -- C:\Windows\System32\UACxejckoxnyhlxcst.db
[2009/06/11 17:29:50 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/06/11 13:37:44 | 02,034,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/11 13:37:42 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/11 13:37:39 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/10 23:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\USArmy
[2009/06/10 22:35:13 | 00,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2009/06/10 22:35:07 | 00,000,308 | ---- | C] () -- C:\Users\Chris\Desktop\AA3Deploy.appref-ms
[2009/06/09 18:04:24 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Spring
[2009/06/09 18:04:24 | 00,000,000 | ---D | C] -- C:\ProgramData\Spring
[2009/06/09 18:04:13 | 00,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\springlobby
[2009/06/09 16:16:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Isotx
[2009/06/07 15:53:04 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/07 15:53:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/07 15:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/03 20:14:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/06/01 22:26:06 | 00,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2009/05/29 18:17:47 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\DF
[2009/05/28 16:17:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/05/28 16:17:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/05/28 16:17:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/05/28 16:03:19 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/05/28 16:02:13 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/05/28 16:02:10 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/05/28 16:02:09 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/05/28 16:02:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/05/28 16:02:07 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/05/28 16:02:06 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/05/28 16:02:04 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/05/28 16:02:03 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/05/28 16:02:02 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/05/28 16:02:01 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/05/28 16:02:01 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/05/28 16:02:01 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/28 16:02:01 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/05/28 16:02:01 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/05/28 16:02:01 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/05/28 16:02:00 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/05/28 16:01:59 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/05/28 16:01:59 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/05/28 16:01:59 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/05/28 16:01:59 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/05/28 16:01:59 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/05/28 16:01:58 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/05/28 16:01:57 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/05/28 16:01:57 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/28 16:01:56 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/05/28 16:01:56 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/05/28 16:01:55 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/05/28 16:01:55 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/05/28 16:01:55 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/05/28 16:01:54 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/05/28 16:01:54 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/05/28 16:01:54 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/05/28 16:01:54 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/05/28 16:01:53 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/05/28 16:01:53 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/05/28 16:01:52 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/05/28 16:01:52 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/05/28 16:01:52 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/05/28 16:01:52 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/28 16:01:52 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/05/28 16:01:51 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/05/28 16:01:51 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/05/28 16:01:51 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/05/28 16:01:51 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/05/28 16:01:50 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/05/28 16:01:50 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/05/28 16:01:50 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/05/28 16:01:49 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/05/28 16:01:49 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/05/28 16:01:49 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/05/28 16:01:49 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/05/28 16:01:49 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/05/28 16:01:49 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/05/28 16:01:49 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/05/28 16:01:49 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/05/28 16:01:49 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/28 16:01:48 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/05/28 16:01:48 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/05/28 16:01:48 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/05/28 16:01:47 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/05/28 16:01:47 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/05/28 16:01:47 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/05/28 16:01:47 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/05/28 16:01:47 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/05/28 16:01:46 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/05/28 16:01:46 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/05/28 16:01:46 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/05/28 16:01:46 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/05/28 16:01:46 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/05/28 16:01:45 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/05/28 16:01:45 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/05/28 16:01:45 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/05/28 16:01:45 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/05/28 16:01:45 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/05/28 16:01:45 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/05/28 16:01:45 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/05/28 16:01:44 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/05/28 16:01:44 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/05/28 16:01:44 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/05/28 16:01:44 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/05/28 16:01:44 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/05/28 16:01:43 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/05/28 16:01:43 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/05/28 16:01:43 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/05/28 16:01:43 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/05/28 16:01:43 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/05/28 16:01:42 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/05/28 16:01:42 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/05/28 16:01:42 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/05/28 16:01:42 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/05/28 16:01:42 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/05/28 16:01:42 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/05/28 16:01:42 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/05/28 16:01:41 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/05/28 16:01:41 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/05/28 16:01:41 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/05/28 16:01:41 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/05/28 16:01:41 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/05/28 16:01:41 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/28 16:01:40 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/05/28 16:01:40 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/05/28 16:01:40 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/05/28 16:01:40 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/05/28 16:01:40 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/05/28 16:01:40 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/05/28 16:01:40 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/05/28 16:01:39 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/05/28 16:01:39 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/05/28 16:01:39 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/05/28 16:01:39 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/05/28 16:01:39 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/05/28 16:01:38 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/05/28 16:01:38 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/05/28 16:01:38 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/05/28 16:01:38 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/05/28 16:01:38 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/05/28 16:01:38 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/05/28 16:01:37 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/05/28 16:01:37 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/05/28 16:01:37 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/05/28 16:01:37 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/05/28 16:01:37 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/05/28 16:01:37 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/28 16:01:37 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/05/28 16:01:36 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/05/28 16:01:36 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/05/28 16:01:36 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/05/28 16:01:36 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/05/28 16:01:36 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/05/28 16:01:36 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/05/28 16:01:36 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/05/28 16:01:36 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/05/28 16:01:35 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/05/28 16:01:35 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/05/28 16:01:35 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/05/28 16:01:35 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/05/28 16:01:34 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/05/28 16:01:34 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/05/28 16:01:34 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/05/28 16:01:34 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/05/28 16:01:34 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/05/28 16:01:34 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/05/28 16:01:34 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/05/28 16:01:34 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/05/28 16:01:34 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/05/28 16:01:34 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/28 16:01:34 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/28 16:01:34 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/05/28 16:01:33 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/05/28 16:01:33 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/05/28 16:01:33 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/05/28 16:01:33 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/05/28 16:01:32 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/05/28 16:01:32 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/05/28 16:01:32 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/05/28 16:01:32 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/05/28 16:01:32 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/05/28 16:01:32 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/05/28 16:01:32 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/05/28 16:01:32 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/05/28 16:01:32 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/05/28 16:01:32 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/05/28 16:01:32 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/05/28 16:01:32 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/05/28 16:01:31 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/05/28 16:01:31 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/05/28 16:01:31 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/05/28 16:01:31 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/05/28 16:01:31 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/05/28 16:01:31 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/05/28 16:01:31 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/05/28 16:01:31 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/05/28 16:01:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/05/28 16:01:30 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/05/28 16:01:30 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/05/28 16:01:30 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/05/28 16:01:30 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/05/28 16:01:30 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/05/28 16:01:30 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/05/28 16:01:30 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/05/28 16:01:30 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/05/28 16:01:30 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/05/28 16:01:30 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/05/28 16:01:29 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/05/28 16:01:29 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/05/28 16:01:29 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/05/28 16:01:29 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/05/28 16:01:29 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/05/28 16:01:29 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/05/28 16:01:28 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/05/28 16:01:28 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/05/28 16:01:27 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/05/28 16:01:26 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/05/28 16:01:26 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/05/28 16:01:26 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/05/28 16:01:26 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/05/28 16:01:26 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/05/28 16:01:25 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/05/28 16:01:25 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/05/28 16:01:25 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/05/28 16:01:25 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/05/28 16:01:25 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/05/28 16:01:25 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/05/28 16:01:25 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/05/28 16:01:25 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/05/28 16:01:24 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/05/28 16:01:24 | 00,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009/05/28 16:01:24 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/05/28 16:01:24 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/05/28 16:01:24 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/05/28 16:01:24 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/05/28 16:01:24 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/05/28 16:01:24 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/05/28 16:01:23 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/05/28 16:01:23 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/05/28 16:01:23 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/05/28 16:01:23 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/05/28 16:01:23 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/05/28 16:01:23 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/05/28 16:01:23 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/05/28 16:01:23 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/05/28 16:01:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/05/28 16:01:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/05/28 16:01:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/05/28 16:01:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/05/28 16:01:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/05/28 16:01:22 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/05/28 16:01:22 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/05/28 16:01:22 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/05/28 16:01:22 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/05/28 16:01:22 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/05/28 16:01:22 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/05/28 16:01:22 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/05/28 16:01:22 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/05/28 16:01:22 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/05/28 16:01:22 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/05/28 16:01:22 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/05/28 16:01:21 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/05/28 16:01:21 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/05/28 16:01:21 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/05/28 16:01:21 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/05/28 16:01:21 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/05/28 16:01:21 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/05/28 16:01:21 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/05/28 16:01:21 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/05/28 16:01:21 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/05/28 16:01:21 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/05/28 16:01:21 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/05/28 16:01:21 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/05/28 16:01:21 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/28 16:01:20 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/05/28 16:01:20 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/05/28 16:01:20 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/05/28 16:01:20 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/05/28 16:01:20 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/05/28 16:01:20 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/05/28 16:01:20 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/05/28 16:01:20 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/05/28 16:01:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/05/28 16:01:19 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/05/28 16:01:19 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/05/28 16:01:19 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/05/28 16:01:19 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/05/28 16:01:19 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/05/28 16:01:19 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/05/28 16:01:19 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/05/28 16:01:19 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/05/28 16:01:19 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/05/28 16:01:19 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/28 16:01:19 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/28 16:01:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/05/28 16:01:18 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/05/28 16:01:18 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/05/28 16:01:18 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/05/28 16:01:18 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/05/28 16:01:18 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/05/28 16:01:18 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/05/28 16:01:18 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/05/28 16:01:18 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/05/28 16:01:17 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/05/28 16:01:17 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/05/28 16:01:17 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/05/28 16:01:17 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/05/28 16:01:17 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/05/28 16:01:17 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/05/28 16:01:17 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/05/28 16:01:16 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/05/28 16:01:16 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/05/28 16:01:16 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/05/28 16:01:16 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/05/28 16:01:16 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/05/28 16:01:16 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/05/28 16:01:16 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/05/28 16:01:16 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/05/28 16:01:16 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/28 16:01:15 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/05/28 16:01:15 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/05/28 16:01:15 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/05/28 16:01:15 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/05/28 16:01:15 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/05/28 16:01:15 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/05/28 16:01:15 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/05/28 16:01:15 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/05/28 16:01:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/05/28 16:01:15 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/05/28 16:01:15 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/05/28 16:01:15 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/05/28 16:01:15 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/05/28 16:01:14 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/05/28 16:01:14 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/05/28 16:01:14 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/05/28 16:01:14 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/05/28 16:01:13 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/05/28 16:01:13 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/05/28 16:01:13 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/05/28 16:01:13 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/05/28 16:01:13 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/05/28 16:01:13 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/05/28 16:01:13 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/05/28 16:01:13 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/05/28 16:01:12 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/05/28 16:01:12 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/05/28 16:01:12 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/05/28 16:01:12 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/05/28 16:01:12 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/05/28 16:01:12 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/05/28 16:01:12 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/05/28 16:01:12 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/05/28 16:01:11 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/05/28 16:01:11 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/05/28 16:01:11 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/05/28 16:01:11 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/05/28 16:01:11 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/05/28 16:01:11 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/05/28 16:01:11 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/05/28 16:01:11 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/05/28 16:01:11 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/05/28 16:01:11 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/05/28 16:01:10 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/05/28 16:01:10 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/05/28 16:01:10 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/05/28 16:01:10 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/05/28 16:01:10 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/05/28 16:01:10 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/05/28 16:01:10 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/05/28 16:01:09 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/05/28 16:01:09 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/05/28 16:01:09 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/05/28 16:01:09 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/05/28 16:01:09 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/05/28 16:01:09 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/05/28 16:01:09 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/05/28 16:01:08 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/05/28 16:01:08 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/05/28 16:01:08 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/05/28 16:01:08 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/05/28 16:01:08 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/05/28 16:01:08 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/05/28 16:01:07 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/05/28 16:01:07 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/05/28 16:01:07 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/05/28 16:01:07 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/05/28 16:01:07 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/05/28 16:01:07 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/05/28 16:01:07 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/05/28 16:01:07 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/05/28 16:01:07 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/05/28 16:01:06 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/05/28 16:01:06 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/05/28 16:01:06 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/05/28 16:01:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/05/28 16:01:06 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/05/28 16:01:06 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/05/28 16:01:06 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/05/28 16:01:06 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/05/28 16:01:06 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/05/28 16:01:06 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/05/28 16:01:06 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/05/28 16:01:06 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/05/28 16:01:06 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/05/28 16:01:06 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/05/28 16:01:06 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/05/28 16:01:05 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/05/28 16:01:05 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/05/28 16:01:05 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/05/28 16:01:05 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/05/28 16:01:05 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/05/28 16:01:05 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/05/28 16:01:05 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/05/28 16:01:05 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/05/28 16:01:05 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/05/28 16:01:05 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/05/28 16:01:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/05/28 16:01:05 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/05/28 16:01:05 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/05/28 16:01:04 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/05/28 16:01:04 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/05/28 16:01:04 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/05/28 16:01:04 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/05/28 16:01:04 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/05/28 16:01:04 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/05/28 16:01:04 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/05/28 16:01:04 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/05/28 16:01:04 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/05/28 16:01:04 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/05/28 16:01:04 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/05/28 16:01:04 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/05/28 16:01:04 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/05/28 16:01:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/05/28 16:01:04 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/05/28 16:01:03 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/05/28 16:01:03 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/05/28 16:01:03 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/05/28 16:01:03 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/05/28 16:01:03 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/28 16:01:03 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/05/28 16:01:03 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/05/28 16:01:03 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/05/28 16:01:02 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/05/28 16:01:02 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/05/28 16:01:02 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/05/28 16:01:02 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/05/28 16:01:02 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/05/28 16:01:02 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/05/28 16:01:01 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/05/28 16:01:01 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/05/28 16:01:01 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/05/28 16:01:01 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/05/28 16:01:01 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/05/28 16:01:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/05/28 16:00:59 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/05/28 16:00:59 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/05/28 16:00:59 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/05/28 16:00:59 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/05/28 16:00:59 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/05/28 16:00:59 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/05/28 16:00:59 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/05/28 16:00:59 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/05/28 16:00:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/05/28 16:00:59 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/05/28 16:00:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/05/28 16:00:58 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/05/28 16:00:58 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/05/28 16:00:58 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/05/28 16:00:58 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/05/28 16:00:58 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/05/28 16:00:58 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/05/28 16:00:58 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/05/28 16:00:57 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/05/28 16:00:57 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/05/28 16:00:57 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/05/28 16:00:57 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/05/28 16:00:57 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/05/28 16:00:57 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/05/28 16:00:57 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/05/28 16:00:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys
[2009/05/28 16:00:57 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/05/28 16:00:57 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/05/28 16:00:57 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/05/28 16:00:56 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/05/28 16:00:56 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/05/28 16:00:56 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/05/28 16:00:56 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/05/28 16:00:56 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/05/28 16:00:56 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/05/28 16:00:56 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/05/28 16:00:56 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/05/28 16:00:56 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/05/28 16:00:56 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/05/28 16:00:55 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/05/28 16:00:55 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/05/28 16:00:55 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/05/28 16:00:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/05/28 16:00:55 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/05/28 16:00:55 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/05/28 16:00:55 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/05/28 16:00:55 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/05/28 16:00:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/05/28 16:00:55 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/05/28 16:00:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/05/28 16:00:55 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/05/28 16:00:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/05/28 16:00:55 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/05/28 16:00:55 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/05/28 16:00:55 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/05/28 16:00:54 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/05/28 16:00:54 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/05/28 16:00:54 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/05/28 16:00:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/05/28 16:00:54 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/05/28 16:00:54 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/05/28 16:00:54 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/05/28 16:00:54 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/05/28 16:00:54 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/05/28 16:00:54 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/05/28 16:00:54 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/05/28 16:00:54 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/05/28 16:00:54 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/05/28 16:00:54 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/05/28 16:00:54 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/05/28 16:00:53 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/05/28 16:00:53 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/05/28 16:00:53 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/05/28 16:00:53 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/05/28 16:00:53 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/05/28 16:00:53 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/05/28 16:00:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/05/28 16:00:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/05/28 16:00:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/05/28 16:00:53 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/05/28 16:00:52 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/05/28 16:00:52 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/05/28 16:00:52 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/05/28 16:00:52 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/05/28 16:00:52 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/05/28 16:00:52 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/05/28 16:00:52 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/05/28 16:00:52 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/05/28 16:00:52 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/05/28 16:00:52 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/05/28 16:00:52 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/05/28 16:00:52 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/05/28 16:00:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/05/28 16:00:52 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/05/28 16:00:52 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/05/28 16:00:51 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/05/28 16:00:51 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/05/28 16:00:51 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/05/28 16:00:51 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/05/28 16:00:51 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/05/28 16:00:51 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/05/28 16:00:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/05/28 16:00:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/05/28 16:00:51 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/05/28 16:00:51 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/05/28 16:00:50 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/05/28 16:00:50 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/05/28 16:00:50 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/05/28 16:00:50 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/05/28 16:00:50 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/05/28 16:00:50 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/05/28 16:00:50 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/05/28 16:00:49 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/05/28 16:00:49 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/05/28 16:00:49 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/05/28 16:00:49 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/05/28 16:00:49 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/05/28 16:00:49 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/05/28 16:00:49 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/05/28 16:00:49 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/05/28 16:00:49 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/05/28 16:00:49 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/05/28 16:00:48 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/05/28 16:00:48 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/05/28 16:00:48 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/05/28 16:00:48 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/05/28 16:00:48 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/05/28 16:00:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/05/28 16:00:48 | 00,062,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/05/28 16:00:48 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/05/28 16:00:48 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/05/28 16:00:47 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/05/28 16:00:47 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/05/28 16:00:47 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/05/28 16:00:47 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/05/28 16:00:47 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/05/28 16:00:47 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/05/28 16:00:47 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/05/28 16:00:47 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/05/28 16:00:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/05/28 16:00:46 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/05/28 16:00:46 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/05/28 16:00:46 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/05/28 16:00:46 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/05/28 16:00:46 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/05/28 16:00:46 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/05/28 16:00:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/05/28 16:00:46 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/05/28 16:00:46 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/05/28 16:00:45 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/05/28 16:00:45 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/05/28 16:00:45 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/05/28 16:00:45 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/05/28 16:00:45 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/05/28 16:00:45 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/05/28 16:00:45 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/05/28 16:00:45 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/05/28 16:00:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/05/28 16:00:44 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/05/28 16:00:44 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/05/28 16:00:44 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/05/28 16:00:44 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/05/28 16:00:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/05/28 16:00:43 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/05/28 16:00:43 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/05/28 16:00:43 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/05/28 16:00:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/05/28 16:00:43 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/05/28 16:00:43 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/05/28 16:00:43 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/05/28 16:00:43 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/05/28 16:00:43 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/05/28 16:00:43 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/05/28 16:00:43 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/05/28 16:00:43 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/05/28 16:00:42 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/05/28 16:00:42 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/05/28 16:00:42 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/05/28 16:00:42 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/05/28 16:00:42 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/05/28 16:00:42 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/05/28 16:00:42 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/05/28 16:00:42 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/05/28 16:00:42 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/05/28 16:00:42 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/05/28 16:00:42 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/05/28 16:00:41 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/05/28 16:00:41 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/05/28 16:00:41 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/05/28 16:00:41 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/05/28 16:00:41 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/05/28 16:00:41 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/05/28 16:00:41 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/05/28 16:00:41 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/05/28 16:00:41 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/05/28 16:00:41 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/05/28 16:00:41 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/05/28 16:00:41 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/05/28 16:00:40 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/05/28 16:00:40 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/05/28 16:00:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/05/28 16:00:40 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/05/28 16:00:40 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/05/28 16:00:40 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/05/28 16:00:40 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/05/28 16:00:40 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/05/28 16:00:40 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/05/28 16:00:39 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/05/28 16:00:39 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/05/28 16:00:39 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/05/28 16:00:39 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/05/28 16:00:39 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/05/28 16:00:38 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/05/28 16:00:38 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/05/28 16:00:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/05/28 16:00:37 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/05/28 16:00:37 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/05/28 16:00:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/05/28 16:00:37 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/05/28 16:00:37 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/05/28 16:00:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/05/28 16:00:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/05/28 16:00:37 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/05/28 16:00:36 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/05/28 16:00:35 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/05/28 16:00:35 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/05/28 16:00:35 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/05/28 16:00:34 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/05/28 16:00:34 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/05/28 16:00:34 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/05/28 16:00:34 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/05/28 16:00:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/05/28 16:00:34 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/05/28 16:00:33 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/05/28 16:00:33 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/05/28 16:00:33 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/05/28 16:00:16 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/05/28 16:00:11 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/05/28 16:00:11 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/05/28 15:59:58 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2008/11/23 20:13:31 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/21 12:30:46 | 00,000,033 | ---- | C] () -- C:\Windows\BPClient.ini
[2008/08/16 09:58:37 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/08/15 14:33:45 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/09 06:44:45 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/09 04:12:54 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/04/30 16:08:58 | 00,008,192 | ---- | C] ( ) -- C:\Windows\System32\cshost.dll
[2007/05/17 14:38:25 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[2009/06/20 12:00:01 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2009/06/20 11:50:38 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/20 11:50:38 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/20 11:50:37 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/20 11:45:07 | 00,005,763 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/06/20 11:43:20 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/06/20 11:43:20 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2009/06/20 11:43:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/20 11:41:56 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/20 11:41:56 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/20 11:41:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/20 11:41:46 | 32,170,43456 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/20 11:41:44 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2009/06/19 13:34:38 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/06/19 13:33:13 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/06/19 13:26:30 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF4085.exe
[2009/06/17 14:42:12 | 00,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Sword of the Stars.lnk
[2009/06/17 14:25:48 | 00,000,253 | ---- | M] () -- C:\Windows\wininit.ini
[2009/06/17 11:43:02 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/17 10:57:45 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/06/17 10:57:45 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/16 21:02:39 | 00,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/06/16 15:39:25 | 03,027,424 | R--- | M] () -- C:\Users\Chris\Desktop\Combofix.exe
[2009/06/16 15:39:25 | 03,027,424 | ---- | M] () -- C:\Users\Chris\Documents\Combo-Fix - Copy.exe
[2009/06/15 13:03:44 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/06/14 13:03:28 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/06/14 13:03:18 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/06/13 22:10:38 | 01,110,399 | ---- | M] () -- C:\Windows\System32\UACxejckoxnyhlxcst.db
[2009/06/12 20:11:20 | 00,238,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/11 17:29:50 | 00,041,808 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009/06/10 22:35:07 | 00,000,308 | ---- | M] () -- C:\Users\Chris\Desktop\AA3Deploy.appref-ms
[2009/06/10 12:55:12 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\Windows\PEV.exe
[2009/06/01 11:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >


OTL Extras logfile created on: 6/20/2009 12:00:32 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 91.20% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 90.28 Gb Free Space | 40.52% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.77 Gb Free Space | 57.68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISENGLES-PC
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1718433626-2084869986-3254386905-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{0E8226B5-0884-4C6F-9B41-448CED5DB5B2} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{2A07854E-C961-4F94-9B76-F1D5B77C0990} = LPORT=139 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{31674961-B42A-48B1-BA66-37450C6B0DF1} = RPORT=139 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{3F9CD1CA-B869-4BDB-9789-28A3009727DB} = RPORT=138 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |
{76E6C5D0-E86B-4AC4-9714-5980A417354F} = LPORT=138 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |
{814BCA53-E827-4666-8A3C-BFBA83451340} = LPORT=67 | PROTOCOL=17 | DIR=IN | NAME=DHCP DISCOVERY SERVICE |
{911EF033-F3D6-44D4-8CBC-64E6EB751E6E} = LPORT=67 | PROTOCOL=17 | DIR=IN | NAME=DHCP DISCOVERY SERVICE |
{995C776B-FB5A-4D9A-926D-A2B0E87C5942} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{A0AE6E9E-6202-465E-8788-1C0E6E2BBF38} = LPORT=445 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{B47F4986-C74D-4B20-AAAB-391F95EEDDC9} = RPORT=137 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |
{B7302E20-1FD8-463D-B735-06F6D428AA8A} = LPORT=RPC-EPMAP | PROTOCOL=6 | DIR=IN | NAME=@FIREWALLAPI.DLL,-28539 | SVC=RPCSS |
{CA8318ED-A3F5-4624-9DF0-9891B32FF230} = LPORT=RPC | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{EC1B03E6-70DB-4AD0-B95D-D715A190C97E} = RPORT=445 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{EE459DAC-97C8-4624-90BF-B585E76D26D0} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{F964F3F2-7479-49BD-A476-9816FCAE51FA} = LPORT=137 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |

========== Vista Active Application Exception List ==========

{0B471B6D-2F50-4D6F-9B21-31C93BFF0B44} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\DELL VIDEO CHAT\DELLVIDEOCHAT.EXE |
{135354AD-0B42-4A15-B3BE-BCFE508EBD76} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{1558EC4A-9E97-4F4C-8495-CDD3D79DDD1C} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\UBISOFT\WORLD IN CONFLICT\WIC.EXE |
{16381690-C37D-4344-A8FB-B7A1F3255A73} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{1E6F8F20-A603-4CE3-AF5D-BC1066FAB613} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\WLCSDK.EXE |
{22B236DB-A1FC-4DF3-A703-0A0F71482DED} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{29CE4B6D-0C30-4FC0-A2FE-CE53D6104B92} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\THQ\GAS POWERED GAMES\GPGNET\GPG.MULTIPLAYER.CLIENT.EXE |
{3AAB5BEF-4ADF-44CC-A392-D300C4D24FFF} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\PLATFORM\NMSRVC.EXE |
{3C1F3EC4-2EED-40C9-A3D9-DAB87F58BC0C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\IGWARLORD\IGWARLORD.EXE |
{453F3EFA-65D3-43E5-B7EA-E74295C155C1} = PROTOCOL=1 | DIR=OUT | NAME=@FIREWALLAPI.DLL,-28544 |
{466CC506-B8BA-43BB-8030-20029C4E9874} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{46939CE3-41FF-4B08-95CD-B8DB4E9FC4BD} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\UBISOFT\WORLD IN CONFLICT\WIC_DS.EXE |
{48C1936C-1C18-4550-B328-D405F6C28DF4} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\UBISOFT\WORLD IN CONFLICT\WIC.EXE |
{55C47F4A-334F-4B8D-A776-570682F0D605} = PROTOCOL=1 | DIR=IN | NAME=@FIREWALLAPI.DLL,-28543 |
{64EDEF39-4B6B-45B9-9940-BF718BED32EC} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\UBISOFT\WORLD IN CONFLICT\WIC_ONLINE.EXE |
{667B667E-AB1B-4B82-8E9A-5ADAF7F81655} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{6A0D8FBB-0832-4F89-9B9B-F6D43FE2B6DA} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{75923754-22B4-4C3C-B1D3-DB4AD161AD5A} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\MEDIADIRECT.EXE |
{75C09EDF-F8D5-4135-866F-6623C9B7293E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\UBISOFT\WORLD IN CONFLICT\WIC_DS.EXE |
{7ED17CBA-783D-4E82-A2A1-D7D6CD88495E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\THQ\GAS POWERED GAMES\GPGNET\GPG.MULTIPLAYER.CLIENT.EXE |
{8557A9A2-CFB0-4DF6-BA45-E29BE8D9BDE7} = PROTOCOL=58 | DIR=OUT | NAME=@FIREWALLAPI.DLL,-28546 |
{89C6E4CF-8839-48B5-BED0-4DE975F0AF74} = PROTOCOL=58 | DIR=IN | NAME=@FIREWALLAPI.DLL,-28545 |
{9666B6B9-0F7D-4C39-B0FA-9F8F1CD1CAD8} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\IGWARLORD\IGWARLORD.EXE |
{A807A3EF-3198-498A-8B8E-84DB623A95F4} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{A8B7DF9E-CE7E-40AA-BB50-FEEDE351EFD9} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\CIVILIZATION4.EXE |
{ACBB5B8D-A5B7-4F2F-9797-6A8DF7B0E2DD} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\PLATFORM\NMSRVC.EXE |
{B85F1DA3-FCBE-4778-A131-D2DCF8072EB6} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\POLLUX GAMELABS\LOST EMPIRE - IMMORTALS (DEMO)\LOSTEMPIRE.EXE |
{B98545C9-7993-4AB2-8BE2-5664B8F698B7} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\SYNC\WINDOWSLIVESYNC.EXE |
{B9DB430E-D737-4ED5-A99C-9F5B4DC11836} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\FIRAXIS GAMES\SID MEIER'S CIVILIZATION 4\CIVILIZATION4.EXE |
{C00B0AAB-AFA0-4D29-9B1B-9996C2444298} = DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{C77AAD7B-1C3C-458C-8FC4-5A4ABE0517F7} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\VENTRILO\VENTRILO.EXE |
{C9DEA6A2-B08B-4AFF-BEC7-C6287EF4EC1F} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\DELL VIDEO CHAT\DELLVIDEOCHAT.EXE |
{CFD89548-E8A3-4AEF-B533-31C85229390E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\POLLUX GAMELABS\LOST EMPIRE - IMMORTALS (DEMO)\LOSTEMPIRE.EXE |
{D59E4AD2-6E1F-47D6-BE3D-936CC9E3AE66} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\PCMSERVICE.EXE |
{E4D8715F-E7F4-4271-BFC0-998B022FC626} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\KERNEL\DMS\CLMSSERVICE.EXE |
{F1C121BE-4A65-43E2-8046-B2621A3DE3B8} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\VENTRILO\VENTRILO.EXE |
{FAC3DD28-C179-46C8-955D-22C445364724} = DIR=IN | APP=C:\PROGRAM FILES\DELL\MEDIADIRECT\KERNEL\DMP\CLBROWSERENGINE.EXE |
{FC81910F-B9B2-48D8-B0C1-64819C6FEB0B} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\UBISOFT\WORLD IN CONFLICT\WIC_ONLINE.EXE |
TCP Query User{2A07CD6E-FF7D-4B6C-91B3-3D3E7C247DD7}C:\program files\xfire\xfire.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\XFIRE\XFIRE.EXE |
UDP Query User{5BA51761-CD8B-4270-85C4-811BACC5155B}C:\program files\xfire\xfire.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\XFIRE\XFIRE.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05A677ED-F6EB-C225-0852-C8EDA143F637}" = Catalyst Control Center Core Implementation
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1339C679-8EBD-A264-F51B-8AFF9E5178AB}" = Catalyst Control Center Localization Chinese Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{140BF0D0-E848-405C-9A01-D3256B918B6D}" = AuthenTec Fingerprint System
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{33D38429-A417-2939-F2ED-68B02C60524B}" = CCC Help Italian
"{348982C0-1053-041B-90E9-27E52C5CBAC4}" = Catalyst Control Center Localization Chinese Traditional
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3683198D-D48D-8F78-D544-E0CEEDA9A5AD}" = Catalyst Control Center Localization Norwegian
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39874C29-6A64-A5E4-15E8-48CAB1630758}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43918518-4955-2631-EAAA-D96CD57460B5}" = ATI Catalyst Install Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{497CDC20-F32E-B732-D5A7-C508832901B1}" = Catalyst Control Center Localization Italian
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E8B4C51-20A4-A946-F2FD-361E1E64CBFE}" = Catalyst Control Center Localization Dutch
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{6387EC83-B90B-3E84-3DBF-95FF7503EC51}" = Catalyst Control Center InstallProxy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E07661-1C3B-EBB3-DDD7-CA2D9CF728E5}" = CCC Help Chinese Standard
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67192DDF-D12C-7C14-0891-1999A8322D9A}" = ccc-core-static
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{693C5CAC-E43C-4A5F-0793-DB1A91576F00}" = Catalyst Control Center Localization Swedish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BA2D1B0-0892-AF53-1542-767C1B1B558F}" = CCC Help German
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F633E95-3196-4FAC-9BD0-7E90CED5057A}" = DigitalPersona Personal 3.0.1
"{706136D4-648C-92B9-FF9E-BDAC45C977CB}" = CCC Help Norwegian
"{732784F2-BBB3-AF93-F0F8-2B28D93F023E}" = Catalyst Control Center Localization Finnish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75554025-5756-D2A8-E12A-3996A174E1AF}" = Catalyst Control Center Localization German
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7842F022-6597-76DA-4DE4-DA3FBD82ECF2}" = Skins
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A4CE9D2-DC5E-4B5B-0ED2-A2F66E76DD52}" = CCC Help Russian
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE855E5-8130-A624-1C47-D5EB13FA6DF2}" = Catalyst Control Center Graphics Previews Vista
"{7D712AFE-2D7C-13B8-DEB7-BA8A28FED665}" = Catalyst Control Center Localization Danish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E00AAF2-89F3-F7FC-A8F2-8C651449671E}" = CCC Help English
"{828816F4-629A-233E-DB02-A6F8BD004643}" = Catalyst Control Center Localization Portuguese
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90601456-1F28-AD6C-C1CE-740526D3BC27}" = Catalyst Control Center Localization French
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975F5675-8FC8-04A8-92CD-4653BD12282F}" = CCC Help French
"{97900633-AADE-35DC-A424-21380BFC5431}" = Catalyst Control Center Graphics Previews Common
"{98C948A6-5498-9DEE-BA4C-74B0A96CB521}" = CCC Help Danish
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7969E95-7E39-A1AC-2D6F-85531D8A371D}" = CCC Help Japanese
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9C78107-7CBC-B05B-083B-562FA9C1EA0B}" = CCC Help Portuguese
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB883D70-5B1D-9430-E626-7F495925590D}" = Catalyst Control Center Localization Spanish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C49E407D-A6A0-6F9A-767D-67387EF5523F}" = CCC Help Finnish
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CBF91610-C661-3464-8831-DA8AE2589DB9}" = Catalyst Control Center Localization Japanese
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kane's Wrath
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D2DB5404-378B-2821-513E-A8F230A0E948}" = ccc-utility
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D5D92C28-42FB-5E24-DBFA-07232A50D670}" = CCC Help Dutch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9DD6E03-ACE1-2503-205E-4FA74267CDC6}" = CCC Help Spanish
"{DB549485-9D94-E7AE-2FE7-DCB33A54FBD7}" = Catalyst Control Center Localization Russian
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE200E10-45BD-E11E-EC8E-1DAD80EF8EA9}" = Catalyst Control Center Graphics Full Existing
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEF19AE8-B330-CF2A-AEAA-1E23BBBC7B00}" = CCC Help Chinese Traditional
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5BE4931-F31C-2BA0-F06E-4FEC56725673}" = CCC Help Swedish
"{EC2C71BB-42DF-6F53-FB23-F7B3B160467B}" = Catalyst Control Center Graphics Light
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F1465B68-4D9A-D412-2528-4F84A681F15C}" = Catalyst Control Center Localization Korean
"{F1E18790-4053-4031-483B-80E932CE3910}" = CCC Help Korean
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FDA52B14-0D3A-4138-98D3-3875423ED191}" = Stargate Online TCG
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}" = LoJack Factory Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"mIRC" = mIRC
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"MSC" = McAfee SecurityCenter
"Network MagicUninstall" = Network Magic
"OpenAL" = OpenAL
"PKR" = PKR
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 17580" = Dystopia
"Steam App 215" = Source SDK Base
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 380" = Half-Life 2: Episode One
"Sword of the Stars" = Sword of the Stars
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"ESPN Java Check" = ESPN Java Check

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1718433626-2084869986-3254386905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a4f70b48f669acd" = AA3Deploy
"ESPN Java Check" = ESPN Java Check

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2009 1:02:05 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:12 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:19 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:26 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:34 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:41 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:48 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:02:55 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:03:02 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2009 1:03:09 PM | Computer Name = ChrisEngles-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\System32\bcmwltry.exe".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Broadcom Wireless LAN Events ]
Error - 11/23/2008 5:50:49 PM | Computer Name = ChrisEngles-PC | Source = WLAN-Tray | ID = 0
Description = 15:50:47, Sun, Nov 23, 08 Error - Unable to gain access to user store


Error - 12/16/2008 12:14:41 PM | Computer Name = ChrisEngles-PC | Source = WLAN-Tray | ID = 0
Description = 10:14:41, Tue, Dec 16, 08 Error - Unable to gain access to user store


Error - 12/18/2008 10:17:59 AM | Computer Name = ChrisEngles-PC | Source = WLAN-Tray | ID = 0
Description = 08:17:57, Thu, Dec 18, 08 Error - Unable to gain access to user store


Error - 12/18/2008 10:20:05 AM | Computer Name = ChrisEngles-PC | Source = WLAN-Tray | ID = 0
Description = 08:20:05, Thu, Dec 18, 08 Error - Unable to gain access to user store


Error - 1/14/2009 3:19:42 PM | Computer Name = ChrisEngles-PC | Source = WLAN-Tray | ID = 0
Description = 13:19:40, Wed, Jan 14, 09 Error - Unable to gain access to user store


Error - 2/11/2009 10:01:57 AM | Computer Name = ChrisEngles-PC | Source = WLAN-Tray | ID = 0
Description = 08:01:54, Wed, Feb 11, 09 Error - Unable to gain access to user store


[ DigitalPersona Pro Events ]
Error - 1/17/2009 2:47:16 PM | Computer Name = ChrisEngles-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ System Events ]
Error - 6/19/2009 2:38:16 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/19/2009 2:38:16 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/19/2009 2:38:16 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/19/2009 2:38:16 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 6/19/2009 3:00:41 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/19/2009 3:02:02 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/20/2009 12:30:07 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/20/2009 12:31:31 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/20/2009 12:43:26 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/20/2009 12:44:48 PM | Computer Name = ChrisEngles-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >


Nothing new or sigificant to report on system performance (which is running good)

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 PM

Posted 22 June 2009 - 07:00 AM

Hi there.
Well done :thumbup2:

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1718433626-2084869986-3254386905-1000]
    "EnableNotificationsRef" = dword:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = dword:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = dword:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = dword:0
    
    :File
    C:\Windows\System32\UACxejckoxnyhlxcst.db
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
==========

With your next post please provide:

* OTL log
* How is it running?

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users