Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having Some Problems


  • This topic is locked This topic is locked
45 replies to this topic

#1 coyn3burglar

coyn3burglar

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 03 July 2009 - 10:46 AM

Hello, whenever I start my laptop I have to manually start explorer.exe. I have Windows Vista. In addition to that, my aero theme completely dissappeared. This all happened after a windows update. I'm not sure if its a virus or what so I just want to make sure with a hijackthis log. Thanks for the help! Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:21 AM, on 7/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stevens.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell="explorer.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e0181716b1d0) (gupdate1c9e0181716b1d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hamachi Service (HamachiService) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\System32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\system32\lktsrv.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\Windows\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\system32\OpcEnum.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Windows\system32\IfxPsdSv.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12836 bytes

BC AdBot (Login to Remove)

 


m

#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,679 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:43 PM

Posted 09 July 2009 - 05:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards _temp_
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 09 July 2009 - 04:22 PM

Here it is:


DDS (Ver_09-06-26.01) - NTFSx86
Run by jcoyne at 17:18:48.81 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3070.1774 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Windows\system32\ifxspmgt.exe
C:\Windows\System32\IFXTCS.exe
C:\Windows\system32\lkcitdl.exe
C:\Windows\system32\lkads.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
c:\Windows\system32\IfxPsdSv.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Windows\System32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\nipalsm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\taskeng.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Class2012\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.stevens.edu/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell="explorer.exe"
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\class2012\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [<NO NAME>]
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\BLUETO~1.LNK -
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: DeviceNP - DeviceNP.dll
AppInit_DLLs: APSHook.dll,avgrsstx.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
LSA: Notification Packages = SbHpNp scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\users\class2~1\appdata\roaming\mozilla\firefox\profiles\2qqsb9wa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\class2012\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2007-7-10 15448]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-17 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-17 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-7-24 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-8-14 5840]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-20 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-20 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-17 298776]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-9-6 221184]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2007-4-16 37376]
R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2007-4-16 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2007-4-16 674304]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2007-4-16 50688]
R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2007-4-16 30208]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2007-9-18 11552]
R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2007-4-16 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2008-1-10 11360]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;c:\program files\solidworks\cosmos\floworks\bincfw\StandAloneSlv.exe [2007-4-2 655360]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-7-9 1464856]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2007-12-14 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2007-12-14 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2007-12-18 11360]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2008-7-9 47616]
S2 gupdate1c9e0181716b1d0;Google Update Service (gupdate1c9e0181716b1d0);c:\program files\google\update\GoogleUpdate.exe [2009-5-29 133104]
S2 HamachiService;Hamachi Service;c:\program files\hamachi\hamachi.exe [2009-3-10 625952]
S2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2007-1-5 18944]
S2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2007-2-16 12696]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2008-7-30 37488]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-9 193840]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-6-8 30008]
S3 EMSUSB2;EMS USB Joypad2;c:\windows\system32\drivers\Emsusb2.sys [2009-3-2 9728]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-6-8 172131]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [2007-12-20 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2007-10-8 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2007-10-8 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [2007-10-8 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2007-2-26 16672]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2007-12-26 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2008-2-19 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2007-12-18 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2008-2-15 11344]
S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2007-10-9 11360]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2008-2-19 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2008-2-19 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2007-12-26 11352]
S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2007-2-23 11552]
S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2007-10-11 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2008-1-11 11392]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2007-4-4 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2007-12-18 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2007-12-27 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2007-12-12 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2007-12-12 11896]
S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2007-12-25 11392]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2007-11-26 20768]
S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2007-6-30 11552]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2008-1-8 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2008-2-14 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2007-12-20 11344]
S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2007-8-3 11624]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2008-1-8 11376]
S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2007-11-13 11352]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2008-2-19 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2008-1-8 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2008-2-14 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2008-1-2 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2008-2-19 11360]
S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2007-12-1 11328]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2008-2-19 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2007-7-19 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2008-1-10 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2008-2-19 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2008-2-19 11336]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2009-7-5 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2009-7-5 62592]

=============== Created Last 30 ================

2009-07-05 19:36 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_silabser_01007.Wdf
2009-07-05 19:35 <DIR> --d----- c:\program files\Silabs
2009-07-05 19:34 <DIR> --d----- c:\windows\system32\Silabs
2009-07-05 19:33 1,112,288 a------- c:\windows\system32\WdfCoinstaller01007.dll
2009-07-05 19:33 62,592 a------- c:\windows\system32\drivers\silabser.sys
2009-07-05 19:33 17,920 a------- c:\windows\system32\drivers\silabenm.sys
2009-07-05 19:33 <DIR> --d----- c:\program files\SIBAS
2009-07-03 11:44 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 01:57 <DIR> --d----- C:\NVIDIA
2009-06-27 01:04 <DIR> --d----- c:\windows\system32\eu-ES
2009-06-27 01:04 <DIR> --d----- c:\windows\system32\ca-ES
2009-06-27 01:04 <DIR> --d----- c:\windows\system32\vi-VN
2009-06-27 00:59 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-06-27 00:41 <DIR> --d----- c:\windows\system32\EventProviders
2009-06-27 00:39 754,688 a------- c:\windows\system32\propsys.dll
2009-06-27 00:38 1,224,192 a------- c:\windows\system32\sud.dll
2009-06-27 00:37 83,968 a------- c:\windows\system32\wbem\wmiutils.dll
2009-06-27 00:37 744,448 a------- c:\windows\system32\wbem\wbemcore.dll
2009-06-27 00:37 614,912 a------- c:\windows\system32\wbem\fastprox.dll
2009-06-27 00:37 265,728 a------- c:\windows\system32\wbem\repdrvfs.dll
2009-06-27 00:37 265,728 a------- c:\windows\system32\wbem\esscli.dll
2009-06-27 00:37 189,440 a------- c:\windows\system32\wbem\mofd.dll
2009-06-27 00:37 30,208 a------- c:\windows\system32\wbem\wbemprox.dll
2009-06-27 00:37 705,536 a------- c:\windows\system32\SmiEngine.dll
2009-06-27 00:37 218,624 a------- c:\windows\system32\wdscore.dll
2009-06-27 00:37 130,560 a------- c:\windows\system32\PkgMgr.exe
2009-06-27 00:37 247,808 a------- c:\windows\system32\drvstore.dll
2009-06-21 22:52 <DIR> --d----- C:\Nexon
2009-06-21 22:06 <DIR> --d----- c:\program files\MapleStory
2009-06-21 22:05 <DIR> --d----- c:\programdata\PMB Files
2009-06-21 22:05 <DIR> --d----- c:\progra~2\PMB Files
2009-06-21 22:04 <DIR> --d----- c:\program files\Pando Networks
2009-06-18 01:01 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-06-17 15:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 15:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 15:48 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-17 15:48 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-06-17 15:48 <DIR> --d----- c:\programdata\avg8
2009-06-17 15:48 <DIR> --d----- c:\program files\AVG
2009-06-17 15:48 <DIR> --d----- c:\progra~2\avg8
2009-06-16 17:01 <DIR> --d----- c:\programdata\AOL Downloads
2009-06-11 00:39 2,034,688 a------- c:\windows\system32\win32k.sys
2009-06-11 00:39 623,616 a------- c:\windows\system32\localspl.dll
2009-06-11 00:38 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-07-09 17:14 132,958 a------- c:\programdata\nvModes.dat
2009-07-09 17:14 132,958 a------- c:\progra~2\nvModes.dat
2009-07-09 17:14 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-07-05 19:35 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-05 19:35 51,200 a------- c:\windows\inf\infpub.dat
2009-07-05 19:35 86,016 a------- c:\windows\inf\infstor.dat
2009-06-30 01:21 56,680 a------- c:\windows\system32\rpcnet.dll
2009-06-27 01:22 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-06-27 01:04 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-04 16:39 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-06-03 16:18 94,208 a------- c:\windows\ScUnin.exe
2009-06-03 16:18 34,693 a------- c:\windows\scunin.dat
2009-05-31 01:59 56,680 a------- c:\windows\system32\rpcnet.exe
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-11 02:33 986,600 a------- c:\windows\system32\winload.exe
2009-04-11 02:33 926,184 a------- c:\windows\system32\winresume.exe
2009-04-11 02:33 614,376 a------- c:\windows\system32\ci.dll
2009-04-11 02:32 50,664 a------- c:\windows\system32\PSHED.DLL
2009-04-11 02:32 3,601,896 a------- c:\windows\system32\ntkrnlpa.exe
2009-04-11 02:32 3,549,672 a------- c:\windows\system32\ntoskrnl.exe
2009-04-11 02:32 438,744 a------- c:\windows\system32\mcupdate_GenuineIntel.dll
2009-04-11 02:32 245,736 a------- c:\windows\system32\clfs.sys
2009-04-11 02:32 177,128 a------- c:\windows\system32\halmacpi.dll
2009-04-11 02:32 140,776 a------- c:\windows\system32\halacpi.dll
2009-04-11 02:32 17,896 a------- c:\windows\system32\kd1394.dll
2009-04-11 02:32 19,944 a------- c:\windows\system32\kdusb.dll
2009-04-11 02:32 17,384 a------- c:\windows\system32\kdcom.dll
2009-04-11 02:27 627,200 a------- c:\windows\system32\sethc.exe
2009-04-11 02:22 7,168 a------- c:\windows\system32\f3ahvoas.dll
2009-04-11 02:21 37,376 a------- c:\windows\system32\cdd.dll
2009-04-11 01:03 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 01:03 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 00:57 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-04-11 00:54 2,048 a------- c:\windows\system32\mferror.dll
2009-04-11 00:39 16,384 a------- c:\windows\system32\iscsilog.dll
2009-04-11 00:27 2,560 a------- c:\windows\system32\msimsg.dll
2009-04-11 00:23 289,792 a------- c:\windows\system32\atmfd.dll
2009-04-11 00:12 617,984 a------- c:\windows\system32\adtschema.dll
2009-04-10 21:59 107,612 a------- c:\windows\system32\StructuredQuerySchema.bin
2009-03-02 01:19 9,228 a------- c:\program files\uninst5.log
2008-01-20 22:42 174 a--sh--- c:\program files\desktop.ini
2008-01-11 10:47 88,761 a------- c:\windows\inf\pxiclean.exe
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 17:19:48.25 ===============

Thanks for the help.

Attached Files



#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 11 July 2009 - 07:27 PM

Hello.

Looks like the value that lauches the explorer was changed.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Shell"="explorer.exe"
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like Posted Image.

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Download and Run OTListIt
Please download OTListIt by OldTimer to your desktop.
Open OTListIt by double clicking its icon. If you are using Windows Vista, right click OTL.exe and select Run As Administrator.
Click Run Scan without changing any settings. When the scan is complete, a logfile will open.
Copy the contents of the log into your next reply. It will be saved as OTL.txt where OTL.exe is located.

Is the explorer starting now?

With Regards,
The Panda

#5 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 11 July 2009 - 08:02 PM

explorer did not start upon restart. I'm not sure what the cause of this is. Here is the OTListIt log thogh:

OTL logfile created on: 7/11/2009 8:44:12 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Class2012\Desktop
Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.17% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 36.49 Gb Free Space | 24.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 50.90 Gb Total Space | 29.47 Gb Free Space | 57.90% Space Free | Partition Type: NTFS

Computer Name: I240
Current User Name: jcoyne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/03/19 14:00:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/09/06 13:26:20 | 00,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/02/06 07:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/11/09 16:18:48 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2009/06/17 15:48:48 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/06/17 15:48:50 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/17 15:48:50 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/03/10 01:04:13 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2007/03/21 13:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2007/07/24 08:21:48 | 00,677,144 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxspmgt.exe
PRC - [2009/06/30 22:19:29 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2007/07/24 08:21:48 | 00,886,040 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IFXTCS.exe
PRC - [2007/11/27 15:38:04 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe
PRC - [2007/11/27 13:56:48 | 00,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
PRC - [2007/11/27 13:57:20 | 00,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
PRC - [2007/11/09 16:18:44 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/08/03 13:59:24 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
PRC - [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007/02/16 10:21:20 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nipalsm.exe
PRC - [2007/11/27 13:57:52 | 00,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2007/07/19 16:38:16 | 00,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe
PRC - [2007/12/06 15:15:44 | 00,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2007/07/24 08:21:48 | 00,140,568 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe
PRC - [2006/10/12 22:15:42 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe
PRC - [2007/04/02 11:39:34 | 00,655,360 | ---- | M] () -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
PRC - [2009/05/31 01:59:34 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/11/09 16:18:50 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/03/27 11:08:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2007/02/16 10:21:20 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nipalsm.exe
PRC - [2007/03/07 06:19:00 | 00,066,048 | R--- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
PRC - [2009/04/11 02:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 22:25:10 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 22:25:10 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/06/10 17:02:31 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/07/01 21:43:06 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2009/04/11 02:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Users\Class2012\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/07/11 20:43:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Class2012\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/02/06 07:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/03/14 06:03:00 | 00,074,752 | R--- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker [Auto | Running])
SRV - [2006/06/22 06:14:00 | 00,131,584 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel [Auto | Running])
SRV - [2007/11/09 16:18:48 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
SRV - [2009/06/17 15:48:48 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/30 00:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/02/07 10:23:34 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Stopped])
SRV - [2009/04/11 02:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2007/06/08 09:06:42 | 00,172,131 | R--- | M] (Hewlett-Packard Ltd) -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK [On_Demand | Stopped])
SRV - [2008/07/10 14:19:54 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/02/18 14:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/05/29 00:43:53 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e0181716b1d0 [Auto | Stopped])
SRV - [2009/05/29 00:43:27 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/03/10 01:04:13 | 00,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe -- (HamachiService [Auto | Running])
SRV - [2007/09/06 13:26:20 | 00,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/01/25 17:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [On_Demand | Stopped])
SRV - [2007/01/05 03:00:02 | 00,018,944 | ---- | M] () -- C:\Windows\System32\Hpservice.exe -- (hpsrv [Auto | Stopped])
SRV - [2007/03/21 13:00:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/02/18 14:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/07/24 08:21:48 | 00,677,144 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxspmgt.exe -- (IFXSpMgtSrv [Auto | Running])
SRV - [2007/07/24 08:21:48 | 00,886,040 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IFXTCS.exe -- (IFXTCS [Auto | Running])
SRV - [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/11/27 15:38:04 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer [Auto | Running])
SRV - [2007/11/27 13:56:48 | 00,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe -- (lkClassAds [Auto | Running])
SRV - [2007/11/27 13:57:20 | 00,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync [Auto | Running])
SRV - [2007/11/09 16:18:44 | 00,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS [Auto | Running])
SRV - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Stopped])
SRV - [2008/11/24 23:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2008/11/24 23:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
SRV - [2007/08/03 13:59:24 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr [Auto | Running])
SRV - [2009/04/11 02:28:23 | 00,302,592 | ---- | M] () -- C:\Windows\System32\qagentRT.dll -- (napagent [On_Demand | Stopped])
SRV - [2008/02/18 17:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/02/28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/02/18 14:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/02/16 10:21:20 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nipalsm.exe -- (ni488enumsvc [Auto | Running])
SRV - [2007/02/16 10:21:20 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nipalsm.exe -- (nidevldu [Auto | Stopped])
SRV - [2007/11/27 13:57:52 | 00,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService [Auto | Running])
SRV - [2007/10/31 08:20:36 | 01,007,616 | ---- | M] (Macrovision Corporation) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager [Disabled | Stopped])
SRV - [2007/02/16 10:21:20 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nipalsm.exe -- (nipxirmu [Auto | Running])
SRV - [2007/07/19 16:38:16 | 00,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc [Auto | Running])
SRV - [2007/12/06 15:15:44 | 00,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService [Auto | Running])
SRV - [2008/02/28 18:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/03/19 14:00:00 | 00,118,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/05/09 15:34:34 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\Windows\System32\OpcEnum.exe -- (OpcEnum [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/07/24 08:21:48 | 00,140,568 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService [Auto | Running])
SRV - [2006/10/12 22:15:42 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster [Auto | Running])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2008/02/28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/04/02 11:39:34 | 00,655,360 | ---- | M] () -- C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe -- (Remote Solver for COSMOSFloWorks 2007 [Auto | Running])
SRV - [2009/05/31 01:59:34 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe -- (Rpcnet [Auto | Running])
SRV - [2008/07/09 12:07:13 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2008/11/24 23:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 23:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2009/07/01 21:43:06 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Running])
SRV - [2007/11/09 16:18:50 | 01,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS [Auto | Running])
SRV - [2008/01/20 22:23:07 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 22:25:10 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/03/27 11:08:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/01/05 03:00:02 | 00,027,136 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/03/27 20:34:32 | 00,309,248 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2008/01/20 22:22:55 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:00 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 22:23:00 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 22:23:01 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 22:22:36 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/20 22:22:58 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 22:22:59 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/08/28 15:47:36 | 00,146,560 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV [On_Demand | Running])
DRV - [2009/06/17 15:48:59 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/06/19 08:39:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/06/17 15:49:03 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/12/12 13:12:38 | 00,080,424 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Running])
DRV - [2007/12/12 13:12:38 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Running])
DRV - [2007/12/12 13:12:38 | 00,016,168 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Running])
DRV - [2007/09/24 00:00:00 | 00,037,488 | ---- | M] (www.winchiphead.com) -- C:\Windows\System32\Drivers\CH341SER.SYS -- (CH341SER [On_Demand | Stopped])
DRV - [2008/01/20 22:22:35 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2007/10/23 10:00:00 | 00,004,096 | ---- | M] () -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv [Auto | Running])
DRV - [2007/06/08 08:49:46 | 00,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) -- C:\Windows\System32\DRIVERS\DAMDrv.sys -- (DAMDrv [On_Demand | Stopped])
DRV - [2008/02/07 01:13:00 | 00,218,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Running])
DRV - [2008/01/20 22:22:59 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 22:22:56 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2007/01/03 12:06:12 | 00,009,728 | ---- | M] () -- C:\Windows\System32\DRIVERS\EMSUSB2.sys -- (EMSUSB2 [On_Demand | Stopped])
DRV - [2009/01/15 12:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/10 01:04:13 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2006/06/28 09:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2008/01/20 22:23:00 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/01/05 03:00:02 | 00,018,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 16:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2008/01/20 22:22:57 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2007/03/27 11:08:18 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/03/27 11:08:18 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2007/03/21 12:58:56 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/20 22:22:57 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/20 22:22:58 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 22:22:59 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 22:22:57 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/12/20 09:37:04 | 00,020,056 | R--- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\lvalarmk.sys -- (lvalarmk [On_Demand | Stopped])
DRV - [2007/03/27 11:08:18 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/01/20 22:23:01 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 22:23:01 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/03/13 03:36:42 | 02,555,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2007/10/08 14:10:24 | 00,025,888 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\ni1006k.sys -- (ni1006k [On_Demand | Stopped])
DRV - [2007/10/08 14:10:28 | 00,011,552 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\ni1045kl.sys -- (ni1045k [On_Demand | Stopped])
DRV - [2007/10/08 14:10:30 | 00,022,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\ni1065k.sys -- (ni1065k [On_Demand | Stopped])
DRV - [2007/02/26 12:40:24 | 00,016,672 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\ni488lock.sys -- (ni488lock [On_Demand | Stopped])
DRV - [2007/04/16 15:40:36 | 00,037,376 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niarbk.dll -- (niarbk [Auto | Running])
DRV - [2007/04/16 15:40:38 | 00,021,504 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nibffrk.dll -- (nibffrk [Auto | Running])
DRV - [2007/12/26 11:53:24 | 00,011,352 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nicdrkl.sys -- (nicdrk [On_Demand | Stopped])
DRV - [2008/02/19 23:43:10 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nicsrkl.sys -- (nicsrk [On_Demand | Stopped])
DRV - [2007/04/16 17:04:12 | 00,674,304 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nidaq32k.sys -- (Nidaq32k [Auto | Running])
DRV - [2007/12/14 12:41:28 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nidimkl.sys -- (nidimk [On_Demand | Running])
DRV - [2007/04/16 17:06:28 | 00,050,688 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nidmmk.dll -- (nidmmk [Auto | Running])
DRV - [2007/12/18 18:20:10 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nidmxfkl.sys -- (nidmxfk [On_Demand | Stopped])
DRV - [2008/02/15 15:37:10 | 00,011,344 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nidsarkl.sys -- (nidsark [On_Demand | Stopped])
DRV - [2007/10/09 17:35:42 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nidwgkl.sys -- (nidwgk [On_Demand | Stopped])
DRV - [2008/02/19 23:43:12 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niemrkl.sys -- (niemrk [On_Demand | Stopped])
DRV - [2008/02/19 23:43:12 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niesrkl.sys -- (niesrk [On_Demand | Stopped])
DRV - [2007/12/26 11:18:58 | 00,011,352 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nifslkl.sys -- (nifslk [On_Demand | Stopped])
DRV - [2007/02/23 16:20:54 | 00,011,552 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nigplkl.sys -- (nigplk [On_Demand | Stopped])
DRV - [2007/10/11 11:51:10 | 00,011,352 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nihsdrkl.sys -- (nihsdrk [On_Demand | Stopped])
DRV - [2007/12/14 12:29:42 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimdbgkl.sys -- (nimdbgk [On_Demand | Running])
DRV - [2007/04/16 15:41:52 | 00,030,208 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimdsk.dll -- (nimdsk [Auto | Running])
DRV - [2007/12/14 15:06:04 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimru2kl.sys -- (nimru2k [On_Demand | Running])
DRV - [2008/01/11 16:08:42 | 00,011,392 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimsdrkl.sys -- (nimsdrk [On_Demand | Stopped])
DRV - [2007/04/04 08:06:14 | 00,151,683 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimsrlk.dll -- (nimsrlk [On_Demand | Stopped])
DRV - [2007/12/18 18:14:52 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimstskl.sys -- (nimstsk [On_Demand | Running])
DRV - [2007/12/14 14:41:08 | 00,011,344 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimxdfkl.sys -- (nimxdfk [On_Demand | Running])
DRV - [2007/12/18 18:14:26 | 00,011,368 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nimxpkl.sys -- (nimxpk [On_Demand | Stopped])
DRV - [2007/12/27 09:45:14 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\ninshsdkl.sys -- (ninshsdk [On_Demand | Stopped])
DRV - [2007/12/14 12:18:50 | 00,011,344 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niorbkl.sys -- (niorbk [On_Demand | Running])
DRV - [2007/12/12 23:23:46 | 00,011,904 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl [On_Demand | Stopped])
DRV - [2007/12/12 23:22:56 | 00,588,376 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipalk.sys -- (NIPALK [Boot | Running])
DRV - [2007/12/12 23:22:42 | 00,011,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl [On_Demand | Stopped])
DRV - [2007/07/10 19:08:14 | 00,015,448 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk [Boot | Running])
DRV - [2007/12/25 21:47:48 | 00,011,392 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipsdkl.sys -- (nipsdk [On_Demand | Stopped])
DRV - [2007/11/26 17:22:12 | 00,020,768 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipxigpk.sys -- (nipxigpk [On_Demand | Stopped])
DRV - [2007/09/18 07:24:32 | 00,011,552 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nipxirmkl.sys -- (nipxirmk [Auto | Running])
DRV - [2007/06/30 23:07:58 | 00,011,552 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nirfsa2kl.sys -- (nirfsa2k [On_Demand | Stopped])
DRV - [2008/01/08 00:38:04 | 00,011,376 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niscdkl.sys -- (niscdk [On_Demand | Stopped])
DRV - [2008/02/14 19:08:56 | 00,011,352 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nisdigkl.sys -- (nisdigk [On_Demand | Stopped])
DRV - [2007/12/20 15:54:10 | 00,011,344 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nisftkl.sys -- (nisftk [On_Demand | Stopped])
DRV - [2007/08/03 15:08:46 | 00,011,624 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nisldkl.sys -- (nisldk [On_Demand | Stopped])
DRV - [2008/01/08 00:38:06 | 00,011,376 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nispdkl.sys -- (nispdk [On_Demand | Stopped])
DRV - [2007/11/13 12:26:22 | 00,011,352 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nisrcdkl.sys -- (nisrcdk [On_Demand | Stopped])
DRV - [2008/02/19 23:43:14 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nissrkl.sys -- (nissrk [On_Demand | Stopped])
DRV - [2008/01/08 00:35:24 | 00,011,312 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nistc2kl.sys -- (nistc2k [On_Demand | Stopped])
DRV - [2007/04/16 15:42:28 | 00,111,616 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nistck.dll -- (nistck [Auto | Running])
DRV - [2008/02/14 20:58:44 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nistcrkl.sys -- (nistcrk [On_Demand | Stopped])
DRV - [2008/01/02 13:14:42 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niswdkl.sys -- (niswdk [On_Demand | Stopped])
DRV - [2008/02/19 23:56:40 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nitiorkl.sys -- (nitiork [On_Demand | Stopped])
DRV - [2007/12/01 18:01:34 | 00,011,328 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nitnr2kl.sys -- (nitnr2k [On_Demand | Stopped])
DRV - [2008/02/19 23:43:14 | 00,011,368 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niufurkl.sys -- (niufurk [On_Demand | Stopped])
DRV - [2007/07/19 10:48:36 | 00,011,384 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\NiViFWKl.sys -- (NiViFWK [On_Demand | Stopped])
DRV - [2008/01/10 15:18:44 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\NiViPciKl.sys -- (NiViPciK [On_Demand | Stopped])
DRV - [2008/01/10 15:18:44 | 00,011,360 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\NiViPxiKl.sys -- (NiViPxiK [Auto | Running])
DRV - [2008/02/19 23:43:14 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\niwfrkl.sys -- (niwfrk [On_Demand | Stopped])
DRV - [2008/02/19 23:43:16 | 00,011,336 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\nixsrkl.sys -- (nixsrk [On_Demand | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/03/19 14:00:00 | 07,438,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/20 22:22:55 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 22:22:55 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/07/24 08:21:52 | 00,038,816 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive [System | Running])
DRV - [2008/01/20 22:22:59 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/04/17 20:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi [Auto | Running])
DRV - [2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2006/12/20 01:08:00 | 00,047,616 | ---- | M] (RICOH Company, Ltd.) -- C:\Windows\System32\DRIVERS\rismc32.sys -- (rismc32 [On_Demand | Running])
DRV - [2007/08/14 17:59:52 | 00,005,840 | ---- | M] (SafeBoot International) -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock [System | Running])
DRV - [2007/08/14 17:59:44 | 00,101,167 | ---- | M] () -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot [Boot | Running])
DRV - [2006/10/09 13:31:46 | 00,044,720 | ---- | M] (SafeBoot N.V.) -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg [Boot | Running])
DRV - [2007/06/14 16:22:58 | 00,013,184 | ---- | M] (SafeBoot International) -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock [Boot | Running])
DRV - [2009/03/15 06:25:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2003/09/09 15:30:32 | 00,011,376 | ---- | M] () -- C:\Windows\System32\drivers\SECDRV.SYS -- (SecDrv [Auto | Running])
DRV - [2009/02/19 11:29:46 | 00,017,920 | ---- | M] (Silicon Laboratories, Inc.) -- C:\Windows\System32\DRIVERS\silabenm.sys -- (silabenm [On_Demand | Stopped])
DRV - [2009/02/19 11:29:46 | 00,062,592 | ---- | M] (Silicon Laboratories) -- C:\Windows\System32\DRIVERS\silabser.sys -- (silabser [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/09/10 16:30:27 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/03/28 02:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 22:23:00 | 00,045,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys -- (TPM [On_Demand | Running])
DRV - [2008/01/20 22:22:54 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 22:22:58 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/02/15 14:33:34 | 00,030,256 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\drivers\usb6xxxk.dll -- (usb6xxxk [On_Demand | Stopped])
DRV - [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2009/04/11 00:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/01/20 22:22:36 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 22:22:58 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/03/27 11:08:18 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/03/27 11:08:20 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2007/08/28 18:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.stevens.edu/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.stevens.edu/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/28 12:34:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 22:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/19 08:41:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/16 17:03:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 22:05:04 | 00,000,000 | ---D | M]

[2008/08/24 00:54:08 | 00,000,000 | ---D | M] -- C:\Users\Class2012\AppData\Roaming\mozilla\Extensions
[2008/08/24 00:54:08 | 00,000,000 | ---D | M] -- C:\Users\Class2012\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/27 00:39:52 | 00,000,000 | ---D | M] -- C:\Users\Class2012\AppData\Roaming\mozilla\Firefox\Profiles\2qqsb9wa.default\extensions
[2009/06/27 00:39:52 | 00,000,000 | ---D | M] -- C:\Users\Class2012\AppData\Roaming\mozilla\Firefox\Profiles\2qqsb9wa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/12 13:49:24 | 00,000,000 | ---D | M] -- C:\Users\Class2012\AppData\Roaming\mozilla\Firefox\Profiles\2qqsb9wa.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/06/27 00:39:52 | 00,000,000 | ---D | M] -- C:\Users\Class2012\AppData\Roaming\mozilla\Firefox\Profiles\2qqsb9wa.default\extensions\staged-xpis
[2009/06/27 00:40:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/30 08:10:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/14 12:17:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/30 08:10:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/30 08:10:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/06/17 16:12:42 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/11/10 06:43:30 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/01/23 10:32:04 | 00,020,992 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 10:48:16 | 00,028,448 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 18:03:42 | 00,023,040 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\nplv85win32.dll
[2009/04/30 08:10:53 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/06/21 22:05:01 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/03/28 00:36:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/03/28 00:36:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/03/28 00:36:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/03/28 00:36:41 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/03/28 00:36:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/03/28 00:36:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/03/28 00:36:42 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/15 02:33:09 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PTHOSTTR] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\System32\userinit.exe ()
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1107dfdb-5e75-11dd-8745-001f297a2ae8}\Shell - "" = AutoRun
O33 - MountPoints2\{1107dfdb-5e75-11dd-8745-001f297a2ae8}\Shell\AutoRun\command - "" = F:\PStart.exe -- File not found
O33 - MountPoints2\{37909e25-f201-11dd-a52d-001f299563ee}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{37909e25-f201-11dd-a52d-001f299563ee}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{37909e25-f201-11dd-a52d-001f299563ee}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{37909e43-f201-11dd-a52d-00218635797d}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe
O33 - MountPoints2\{46d1cc39-7f78-11dd-a8d1-00218635797d}\Shell - "" = AutoRun
O33 - MountPoints2\{46d1cc39-7f78-11dd-a8d1-00218635797d}\Shell\AutoRun\command - "" = E:\Madden08.exe -- File not found
O33 - MountPoints2\{c2804b94-4ea5-11dd-a085-00218602cf71}\Shell - "" = AutoRun
O33 - MountPoints2\{c2804b94-4ea5-11dd-a085-00218602cf71}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c2804b9f-4ea5-11dd-a085-00218602cf71}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{cd9d1a77-aed3-11dd-95ce-00218635797d}\Shell - "" = AutoRun
O33 - MountPoints2\{cd9d1a77-aed3-11dd-95ce-00218635797d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe ()
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/07/11 20:43:47 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Class2012\Desktop\OTL.exe
[2009/07/11 20:42:58 | 00,000,110 | ---- | C] () -- C:\Users\Class2012\Desktop\fix.reg
[2009/07/11 20:41:17 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/11 20:40:28 | 00,000,714 | ---- | C] () -- C:\Users\Class2012\Desktop\ERUNT.lnk
[2009/07/11 20:40:25 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/11 20:39:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Class2012\Desktop\erunt-setup.exe
[2009/07/09 18:37:49 | 21,437,1227 | ---- | C] () -- C:\Users\Class2012\Desktop\Enders_Game.zip
[2009/07/05 19:36:09 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2009/07/05 19:35:15 | 00,000,000 | ---D | C] -- C:\Program Files\Silabs
[2009/07/05 19:34:58 | 00,000,000 | ---D | C] -- C:\Windows\System32\Silabs
[2009/07/05 19:33:43 | 01,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoinstaller01007.dll
[2009/07/05 19:33:43 | 00,062,592 | ---- | C] (Silicon Laboratories) -- C:\Windows\System32\drivers\silabser.sys
[2009/07/05 19:33:43 | 00,017,920 | ---- | C] (Silicon Laboratories, Inc.) -- C:\Windows\System32\drivers\silabenm.sys
[2009/07/05 19:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\SIBAS
[2009/07/03 11:44:58 | 00,001,874 | ---- | C] () -- C:\Users\Class2012\Desktop\HijackThis.lnk
[2009/07/03 11:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/30 22:19:48 | 00,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/30 22:19:48 | 00,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/30 17:57:31 | 00,000,918 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000UA.job
[2009/06/30 17:57:30 | 00,000,866 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000Core.job
[2009/06/30 17:45:31 | 00,016,640 | ---- | C] () -- C:\Users\Class2012\Documents\cc_20090630_174530.reg
[2009/06/30 17:06:09 | 00,026,112 | ---- | C] () -- C:\Users\Class2012\Documents\Gasoline Stations Working Hours.doc
[2009/06/27 01:57:59 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/06/27 01:04:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/06/27 01:04:18 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/06/27 01:04:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/06/27 00:59:09 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2009/06/27 00:41:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/06/27 00:40:58 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/06/27 00:40:54 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/06/27 00:40:53 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/06/27 00:40:51 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/06/27 00:40:51 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/06/27 00:40:49 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/06/27 00:40:47 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/06/27 00:40:47 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/06/27 00:40:46 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/06/27 00:40:45 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/06/27 00:40:44 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/06/27 00:40:44 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/06/27 00:40:43 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/06/27 00:40:43 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/06/27 00:40:43 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/06/27 00:40:43 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/06/27 00:40:42 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/06/27 00:40:40 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/06/27 00:40:40 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/06/27 00:40:40 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/06/27 00:40:40 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys
[2009/06/27 00:40:40 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/06/27 00:40:40 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/06/27 00:40:39 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/06/27 00:40:38 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/06/27 00:40:37 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/06/27 00:40:37 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/06/27 00:40:37 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/06/27 00:40:36 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/06/27 00:40:36 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/06/27 00:40:35 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/06/27 00:40:34 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/06/27 00:40:34 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/06/27 00:40:34 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/06/27 00:40:31 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/06/27 00:40:30 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/06/27 00:40:29 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/06/27 00:40:29 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/06/27 00:40:29 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/06/27 00:40:29 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/06/27 00:40:28 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/06/27 00:40:28 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/06/27 00:40:28 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/06/27 00:40:28 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/06/27 00:40:27 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/06/27 00:40:27 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/06/27 00:40:26 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/06/27 00:40:26 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/06/27 00:40:26 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/06/27 00:40:25 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/06/27 00:40:25 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/06/27 00:40:24 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/06/27 00:40:24 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/06/27 00:40:24 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/06/27 00:40:24 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys
[2009/06/27 00:40:24 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/06/27 00:40:23 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/06/27 00:40:23 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/06/27 00:40:22 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/06/27 00:40:22 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/06/27 00:40:22 | 00,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
[2009/06/27 00:40:21 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/06/27 00:40:21 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/06/27 00:40:21 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/06/27 00:40:20 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/06/27 00:40:20 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/06/27 00:40:20 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/06/27 00:40:19 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/06/27 00:40:19 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/06/27 00:40:19 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/06/27 00:40:19 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/06/27 00:40:18 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/06/27 00:40:18 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/06/27 00:40:18 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/06/27 00:40:17 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/06/27 00:40:17 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/06/27 00:40:17 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/27 00:40:16 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/06/27 00:40:16 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/06/27 00:40:16 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/06/27 00:40:15 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/06/27 00:40:15 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/06/27 00:40:15 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/06/27 00:40:14 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/06/27 00:40:14 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/06/27 00:40:13 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/06/27 00:40:13 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/06/27 00:40:13 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/06/27 00:40:13 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/06/27 00:40:13 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/06/27 00:40:12 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/06/27 00:40:12 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/06/27 00:40:12 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/06/27 00:40:12 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/06/27 00:40:12 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/06/27 00:40:12 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/06/27 00:40:10 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/06/27 00:40:10 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2009/06/27 00:40:10 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/06/27 00:40:09 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/06/27 00:40:09 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/06/27 00:40:09 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/06/27 00:40:09 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/06/27 00:40:09 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/06/27 00:40:08 | 00,491,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscsvc.dll
[2009/06/27 00:40:08 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2009/06/27 00:40:08 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/06/27 00:40:07 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/06/27 00:40:06 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/06/27 00:40:06 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/06/27 00:40:06 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/06/27 00:40:06 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/06/27 00:40:05 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/06/27 00:40:05 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/06/27 00:40:05 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/27 00:40:05 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/06/27 00:40:05 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/06/27 00:40:04 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/06/27 00:40:04 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/06/27 00:40:03 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/06/27 00:40:03 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/06/27 00:40:02 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/06/27 00:40:02 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/06/27 00:40:01 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/06/27 00:40:01 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/06/27 00:39:59 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/06/27 00:39:59 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/06/27 00:39:59 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/06/27 00:39:59 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/06/27 00:39:59 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/06/27 00:39:59 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/06/27 00:39:58 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/06/27 00:39:58 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/06/27 00:39:57 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/06/27 00:39:57 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/06/27 00:39:56 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/06/27 00:39:55 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/06/27 00:39:55 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/06/27 00:39:55 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/06/27 00:39:55 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/06/27 00:39:54 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/06/27 00:39:54 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/06/27 00:39:54 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/06/27 00:39:54 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/06/27 00:39:54 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/27 00:39:54 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/27 00:39:54 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/06/27 00:39:53 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/06/27 00:39:53 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/06/27 00:39:53 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/06/27 00:39:53 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/06/27 00:39:52 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/06/27 00:39:52 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/06/27 00:39:51 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/06/27 00:39:51 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/06/27 00:39:50 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/06/27 00:39:50 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/06/27 00:39:50 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/06/27 00:39:49 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/06/27 00:39:49 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/06/27 00:39:49 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/06/27 00:39:49 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/06/27 00:39:49 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/06/27 00:39:49 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/06/27 00:39:48 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/06/27 00:39:48 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/06/27 00:39:48 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/06/27 00:39:48 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/06/27 00:39:47 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/06/27 00:39:47 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/06/27 00:39:47 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/06/27 00:39:46 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/06/27 00:39:46 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/06/27 00:39:46 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/06/27 00:39:46 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/06/27 00:39:45 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/06/27 00:39:45 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/06/27 00:39:45 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/06/27 00:39:45 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/06/27 00:39:44 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/06/27 00:39:44 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/06/27 00:39:44 | 00,302,592 | ---- | C] () -- C:\Windows\System32\QAGENTRT.DLL
[2009/06/27 00:39:44 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/06/27 00:39:44 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/06/27 00:39:43 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/06/27 00:39:43 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/06/27 00:39:43 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/06/27 00:39:43 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/06/27 00:39:42 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/06/27 00:39:42 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/06/27 00:39:41 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/06/27 00:39:40 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/06/27 00:39:40 | 00,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe
[2009/06/27 00:39:40 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/06/27 00:39:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/06/27 00:39:39 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/06/27 00:39:38 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/06/27 00:39:37 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/06/27 00:39:37 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/06/27 00:39:37 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/06/27 00:39:36 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/06/27 00:39:35 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/06/27 00:39:35 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/06/27 00:39:34 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/06/27 00:39:34 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/06/27 00:39:33 | 00,643,072 | ---- | C] () -- C:\Windows\System32\autochk.exe
[2009/06/27 00:39:33 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/06/27 00:39:33 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/06/27 00:39:33 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/06/27 00:39:33 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/06/27 00:39:33 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/06/27 00:39:33 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/06/27 00:39:33 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/06/27 00:39:33 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/06/27 00:39:33 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/06/27 00:39:32 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/06/27 00:39:32 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/06/27 00:39:32 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/06/27 00:39:32 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/06/27 00:39:32 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/06/27 00:39:32 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/06/27 00:39:32 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/06/27 00:39:31 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/06/27 00:39:31 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/06/27 00:39:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/06/27 00:39:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/06/27 00:39:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/06/27 00:39:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/06/27 00:39:31 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/06/27 00:39:30 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/06/27 00:39:30 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/06/27 00:39:30 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/06/27 00:39:30 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/06/27 00:39:30 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/06/27 00:39:29 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/06/27 00:39:29 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/06/27 00:39:29 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/06/27 00:39:29 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/06/27 00:39:29 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/06/27 00:39:29 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/06/27 00:39:29 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/06/27 00:39:29 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/06/27 00:39:29 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/06/27 00:39:28 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/06/27 00:39:28 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/06/27 00:39:28 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/06/27 00:39:28 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/06/27 00:39:28 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/06/27 00:39:28 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/06/27 00:39:28 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/06/27 00:39:27 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/06/27 00:39:27 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/06/27 00:39:27 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/06/27 00:39:27 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/06/27 00:39:27 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/06/27 00:39:27 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/06/27 00:39:27 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/06/27 00:39:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/06/27 00:39:27 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/06/27 00:39:26 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/06/27 00:39:26 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys
[2009/06/27 00:39:26 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/06/27 00:39:26 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/06/27 00:39:26 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/06/27 00:39:26 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/06/27 00:39:26 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/06/27 00:39:25 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/06/27 00:39:25 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/06/27 00:39:25 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2009/06/27 00:39:25 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/06/27 00:39:25 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/06/27 00:39:24 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/06/27 00:39:24 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/06/27 00:39:24 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/06/27 00:39:24 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/06/27 00:39:24 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/06/27 00:39:24 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/06/27 00:39:24 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/06/27 00:39:24 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/06/27 00:39:24 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/06/27 00:39:23 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/06/27 00:39:23 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/06/27 00:39:23 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/06/27 00:39:23 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/06/27 00:39:23 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/06/27 00:39:23 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/06/27 00:39:23 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/06/27 00:39:23 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/06/27 00:39:22 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/06/27 00:39:22 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/06/27 00:39:22 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/06/27 00:39:22 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/06/27 00:39:22 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/06/27 00:39:22 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/06/27 00:39:22 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/06/27 00:39:22 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/06/27 00:39:22 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/06/27 00:39:22 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/06/27 00:39:22 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/06/27 00:39:21 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/06/27 00:39:21 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/06/27 00:39:21 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/06/27 00:39:21 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/06/27 00:39:21 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/06/27 00:39:21 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/06/27 00:39:21 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/06/27 00:39:21 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/06/27 00:39:21 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/06/27 00:39:21 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/06/27 00:39:21 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/06/27 00:39:21 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/06/27 00:39:21 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/06/27 00:39:20 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/06/27 00:39:20 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/06/27 00:39:20 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/06/27 00:39:20 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/06/27 00:39:20 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/06/27 00:39:19 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/06/27 00:39:19 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/06/27 00:39:19 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/06/27 00:39:19 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/06/27 00:39:19 | 00,143,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys
[2009/06/27 00:39:18 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/06/27 00:39:17 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/06/27 00:39:17 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/06/27 00:39:17 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/06/27 00:39:17 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/06/27 00:39:17 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/06/27 00:39:17 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/06/27 00:39:17 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/06/27 00:39:17 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/06/27 00:39:17 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/06/27 00:39:16 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
[2009/06/27 00:39:16 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/06/27 00:39:16 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/06/27 00:39:16 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/06/27 00:39:16 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/06/27 00:39:16 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/06/27 00:39:16 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/06/27 00:39:16 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/06/27 00:39:16 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/06/27 00:39:16 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/06/27 00:39:16 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/06/27 00:39:16 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/06/27 00:39:15 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/06/27 00:39:15 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/06/27 00:39:15 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/06/27 00:39:15 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/06/27 00:39:15 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/06/27 00:39:15 | 00,177,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcmcia.sys
[2009/06/27 00:39:15 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/06/27 00:39:15 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/06/27 00:39:15 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/06/27 00:39:14 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/06/27 00:39:14 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/06/27 00:39:14 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/06/27 00:39:14 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/06/27 00:39:14 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/06/27 00:39:14 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/06/27 00:39:13 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/06/27 00:39:13 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/06/27 00:39:13 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/06/27 00:39:13 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/06/27 00:39:13 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/06/27 00:39:13 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/06/27 00:39:13 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/06/27 00:39:13 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/06/27 00:39:13 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/06/27 00:39:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/06/27 00:39:12 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/06/27 00:39:12 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/06/27 00:39:12 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/06/27 00:39:12 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/06/27 00:39:12 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/06/27 00:39:12 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/06/27 00:39:11 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/06/27 00:39:11 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/06/27 00:39:11 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/06/27 00:39:11 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/06/27 00:39:11 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/06/27 00:39:11 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys
[2009/06/27 00:39:10 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/06/27 00:39:10 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/06/27 00:39:10 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/06/27 00:39:10 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/06/27 00:39:10 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/06/27 00:39:10 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/06/27 00:39:10 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/06/27 00:39:10 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/06/27 00:39:10 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/06/27 00:39:10 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/06/27 00:39:09 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/06/27 00:39:09 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/06/27 00:39:09 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/06/27 00:39:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/06/27 00:39:09 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/06/27 00:39:09 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/06/27 00:39:09 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/06/27 00:39:09 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/06/27 00:39:09 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/06/27 00:39:08 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/06/27 00:39:08 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/06/27 00:39:08 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/06/27 00:39:08 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/06/27 00:39:08 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/06/27 00:39:08 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/06/27 00:39:08 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/06/27 00:39:08 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/06/27 00:39:07 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/06/27 00:39:07 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/06/27 00:39:07 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/06/27 00:39:07 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/06/27 00:39:07 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/06/27 00:39:07 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/06/27 00:39:07 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/06/27 00:39:07 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/06/27 00:39:07 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/06/27 00:39:07 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/06/27 00:39:07 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/06/27 00:39:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/06/27 00:39:07 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/06/27 00:39:06 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/06/27 00:39:06 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/06/27 00:39:06 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/06/27 00:39:06 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/06/27 00:39:06 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/06/27 00:39:06 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/06/27 00:39:06 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/06/27 00:39:05 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/06/27 00:39:05 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/06/27 00:39:05 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/06/27 00:39:04 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/06/27 00:39:04 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/06/27 00:39:04 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/06/27 00:39:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/06/27 00:39:04 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/06/27 00:39:03 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/06/27 00:39:03 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/06/27 00:39:03 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/06/27 00:39:03 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/06/27 00:39:03 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/06/27 00:39:03 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/06/27 00:39:03 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/06/27 00:39:03 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/06/27 00:39:02 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/06/27 00:39:02 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/06/27 00:39:02 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/06/27 00:39:02 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/06/27 00:39:02 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/06/27 00:39:02 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/06/27 00:39:02 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/06/27 00:39:01 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/06/27 00:39:01 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/06/27 00:39:01 | 00,780,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveui.dll
[2009/06/27 00:39:01 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/06/27 00:39:01 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umrdp.dll
[2009/06/27 00:39:01 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/06/27 00:39:01 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/06/27 00:39:01 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/06/27 00:39:01 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/06/27 00:39:00 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/06/27 00:38:59 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/06/27 00:38:59 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/06/27 00:38:58 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/06/27 00:38:58 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/06/27 00:38:58 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/06/27 00:38:58 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/06/27 00:38:58 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/06/27 00:38:57 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/06/27 00:38:57 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/06/27 00:38:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys
[2009/06/27 00:38:57 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/06/27 00:38:57 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/06/27 00:38:56 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/06/27 00:38:56 | 00,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
[2009/06/27 00:38:55 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/06/27 00:38:55 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/06/27 00:38:55 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/06/27 00:38:55 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/06/27 00:38:54 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2009/06/27 00:38:54 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/06/27 00:38:54 | 00,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2009/06/27 00:38:54 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2009/06/27 00:38:54 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/06/27 00:38:54 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS
[2009/06/27 00:38:53 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/06/27 00:38:53 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/06/27 00:38:53 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/27 00:38:53 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/06/27 00:38:53 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/06/27 00:38:53 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/06/27 00:38:53 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/06/27 00:38:53 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/06/27 00:38:53 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/06/27 00:38:53 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/06/27 00:38:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/06/27 00:38:53 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/06/27 00:38:53 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/06/27 00:38:53 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/06/27 00:38:53 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/06/27 00:38:53 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/06/27 00:38:52 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/06/27 00:38:52 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/06/27 00:38:52 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/06/27 00:38:52 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/06/27 00:38:52 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/06/27 00:38:52 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/06/27 00:38:52 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/06/27 00:38:52 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/06/27 00:38:52 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/06/27 00:38:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/06/27 00:38:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/06/27 00:38:51 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/06/27 00:38:51 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/06/27 00:38:51 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/06/27 00:38:51 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/06/27 00:38:51 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2009/06/27 00:38:51 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/06/27 00:38:51 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/06/27 00:38:50 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/06/27 00:38:50 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/06/27 00:38:50 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/06/27 00:38:50 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/06/27 00:38:50 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/06/27 00:38:50 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/06/27 00:38:50 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/06/27 00:38:50 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/06/27 00:38:50 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/06/27 00:38:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/06/27 00:38:50 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/06/27 00:38:49 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/06/27 00:38:49 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/06/27 00:38:49 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/06/27 00:38:49 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/06/27 00:38:49 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/06/27 00:38:49 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/06/27 00:38:49 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/06/27 00:38:49 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/06/27 00:38:49 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/06/27 00:38:48 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/06/27 00:38:48 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/06/27 00:38:48 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/06/27 00:38:48 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/06/27 00:38:48 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/06/27 00:38:48 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/06/27 00:38:48 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/06/27 00:38:48 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/06/27 00:38:48 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/06/27 00:38:47 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/06/27 00:38:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/06/27 00:38:47 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/06/27 00:38:47 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/06/27 00:38:47 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/06/27 00:38:47 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/06/27 00:38:47 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/06/27 00:38:47 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/06/27 00:38:46 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/06/27 00:38:46 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/06/27 00:38:46 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/06/27 00:38:46 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/06/27 00:38:45 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2009/06/27 00:38:45 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/06/27 00:38:45 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/06/27 00:38:44 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/06/27 00:38:44 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/06/27 00:38:44 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/06/27 00:38:44 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/06/27 00:38:44 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/06/27 00:38:44 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgmts.dll
[2009/06/27 00:38:44 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/06/27 00:38:44 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2009/06/27 00:38:44 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/06/27 00:38:43 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/06/27 00:38:43 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/06/27 00:38:43 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/06/27 00:38:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/06/27 00:38:43 | 00,062,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/06/27 00:38:43 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/06/27 00:38:43 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/06/27 00:38:43 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/06/27 00:38:42 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/06/27 00:38:42 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/06/27 00:38:42 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/06/27 00:38:42 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/06/27 00:38:42 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/06/27 00:38:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/06/27 00:38:40 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/06/27 00:38:40 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/06/27 00:38:40 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/06/27 00:38:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/06/27 00:38:40 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/06/27 00:38:40 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/06/27 00:38:39 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/06/27 00:38:39 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/06/27 00:38:39 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/27 00:38:39 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2009/06/27 00:38:39 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/06/27 00:38:39 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/06/27 00:38:39 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/06/27 00:38:38 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/06/27 00:38:38 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/06/27 00:38:38 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/06/27 00:38:38 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/06/27 00:38:38 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/06/27 00:38:38 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/06/27 00:38:38 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2009/06/27 00:38:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/06/27 00:38:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/06/27 00:38:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/06/27 00:38:37 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/06/27 00:38:37 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/06/27 00:38:37 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/06/27 00:38:37 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/06/27 00:38:37 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2009/06/27 00:38:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/27 00:38:37 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/06/27 00:38:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/06/27 00:38:37 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/06/27 00:38:36 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/06/27 00:38:36 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/06/27 00:38:36 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/06/27 00:38:36 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/06/27 00:38:36 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/06/27 00:38:36 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/06/27 00:38:36 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/06/27 00:38:36 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/06/27 00:38:36 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/06/27 00:38:36 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/06/27 00:38:36 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/06/27 00:38:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/06/27 00:38:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/06/27 00:38:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/06/27 00:38:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/06/27 00:38:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/06/27 00:38:35 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/06/27 00:38:35 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/06/27 00:38:35 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/06/27 00:38:35 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/06/27 00:38:35 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/06/27 00:38:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/06/27 00:38:35 | 00,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/06/27 00:38:35 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/06/27 00:38:35 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/06/27 00:38:35 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/06/27 00:38:35 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2009/06/27 00:38:35 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/06/27 00:38:34 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/06/27 00:38:34 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/06/27 00:38:34 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/06/27 00:38:34 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2009/06/27 00:38:33 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/06/27 00:38:33 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/06/27 00:38:33 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/06/27 00:38:33 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/06/27 00:38:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/06/27 00:38:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/06/27 00:38:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2009/06/27 00:38:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/06/27 00:38:32 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/06/27 00:38:31 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/06/27 00:38:31 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/06/27 00:38:31 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/06/27 00:38:31 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/06/27 00:38:31 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/06/27 00:38:31 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2009/06/27 00:38:31 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/06/27 00:38:30 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/06/27 00:38:30 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2009/06/27 00:38:30 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/06/27 00:38:29 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/06/27 00:38:29 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/06/27 00:38:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/06/27 00:38:29 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2009/06/27 00:38:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2009/06/27 00:38:29 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2009/06/27 00:38:29 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/06/27 00:38:28 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2009/06/27 00:38:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2009/06/27 00:38:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2009/06/27 00:38:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2009/06/27 00:38:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2009/06/27 00:38:28 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/06/27 00:38:28 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/06/27 00:38:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2009/06/27 00:38:28 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2009/06/27 00:38:27 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/06/27 00:38:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/06/27 00:38:27 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/06/27 00:38:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/06/27 00:38:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/06/27 00:38:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/06/27 00:38:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2009/06/27 00:38:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/06/27 00:38:27 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/06/27 00:38:26 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/06/27 00:38:26 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/06/27 00:38:25 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/06/27 00:38:25 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/06/27 00:38:25 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/06/27 00:38:25 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/06/27 00:38:25 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/06/27 00:38:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/06/27 00:38:25 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/06/27 00:38:25 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/06/27 00:38:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/06/27 00:38:15 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/06/27 00:38:15 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/06/27 00:38:12 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/06/27 00:37:55 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/06/27 00:37:52 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/06/27 00:37:52 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/06/27 00:37:43 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/06/26 22:25:41 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/26 22:25:40 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/26 22:25:40 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/26 22:25:40 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/26 22:25:40 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/26 22:25:39 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/26 22:25:39 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/26 22:25:39 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/26 22:25:39 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/26 22:25:38 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/26 22:25:38 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/26 22:25:37 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/26 22:25:36 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/26 22:23:53 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/26 22:23:53 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/26 22:23:52 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/06/26 22:23:52 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/26 22:23:52 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/26 22:23:52 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/06/26 22:23:51 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/26 22:23:51 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/06/26 22:23:51 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/06/26 22:23:51 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/06/26 22:23:50 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/26 22:23:50 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/06/26 22:23:49 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/06/26 22:23:49 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/06/26 22:23:48 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/26 22:23:48 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/06/26 22:23:48 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/26 22:23:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/06/26 22:23:47 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/06/26 22:23:47 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/06/26 22:23:47 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/26 22:23:47 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/06/26 22:23:47 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/26 22:23:46 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/26 22:23:45 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/26 22:23:45 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/26 22:23:45 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/26 22:23:44 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/06/26 22:23:44 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/26 22:23:44 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/06/26 22:23:44 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/06/26 22:23:43 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/06/26 22:23:41 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/06/26 22:23:41 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/26 22:23:41 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/06/26 22:23:41 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/06/26 22:23:41 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/06/26 22:23:40 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/26 22:23:40 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/06/26 22:23:40 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/06/26 22:23:40 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/06/26 22:23:40 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/06/24 16:56:34 | 00,032,302 | ---- | C] () -- C:\Users\Class2012\Documents\cc_20090624_165632.reg
[2009/06/21 22:54:53 | 00,001,768 | ---- | C] () -- C:\Users\Class2012\Desktop\MapleStory.lnk
[2009/06/21 22:52:23 | 00,000,000 | ---D | C] -- C:\Nexon
[2009/06/21 22:06:32 | 00,000,000 | ---D | C] -- C:\Program Files\MapleStory
[2009/06/21 22:05:11 | 00,000,000 | ---D | C] -- C:\Users\Class2012\AppData\Local\PMB Files
[2009/06/21 22:05:09 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/06/21 22:04:57 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/06/20 23:32:40 | 01,886,287 | ---- | C] () -- C:\Users\Class2012\Documents\Untitled (2).wma
[2009/06/18 01:01:45 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/17 15:49:10 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/06/17 15:49:05 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/17 15:49:03 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/06/17 15:48:59 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/06/17 15:48:57 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/06/17 15:48:56 | 38,072,861 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/06/17 15:48:56 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/06/17 15:48:56 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/17 15:48:56 | 00,025,155 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/06/17 15:48:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/06/17 15:48:47 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/06/17 15:48:47 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/16 17:03:07 | 00,001,756 | ---- | C] () -- C:\Users\Public\Desktop\AIM 6.lnk
[2009/06/16 17:01:47 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2009/03/10 00:57:45 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
[2009/03/10 00:57:44 | 00,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll
[2009/03/02 19:09:42 | 01,581,056 | ---- | C] () -- C:\Windows\System32\UsbPadCP.dll
[2009/03/02 19:09:42 | 00,036,864 | ---- | C] () -- C:\Windows\System32\Usbpadff.dll
[2009/03/02 19:09:42 | 00,009,728 | ---- | C] () -- C:\Windows\System32\drivers\Emsusb2.sys
[2009/03/02 19:09:42 | 00,003,968 | ---- | C] () -- C:\Windows\System32\drivers\FltrKbd.sys
[2009/02/03 14:56:15 | 00,011,376 | ---- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2008/09/19 21:31:21 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/09/10 16:30:27 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/08/25 21:48:34 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/08/20 15:28:46 | 00,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2008/07/30 16:53:21 | 00,000,177 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/07/28 11:03:57 | 00,000,069 | ---- | C] () -- C:\Windows\pxisys.ini
[2008/07/28 11:03:57 | 00,000,030 | ---- | C] () -- C:\Windows\pxiesys.ini
[2008/07/09 17:25:00 | 00,000,306 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/07/09 16:38:47 | 00,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008/07/09 12:14:35 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2008/01/20 22:25:00 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/18 03:33:29 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2008/01/11 14:43:44 | 00,066,080 | ---- | C] () -- C:\Windows\System32\cfswitch.dll
[2008/01/10 14:15:20 | 00,049,696 | ---- | C] () -- C:\Windows\System32\nispdu.dll
[2008/01/08 00:38:06 | 00,049,696 | ---- | C] () -- C:\Windows\System32\drivers\nispdk.dll
[2008/01/08 00:37:52 | 00,031,744 | ---- | C] () -- C:\Windows\System32\niscdrau.dll
[2007/12/14 11:52:28 | 00,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2007/12/12 23:23:58 | 00,003,520 | ---- | C] () -- C:\Windows\System32\nipalpg.dll
[2007/12/04 13:55:36 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/10/23 10:00:00 | 00,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2007/08/14 17:59:44 | 00,101,167 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2007/06/28 01:59:32 | 00,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2007/06/08 09:05:38 | 00,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007/04/17 16:34:40 | 00,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/04/16 17:22:06 | 00,005,632 | ---- | C] () -- C:\Windows\System32\nipxiini.dll
[2007/04/16 16:52:36 | 00,008,704 | ---- | C] () -- C:\Windows\System32\niidaqlv.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/11/04 11:00:38 | 00,001,840 | ---- | C] () -- C:\Windows\System32\niidaqs.dll
[1998/05/07 03:10:00 | 00,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/07/11 20:43:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Class2012\Desktop\OTL.exe
[2009/07/11 20:42:58 | 00,000,110 | ---- | M] () -- C:\Users\Class2012\Desktop\fix.reg
[2009/07/11 20:40:28 | 00,000,714 | ---- | M] () -- C:\Users\Class2012\Desktop\ERUNT.lnk
[2009/07/11 20:40:19 | 00,760,772 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/11 20:40:19 | 00,645,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/11 20:40:19 | 00,119,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/11 20:39:21 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Class2012\Desktop\erunt-setup.exe
[2009/07/11 20:38:18 | 00,132,958 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/07/11 20:38:18 | 00,132,958 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/07/11 20:24:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/11 20:13:49 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/07/11 20:12:08 | 00,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/11 20:10:34 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/11 20:10:14 | 00,000,069 | ---- | M] () -- C:\Windows\pxisys.ini
[2009/07/11 20:10:14 | 00,000,030 | ---- | M] () -- C:\Windows\pxiesys.ini
[2009/07/11 20:10:11 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/07/11 20:10:11 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2009/07/11 20:09:55 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/11 20:09:54 | 00,004,992 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/11 20:09:54 | 00,004,992 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/11 20:09:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/11 20:09:39 | 32,204,96384 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/11 20:09:37 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2009/07/11 19:02:00 | 00,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000UA.job
[2009/07/11 18:02:00 | 00,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000Core.job
[2009/07/11 17:22:15 | 38,072,861 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/11 17:22:15 | 00,025,155 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/11 00:25:19 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{65857977-4242-41A6-B843-447FA13969B5}.job
[2009/07/10 10:20:56 | 00,002,231 | ---- | M] () -- C:\Users\Class2012\Desktop\iTunes.lnk
[2009/07/09 18:41:48 | 21,437,1227 | ---- | M] () -- C:\Users\Class2012\Desktop\Enders_Game.zip
[2009/07/07 00:11:37 | 00,026,624 | ---- | M] () -- C:\Users\Class2012\Documents\Jog Journal.doc
[2009/07/05 23:03:03 | 00,026,112 | ---- | M] () -- C:\Users\Class2012\Documents\Gasoline Stations Working Hours.doc
[2009/07/05 19:36:09 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01007.Wdf
[2009/07/03 11:44:58 | 00,001,874 | ---- | M] () -- C:\Users\Class2012\Desktop\HijackThis.lnk
[2009/06/30 17:46:09 | 00,016,640 | ---- | M] () -- C:\Users\Class2012\Documents\cc_20090630_174530.reg
[2009/06/30 01:23:02 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/06/27 01:21:16 | 00,439,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/27 01:08:29 | 00,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/27 00:59:09 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2009/06/27 00:57:55 | 03,832,702 | -H-- | M] () -- C:\Users\Class2012\AppData\Local\IconCache.db
[2009/06/26 23:50:19 | 00,127,144 | ---- | M] () -- C:\Users\Class2012\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/06/26 22:35:16 | 00,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2009/06/26 22:28:28 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/06/24 16:56:37 | 00,032,302 | ---- | M] () -- C:\Users\Class2012\Documents\cc_20090624_165632.reg
[2009/06/23 17:20:40 | 00,002,062 | ---- | M] () -- C:\Users\Class2012\Desktop\Google Chrome.lnk
[2009/06/21 22:54:53 | 00,001,768 | ---- | M] () -- C:\Users\Class2012\Desktop\MapleStory.lnk
[2009/06/20 23:32:40 | 01,886,287 | ---- | M] () -- C:\Users\Class2012\Documents\Untitled (2).wma
[2009/06/19 08:39:19 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/06/17 15:49:10 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/06/17 15:49:05 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/06/17 15:49:03 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/06/17 15:48:59 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/06/17 15:48:56 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/06/16 17:03:24 | 00,000,740 | -H-- | M] () -- C:\IPH.PH
[2009/06/16 17:03:07 | 00,001,756 | ---- | M] () -- C:\Users\Public\Desktop\AIM 6.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation
< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 13 July 2009 - 06:53 PM

Hello.

Your copy of userinit.exe seems to have been damaged or replaced. Some more powerful tools will be needed.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

With Regards,
The Panda

#7 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 July 2009 - 07:25 PM

Here is the log, Thanks again:

ComboFix 09-07-13.01 - jcoyne 07/13/2009 20:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3070.1510 [GMT -4:00]
Running from: c:\users\Class2012\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1120325956-1712964963-4282179001-1000
c:\$recycle.bin\S-1-5-21-2870659586-3684785343-1179996570-1000
c:\windows\Installer\33789c0e.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 00:19 . 2009-07-14 00:20 -------- d-----w- c:\users\Class2012\AppData\Local\temp
2009-07-12 00:40 . 2009-07-12 00:40 -------- d-----w- c:\program files\ERUNT
2009-07-05 23:35 . 2009-07-05 23:35 -------- d-----w- c:\program files\Silabs
2009-07-05 23:34 . 2009-07-05 23:35 -------- d-----w- c:\windows\system32\Silabs
2009-07-05 23:33 . 2009-02-19 15:29 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2009-07-05 23:33 . 2009-02-19 15:29 62592 ----a-w- c:\windows\system32\drivers\silabser.sys
2009-07-05 23:33 . 2009-02-19 15:29 17920 ----a-w- c:\windows\system32\drivers\silabenm.sys
2009-07-05 23:33 . 2009-07-05 23:33 -------- d-----w- c:\program files\SIBAS
2009-07-03 15:44 . 2009-07-03 15:44 -------- d-----w- c:\program files\Trend Micro
2009-06-27 05:57 . 2009-06-27 05:57 -------- d-----w- C:\NVIDIA
2009-06-27 05:04 . 2009-06-27 05:07 -------- d-----w- c:\windows\system32\ca-ES
2009-06-27 05:04 . 2009-06-27 05:06 -------- d-----w- c:\windows\system32\eu-ES
2009-06-27 05:04 . 2009-06-27 05:06 -------- d-----w- c:\windows\system32\vi-VN
2009-06-27 04:41 . 2009-06-27 04:41 -------- d-----w- c:\windows\system32\EventProviders
2009-06-27 04:39 . 2009-04-11 06:28 754688 ----a-w- c:\windows\system32\propsys.dll
2009-06-27 04:38 . 2009-04-11 06:28 1224192 ----a-w- c:\windows\system32\sud.dll
2009-06-27 04:37 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-27 04:37 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-27 04:37 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-27 04:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-27 04:37 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-27 04:37 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-27 04:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-27 04:37 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-27 04:37 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-27 04:37 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-27 04:37 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-27 02:25 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-27 02:25 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-22 02:54 . 2009-06-22 02:54 45056 ----a-r- c:\users\Class2012\AppData\Roaming\Microsoft\Installer\{0F7B35C3-06E4-423C-A4E6-F24EE2747260}\MapleStory.exe1_4AEB0CCE3E7240D9887BBEC518A5E7A0.exe
2009-06-22 02:54 . 2009-06-22 02:54 45056 ----a-r- c:\users\Class2012\AppData\Roaming\Microsoft\Installer\{0F7B35C3-06E4-423C-A4E6-F24EE2747260}\MapleStory.exe_4AEB0CCE3E7240D9887BBEC518A5E7A0.exe
2009-06-22 02:54 . 2009-06-22 02:54 10134 ----a-r- c:\users\Class2012\AppData\Roaming\Microsoft\Installer\{0F7B35C3-06E4-423C-A4E6-F24EE2747260}\ARPPRODUCTICON.exe
2009-06-22 02:52 . 2009-06-22 02:52 -------- d-----w- C:\Nexon
2009-06-22 02:06 . 2009-06-22 02:38 -------- d-----w- c:\program files\MapleStory
2009-06-22 02:05 . 2009-06-22 05:28 -------- d-----w- c:\users\Class2012\AppData\Local\PMB Files
2009-06-22 02:05 . 2009-06-22 02:06 -------- d-----w- c:\programdata\PMB Files
2009-06-22 02:04 . 2009-06-22 02:04 -------- d-----w- c:\program files\Pando Networks
2009-06-19 12:40 . 2009-06-19 12:39 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 12:40 . 2009-06-17 19:48 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-19 12:40 . 2009-06-17 19:48 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-19 12:40 . 2009-06-17 19:48 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-19 12:40 . 2009-06-17 19:48 352024 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-06-19 12:40 . 2009-06-17 19:48 27784 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-06-19 12:38 . 2009-06-17 19:48 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-18 05:01 . 2009-06-18 05:01 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-17 19:49 . 2009-06-17 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-17 19:49 . 2009-06-17 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 19:48 . 2009-06-17 19:48 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-17 19:48 . 2009-06-19 12:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 19:48 . 2009-07-12 22:45 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-17 19:48 . 2009-06-17 19:48 -------- d-----w- c:\programdata\avg8
2009-06-17 19:48 . 2009-06-17 19:48 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 00:16 . 2008-07-09 18:34 132958 ----a-w- c:\programdata\nvModes.dat
2009-07-13 23:46 . 2009-01-13 05:43 -------- d-----w- c:\program files\Steam
2009-07-13 23:34 . 2008-08-20 19:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-07-13 03:59 . 2008-09-09 03:02 -------- d-----w- c:\users\Class2012\AppData\Roaming\uTorrent
2009-07-12 23:25 . 2009-07-12 23:25 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 23:25 . 2009-07-12 23:25 -------- d-----w- c:\program files\iTunes
2009-07-12 23:25 . 2009-07-12 23:25 -------- d-----w- c:\program files\iPod
2009-07-12 23:25 . 2008-07-09 16:44 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 23:24 . 2009-07-12 23:23 -------- d-----w- c:\program files\QuickTime
2009-07-12 23:20 . 2009-07-12 23:20 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-12 00:57 . 2008-08-07 18:04 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-07-12 00:56 . 2009-03-10 05:04 -------- d-----w- c:\users\Class2012\AppData\Roaming\Hamachi
2009-07-12 00:56 . 2008-07-09 01:46 1076 ----a-w- c:\windows\bthservsdp.dat
2009-07-12 00:10 . 2008-08-20 19:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-07-05 23:36 . 2009-07-05 23:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_silabser_01007.Wdf
2009-07-05 23:33 . 2008-07-09 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 20:58 . 2008-09-20 16:05 -------- d-----w- c:\program files\Common Files\Steam
2009-06-30 21:17 . 2008-09-27 05:15 -------- d-----w- c:\program files\CCleaner
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-27 05:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-27 05:04 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-27 05:03 . 2008-07-09 14:52 -------- d-----w- c:\programdata\NVIDIA
2009-06-27 04:59 . 2009-06-27 04:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-06-27 04:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-27 03:50 . 2008-07-08 22:55 127144 ----a-w- c:\users\Class2012\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-27 02:35 . 2008-07-09 16:38 -------- d-----w- c:\programdata\Microsoft Help
2009-06-27 02:30 . 2008-07-09 16:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-17 21:40 . 2009-06-03 20:16 -------- d-----w- c:\program files\Starcraft
2009-06-16 21:03 . 2008-07-28 21:34 -------- d-----w- c:\program files\AIM6
2009-06-16 21:03 . 2008-07-28 21:35 -------- d-----w- c:\program files\Viewpoint
2009-06-16 21:03 . 2008-07-28 21:35 -------- d-----w- c:\programdata\Viewpoint
2009-04-27 00:15 . 2008-07-08 22:55 680 ----a-w- c:\users\Class2012\AppData\Local\d3d9caps.dat
2009-04-23 12:15 . 2009-06-11 04:38 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-11 04:39 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-11 04:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-03-02 05:19 . 2009-03-02 05:19 9228 ----a-w- c:\program files\uninst5.log
2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 13:36 . 2003-05-01 13:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 . 2007-07-24 22:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-04-30 12:10 . 2008-08-24 04:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------


[-] 2008-01-21 02:24 25088 6C73BFD3446CCB834A1B4AE9C2DBFF71 c:\windows\System32\userinit.exe
[-] 2008-01-21 02:24 25088 6C73BFD3446CCB834A1B4AE9C2DBFF71 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe



.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-09 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-17 1948440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13531680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-04-09 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 13:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PASPortal.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PASPortal.lnk
backup=c:\windows\pss\PASPortal.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Class2012^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Class2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::1a,a7,ed,dc,e7,f6,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3281148458-3325854604-1032724346-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4422647E-F0D5-46B4-9F6F-6799EFEE2478}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2B4188C8-88E3-4601-9C6F-7CA393726B56}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{438122F2-D9C7-4AD0-A113-FFE435FF5B62}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{51FB409D-A27B-462D-AEFC-7DC3ED49113D}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{3C789369-A26C-4504-9546-CEDEF69BE030}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{EB2DCAC8-5198-4EA3-84C3-59759FF8A285}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{8E024E2D-5A9A-47A8-A58E-4DE170E50E6C}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{D9A15E57-878C-4185-8D1A-516F7101BF33}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{1A90E36E-0A12-4B37-978D-36CF8827BC13}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{928D2D2F-1121-4B4F-8055-F226DEB68749}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{266FF06C-36A8-4EB5-8DC2-7D02911D476F}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{FC39AC54-B5A4-46FB-90CE-EB7DE11B7761}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{D9038191-0050-412C-8515-62CA21CB2CF3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73192117-4B6F-4ABB-AAF8-F75029479CDE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{75CA2BBD-BAF4-4F52-980C-24D917DFBCE8}"= UDP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{4102E447-D6F4-4E88-8A2B-B50DB473D354}"= TCP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{4C38C653-EF0B-40E8-9494-6AEBC1E2FDA1}"= UDP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{91DD6123-831F-4231-AAB9-D2136DAA9CE2}"= TCP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{76D6D510-F514-42DB-979F-60ED5436CAC0}"= c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"TCP Query User{53CDCAFA-544F-4B58-9267-82641A58B7C6}e:\\computrace\\ctmweb.exe"= UDP:e:\computrace\ctmweb.exe:ctmweb.exe
"UDP Query User{758F12AB-FFB6-4C57-8A3F-80EC3BDBD2DE}e:\\computrace\\ctmweb.exe"= TCP:e:\computrace\ctmweb.exe:ctmweb.exe
"{364460C7-4153-4596-8E8F-D22124EED980}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{98DF830B-54DC-4B02-AF47-CBECD361D647}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D9454B57-6C29-4731-9B23-04B6FD96E7B6}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{96EE7E55-3BD5-4AED-B811-1BE579635D27}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{9413DB94-3650-4798-9393-4F62AA5829D5}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{2910691F-09C0-4F12-9103-03376ED8970F}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{7A6E6413-C64F-431B-91C2-3C811C28A0D9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{76BBC52C-CF24-4152-9AD0-6EB7D30486F6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{50AA3DAA-ECD0-461D-9D31-5EEB48DD4EFF}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{9FF6424F-0548-42E5-9140-B0222E70BEFD}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{F8A37CAE-ACB9-45AE-8BF2-169E41A759D8}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{446FD3D7-AC0C-403F-85F7-0F0BC7C4FE29}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{64321643-4750-4834-8174-66E5593F8403}c:\\users\\class2012\\desktop\\halo\\haloce.exe"= UDP:c:\users\class2012\desktop\halo\haloce.exe:haloce.exe
"UDP Query User{8CD0AB65-8905-42D5-B56F-6DE8032925A1}c:\\users\\class2012\\desktop\\halo\\haloce.exe"= TCP:c:\users\class2012\desktop\halo\haloce.exe:haloce.exe
"{5D46C455-A62F-420E-A0D9-2069BC677946}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{1D5F1685-8E5F-4283-8624-2A539F593388}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"TCP Query User{71DBA0CF-4321-4B76-B504-6098B3CDE1F7}c:\\program files\\steam\\steamapps\\xantih3r0x\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\xantih3r0x\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{EF96E177-9058-4D6F-B0CC-B30322E0D48A}c:\\program files\\steam\\steamapps\\xantih3r0x\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\xantih3r0x\counter-strike\hl.exe:Half-Life Launcher
"{26ABA4E0-A4E1-4BC7-A0B3-5933E2C4F449}"= UDP:c:\program files\Steam\steamapps\common\empire total war demo\Empire.exe:Empire: Total War Demo
"{EED473F7-255B-458B-8841-9408E37AEBF9}"= TCP:c:\program files\Steam\steamapps\common\empire total war demo\Empire.exe:Empire: Total War Demo
"{AD9906E6-C37E-46BD-84B1-65233B686771}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{6A85DCC1-636B-47B1-96DF-AF7A31107B85}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{AB3B6B62-CF54-42BE-976C-E1FC3CD30707}c:\\program files\\halo\\haloce.exe"= UDP:c:\program files\halo\haloce.exe:Halo
"UDP Query User{22926AD5-7F8B-4E4C-8449-311C696EA0C9}c:\\program files\\halo\\haloce.exe"= TCP:c:\program files\halo\haloce.exe:Halo
"{F9C426EC-7B6E-4201-B6A8-4C9ECCB3DD79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{65864768-7BB0-48B9-A587-D51979ED99DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5E40319F-482A-448C-AFFC-D9E039C96EF7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B39EB36-0B4B-48B2-AB78-2F0DCCEF478D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F4EADBBC-08AF-4652-BE66-188529199C65}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{F48EA2C6-1E07-438D-9677-91FC1EB798FF}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{91ABAB62-52D5-4E20-AA81-4347F157351B}c:\\users\\class2012\\desktop\\demigod\\bin\\demigod.exe"= UDP:c:\users\class2012\desktop\demigod\bin\demigod.exe:demigod.exe
"UDP Query User{49EA7499-ED96-4A89-8B96-4FDF19DAC218}c:\\users\\class2012\\desktop\\demigod\\bin\\demigod.exe"= TCP:c:\users\class2012\desktop\demigod\bin\demigod.exe:demigod.exe
"TCP Query User{08DD508A-7C09-4D34-99E9-C5C1BF795AA4}c:\\program files\\steam\\steamapps\\coyn3burglar\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\team fortress 2\hl2.exe:hl2
"UDP Query User{E06CA6E5-EA35-4F28-B1E2-3EF17FF4A1FB}c:\\program files\\steam\\steamapps\\coyn3burglar\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\team fortress 2\hl2.exe:hl2
"TCP Query User{B855DD7B-22A5-494E-B809-378801CAA1AC}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{1C635CBD-71E0-4F56-8D2B-746410681D3C}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{7C885368-6116-4B1F-834B-C65DD31C1337}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{A979F4E5-52AA-436D-AE77-30FEFB59B482}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6CC5C3BB-6C7C-4159-9D86-5016E06EB716}c:\\program files\\steam\\steamapps\\coyn3burglar\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{C49A655F-52A6-4942-95EA-166F5A01B07B}c:\\program files\\steam\\steamapps\\coyn3burglar\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\counter-strike\hl.exe:Half-Life Launcher
"{CA48744F-1D54-4DDA-AF68-DD283A0B13FA}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{49189671-85FB-4976-8C04-14B0A6A55304}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B8434C05-83BE-40BD-BEEA-F5FA97D7F087}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{27585677-4267-4386-95EE-F1226DD3DD27}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{312F77AD-ABEA-4007-8C18-28CF78D2D830}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{35C8970F-3F73-4F47-8276-4773DB11FE22}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{51FECAA2-6C6C-4DA4-8A0F-B350F5301431}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{A1E2EC11-1EAD-413A-9D56-B82DDDED2A41}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{10FB83A1-5566-4BB8-9498-34AA9A684670}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{720C0438-A080-48AE-9551-A96A80385E93}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{DEBA6350-8FDF-4614-94A4-4A1EEF56EEB6}"= UDP:56457:Pando Media Booster
"{B1755116-8AC2-48CD-A5F1-5169CD4D46BF}"= TCP:56457:Pando Media Booster
"{ACEC5B3F-1221-4A80-AE7C-1B8C8364399C}"= UDP:56457:Pando Media Booster
"{3DCC9E57-91A2-4482-9DA2-1DB7E723F67A}"= TCP:56457:Pando Media Booster
"{61FFBFB9-9204-4ADA-AAAA-56E1F23BDA76}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"TCP Query User{E0CF03A7-0EF6-495F-9A56-854EAED4126D}c:\\program files\\pando networks\\media booster\\pmb.exe"= UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{32E813AE-D881-4CE7-A2EF-65FD03156475}c:\\program files\\pando networks\\media booster\\pmb.exe"= TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"TCP Query User{D5F232A1-5142-4731-BFA5-ED129CCE09EF}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{85DBCA3C-C7A4-4138-884A-729D067C9913}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"{634980ED-5B51-4F2B-952A-DACBA4318C72}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{82E21E88-3185-41F1-BCDE-4B1E1405FF78}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {8973C9FE-6FC6-4767-92A2-41EA1DC307A2}

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [7/10/2007 7:08 PM 15448]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [6/14/2007 4:22 PM 13184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/17/2009 3:48 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/17/2009 3:49 PM 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [8/14/2007 5:59 PM 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 10:23 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 10:23 PM 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2009 3:48 PM 298776]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [3/10/2009 1:04 AM 625952]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [9/6/2007 1:26 PM 221184]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\System32\nipalsm.exe [2/16/2007 10:21 AM 12696]
R2 niarbk;niarbk;c:\windows\System32\drivers\niarbk.dll [4/16/2007 3:40 PM 37376]
R2 nibffrk;nibffrk;c:\windows\System32\drivers\nibffrk.dll [4/16/2007 3:40 PM 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\System32\drivers\nidaq32k.sys [4/16/2007 5:04 PM 674304]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\System32\drivers\nidmmk.dll [4/16/2007 5:06 PM 50688]
R2 nimdsk;nimdsk;c:\windows\System32\drivers\nimdsk.dll [4/16/2007 3:41 PM 30208]
R2 nipxirmk;nipxirmk;c:\windows\System32\drivers\nipxirmkl.sys [9/18/2007 7:24 AM 11552]
R2 nistck;nistck;c:\windows\System32\drivers\niSTCk.dll [4/16/2007 3:42 PM 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\System32\drivers\NiViPxiKl.sys [1/10/2008 3:18 PM 11360]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [4/2/2007 11:39 AM 655360]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [7/9/2008 10:56 AM 1464856]
R3 nidimk;nidimk;c:\windows\System32\drivers\nidimkl.sys [12/14/2007 12:41 PM 11360]
R3 nimru2k;nimru2k;c:\windows\System32\drivers\nimru2kl.sys [12/14/2007 3:06 PM 11360]
R3 nimstsk;nimstsk;c:\windows\System32\drivers\nimstskl.sys [12/18/2007 6:14 PM 11360]
R3 rismc32;RICOH Smart Card Reader;c:\windows\System32\drivers\rismc32.sys [7/9/2008 10:53 AM 47616]
S2 gupdate1c9e0181716b1d0;Google Update Service (gupdate1c9e0181716b1d0);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:44 AM 133104]
S2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [1/5/2007 3:00 AM 18944]
S2 nidevldu;NI Device Loader;c:\windows\System32\nipalsm.exe [2/16/2007 10:21 AM 12696]
S3 CH341SER;CH341SER;c:\windows\System32\drivers\CH341SER.SYS [7/30/2008 3:10 PM 37488]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/9/2008 10:27 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [6/8/2007 8:49 AM 30008]
S3 EMSUSB2;EMS USB Joypad2;c:\windows\System32\drivers\Emsusb2.sys [3/2/2009 7:09 PM 9728]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [6/8/2007 9:06 AM 172131]
S3 lvalarmk;lvalarmk;c:\windows\System32\drivers\lvalarmk.sys [12/20/2007 9:37 AM 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\System32\drivers\ni1006k.sys [10/8/2007 2:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\System32\drivers\ni1045kl.sys [10/8/2007 2:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\System32\drivers\ni1065k.sys [10/8/2007 2:10 PM 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\System32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672]
S3 nicdrk;nicdrk;c:\windows\System32\drivers\nicdrkl.sys [12/26/2007 11:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\System32\drivers\nicsrkl.sys [2/19/2008 11:43 PM 11336]
S3 nidmxfk;nidmxfk;c:\windows\System32\drivers\nidmxfkl.sys [12/18/2007 6:20 PM 11336]
S3 nidsark;nidsark;c:\windows\System32\drivers\nidsarkl.sys [2/15/2008 3:37 PM 11344]
S3 nidwgk;nidwgk;c:\windows\System32\drivers\nidwgkl.sys [10/9/2007 5:35 PM 11360]
S3 niemrk;niemrk;c:\windows\System32\drivers\niemrkl.sys [2/19/2008 11:43 PM 11336]
S3 niesrk;niesrk;c:\windows\System32\drivers\niesrkl.sys [2/19/2008 11:43 PM 11336]
S3 nifslk;nifslk;c:\windows\System32\drivers\nifslkl.sys [12/26/2007 11:18 AM 11352]
S3 nigplk;nigplk;c:\windows\System32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552]
S3 nihsdrk;nihsdrk;c:\windows\System32\drivers\nihsdrkl.sys [10/11/2007 11:51 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\System32\drivers\nimsdrkl.sys [1/11/2008 4:08 PM 11392]
S3 nimsrlk;nimsrlk;c:\windows\System32\drivers\nimsrlk.dll [4/4/2007 8:06 AM 151683]
S3 nimxpk;nimxpk;c:\windows\System32\drivers\nimxpkl.sys [12/18/2007 6:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\System32\drivers\ninshsdkl.sys [12/27/2007 9:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\System32\drivers\nipalfwedl.sys [12/12/2007 11:23 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\System32\drivers\nipalusbedl.sys [12/12/2007 11:22 PM 11896]
S3 nipsdk;nipsdk;c:\windows\System32\drivers\nipsdkl.sys [12/25/2007 9:47 PM 11392]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\System32\drivers\nipxigpk.sys [11/26/2007 5:22 PM 20768]
S3 nirfsa2k;nirfsa2k;c:\windows\System32\drivers\niRFSA2kl.sys [6/30/2007 11:07 PM 11552]
S3 niscdk;niscdk;c:\windows\System32\drivers\niscdkl.sys [1/8/2008 12:38 AM 11376]
S3 nisdigk;nisdigk;c:\windows\System32\drivers\nisdigkl.sys [2/14/2008 7:08 PM 11352]
S3 nisftk;nisftk;c:\windows\System32\drivers\nisftkl.sys [12/20/2007 3:54 PM 11344]
S3 nisldk;nisldk;c:\windows\System32\drivers\nisldkl.sys [8/3/2007 3:08 PM 11624]
S3 nispdk;nispdk;c:\windows\System32\drivers\nispdkl.sys [1/8/2008 12:38 AM 11376]
S3 nisrcdk;nisrcdk;c:\windows\System32\drivers\nisrcdkl.sys [11/13/2007 12:26 PM 11352]
S3 nissrk;nissrk;c:\windows\System32\drivers\nissrkl.sys [2/19/2008 11:43 PM 11336]
S3 nistc2k;nistc2k;c:\windows\System32\drivers\nistc2kl.sys [1/8/2008 12:35 AM 11312]
S3 nistcrk;nistcrk;c:\windows\System32\drivers\nistcrkl.sys [2/14/2008 8:58 PM 11360]
S3 niswdk;niswdk;c:\windows\System32\drivers\niswdkl.sys [1/2/2008 1:14 PM 11336]
S3 nitiork;nitiork;c:\windows\System32\drivers\nitiorkl.sys [2/19/2008 11:56 PM 11360]
S3 nitnr2k;nitnr2k;c:\windows\System32\drivers\nitnr2kl.sys [12/1/2007 6:01 PM 11328]
S3 niufurk;niufurk;c:\windows\System32\drivers\niufurkl.sys [2/19/2008 11:43 PM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\System32\drivers\NiViFWKl.sys [7/19/2007 10:48 AM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\System32\drivers\NiViPciKl.sys [1/10/2008 3:18 PM 11360]
S3 niwfrk;niwfrk;c:\windows\System32\drivers\niwfrkl.sys [2/19/2008 11:43 PM 11336]
S3 nixsrk;nixsrk;c:\windows\System32\drivers\nixsrkl.sys [2/19/2008 11:43 PM 11336]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\System32\drivers\silabenm.sys [7/5/2009 7:33 PM 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\System32\drivers\silabser.sys [7/5/2009 7:33 PM 62592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 04:43]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:43]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:43]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000Core.job
- c:\users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 05:50]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000UA.job
- c:\users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 05:50]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{65857977-4242-41A6-B843-447FA13969B5}.job
- c:\windows\system32\msfeedssync.exe [2009-06-27 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stevens.edu/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Class2012\AppData\Roaming\Mozilla\Firefox\Profiles\2qqsb9wa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 20:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\CLASS2~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc2B682.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\APSHook.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\APSHook.dll
c:\windows\SbHpNp.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
Completion time: 2009-07-14 20:22
ComboFix-quarantined-files.txt 2009-07-14 00:22

Pre-Run: 37,209,141,248 bytes free
Post-Run: 37,668,286,464 bytes free

423 --- E O F --- 2009-07-13 23:38

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 13 July 2009 - 07:34 PM

Hello coyn3burglar.

Do you have your Windows Vista installation disk available? We need to get a replacement copy of userinit.exe.

If you do, refering to this guide, run the System File checker.


With Regards,
The Panda

Edited by PropagandaPanda, 13 July 2009 - 07:35 PM.


#9 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 July 2009 - 08:06 PM

I actually do not..I received this laptop from school.

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 13 July 2009 - 08:15 PM

Hello coyn3burglar.

Unfortunately, do to copyright laws, I can't simply upload a copy somewhere for you. However, you can probably extract a copy from the Service Pack 2 installation package.

While I'm downloading the package, please upload that file to me.

EDIT: Do you have another Vista SP2 computer by any chance?

Submit File Sample
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/238551/having-some-problems/
  • Click the Browse button. Locate and select the following files:
  • c:\windows\System32\userinit.exe
  • (If more than one file is listed, do one at a time.)
  • Under the comments section, say that Panda asked for the submission.
With Regards,
The Panda

Edited by PropagandaPanda, 13 July 2009 - 08:26 PM.


#11 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 July 2009 - 08:26 PM

I submitted the file, Thanks!

#12 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 13 July 2009 - 09:24 PM

Mmmm I unfortunately do not.

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 14 July 2009 - 09:15 AM

Hello.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    SRPeek::
    C:\Windows\System32\userinit.exe
    
    SysRst::
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall
With Regards,
The Panda

Edited by PropagandaPanda, 14 July 2009 - 09:19 AM.


#14 coyn3burglar

coyn3burglar
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 14 July 2009 - 12:12 PM

Here is the log, Thanks again:

ComboFix 09-07-13.01 - jcoyne 07/14/2009 13:03.2.2 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3070.1693 [GMT -4:00]
Running from: c:\users\Class2012\Desktop\ComboFix.exe
Command switches used :: c:\users\Class2012\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 17:08 . 2009-07-14 17:08 -------- d-----w- c:\users\Class2012\AppData\Local\temp
2009-07-12 00:40 . 2009-07-12 00:40 -------- d-----w- c:\program files\ERUNT
2009-07-05 23:35 . 2009-07-05 23:35 -------- d-----w- c:\program files\Silabs
2009-07-05 23:34 . 2009-07-05 23:35 -------- d-----w- c:\windows\system32\Silabs
2009-07-05 23:33 . 2009-02-19 15:29 1112288 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll
2009-07-05 23:33 . 2009-02-19 15:29 62592 ----a-w- c:\windows\system32\drivers\silabser.sys
2009-07-05 23:33 . 2009-02-19 15:29 17920 ----a-w- c:\windows\system32\drivers\silabenm.sys
2009-07-05 23:33 . 2009-07-05 23:33 -------- d-----w- c:\program files\SIBAS
2009-07-03 15:44 . 2009-07-03 15:44 -------- d-----w- c:\program files\Trend Micro
2009-06-27 05:57 . 2009-06-27 05:57 -------- d-----w- C:\NVIDIA
2009-06-27 05:04 . 2009-06-27 05:07 -------- d-----w- c:\windows\system32\ca-ES
2009-06-27 05:04 . 2009-06-27 05:06 -------- d-----w- c:\windows\system32\eu-ES
2009-06-27 05:04 . 2009-06-27 05:06 -------- d-----w- c:\windows\system32\vi-VN
2009-06-27 04:41 . 2009-06-27 04:41 -------- d-----w- c:\windows\system32\EventProviders
2009-06-27 04:39 . 2009-04-11 06:28 754688 ----a-w- c:\windows\system32\propsys.dll
2009-06-27 04:38 . 2009-04-11 06:28 1224192 ----a-w- c:\windows\system32\sud.dll
2009-06-27 04:37 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-06-27 04:37 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-06-27 04:37 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-06-27 04:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-06-27 04:37 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-06-27 04:37 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-06-27 04:37 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-06-27 04:37 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-06-27 04:37 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-06-27 04:37 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-06-27 04:37 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-27 02:25 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-27 02:25 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-22 02:54 . 2009-06-22 02:54 45056 ----a-r- c:\users\Class2012\AppData\Roaming\Microsoft\Installer\{0F7B35C3-06E4-423C-A4E6-F24EE2747260}\MapleStory.exe1_4AEB0CCE3E7240D9887BBEC518A5E7A0.exe
2009-06-22 02:54 . 2009-06-22 02:54 45056 ----a-r- c:\users\Class2012\AppData\Roaming\Microsoft\Installer\{0F7B35C3-06E4-423C-A4E6-F24EE2747260}\MapleStory.exe_4AEB0CCE3E7240D9887BBEC518A5E7A0.exe
2009-06-22 02:54 . 2009-06-22 02:54 10134 ----a-r- c:\users\Class2012\AppData\Roaming\Microsoft\Installer\{0F7B35C3-06E4-423C-A4E6-F24EE2747260}\ARPPRODUCTICON.exe
2009-06-22 02:52 . 2009-06-22 02:52 -------- d-----w- C:\Nexon
2009-06-22 02:06 . 2009-06-22 02:38 -------- d-----w- c:\program files\MapleStory
2009-06-22 02:05 . 2009-06-22 05:28 -------- d-----w- c:\users\Class2012\AppData\Local\PMB Files
2009-06-22 02:05 . 2009-06-22 02:06 -------- d-----w- c:\programdata\PMB Files
2009-06-22 02:04 . 2009-06-22 02:04 -------- d-----w- c:\program files\Pando Networks
2009-06-19 12:40 . 2009-06-19 12:39 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 12:40 . 2009-06-17 19:48 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-19 12:40 . 2009-06-17 19:48 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-19 12:40 . 2009-06-17 19:48 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-19 12:40 . 2009-06-17 19:48 352024 ----a-w- c:\programdata\avg8\update\backup\avgxch32.dll
2009-06-19 12:40 . 2009-06-17 19:48 27784 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-06-19 12:38 . 2009-06-17 19:48 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-18 05:01 . 2009-06-18 05:01 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-17 19:49 . 2009-06-17 19:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-17 19:49 . 2009-06-17 19:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 19:48 . 2009-06-17 19:48 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-17 19:48 . 2009-06-19 12:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 19:48 . 2009-07-14 16:49 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-17 19:48 . 2009-06-17 19:48 -------- d-----w- c:\programdata\avg8
2009-06-17 19:48 . 2009-06-17 19:48 -------- d-----w- c:\program files\AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 16:53 . 2009-01-13 05:43 -------- d-----w- c:\program files\Steam
2009-07-14 16:46 . 2008-07-09 18:34 132958 ----a-w- c:\programdata\nvModes.dat
2009-07-14 16:46 . 2008-08-20 19:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-07-14 02:20 . 2008-08-20 19:28 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-07-14 02:20 . 2008-08-07 18:04 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-07-13 03:59 . 2008-09-09 03:02 -------- d-----w- c:\users\Class2012\AppData\Roaming\uTorrent
2009-07-12 23:25 . 2009-07-12 23:25 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-12 23:25 . 2009-07-12 23:25 -------- d-----w- c:\program files\iTunes
2009-07-12 23:25 . 2009-07-12 23:25 -------- d-----w- c:\program files\iPod
2009-07-12 23:25 . 2008-07-09 16:44 -------- d-----w- c:\program files\Common Files\Apple
2009-07-12 23:24 . 2009-07-12 23:23 -------- d-----w- c:\program files\QuickTime
2009-07-12 23:20 . 2009-07-12 23:20 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-12 00:56 . 2009-03-10 05:04 -------- d-----w- c:\users\Class2012\AppData\Roaming\Hamachi
2009-07-12 00:56 . 2008-07-09 01:46 1076 ----a-w- c:\windows\bthservsdp.dat
2009-07-05 23:36 . 2009-07-05 23:36 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_silabser_01007.Wdf
2009-07-05 23:33 . 2008-07-09 14:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 20:58 . 2008-09-20 16:05 -------- d-----w- c:\program files\Common Files\Steam
2009-06-30 21:17 . 2008-09-27 05:15 -------- d-----w- c:\program files\CCleaner
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-27 05:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-27 05:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-27 05:04 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-27 05:03 . 2008-07-09 14:52 -------- d-----w- c:\programdata\NVIDIA
2009-06-27 04:59 . 2009-06-27 04:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-06-27 04:55 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-27 03:50 . 2008-07-08 22:55 127144 ----a-w- c:\users\Class2012\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-27 02:35 . 2008-07-09 16:38 -------- d-----w- c:\programdata\Microsoft Help
2009-06-27 02:30 . 2008-07-09 16:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-17 21:40 . 2009-06-03 20:16 -------- d-----w- c:\program files\Starcraft
2009-06-16 21:03 . 2008-07-28 21:34 -------- d-----w- c:\program files\AIM6
2009-06-16 21:03 . 2008-07-28 21:35 -------- d-----w- c:\program files\Viewpoint
2009-06-16 21:03 . 2008-07-28 21:35 -------- d-----w- c:\programdata\Viewpoint
2009-04-27 00:15 . 2008-07-08 22:55 680 ----a-w- c:\users\Class2012\AppData\Local\d3d9caps.dat
2009-04-23 12:15 . 2009-06-11 04:38 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-11 04:39 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-11 04:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-03-02 05:19 . 2009-03-02 05:19 9228 ----a-w- c:\program files\uninst5.log
2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 13:36 . 2003-05-01 13:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 . 2007-07-24 22:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2009-04-30 12:10 . 2008-08-24 04:54 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------


[-] 2008-01-21 02:24 25088 6C73BFD3446CCB834A1B4AE9C2DBFF71 c:\windows\System32\userinit.exe
[-] 2008-01-21 02:24 25088 6C73BFD3446CCB834A1B4AE9C2DBFF71 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe



.
((((((((((((((((((((((((((((( SnapShot@2009-07-14_00.20.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-08 22:52 . 2009-07-14 01:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-08 22:52 . 2009-07-13 00:17 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-08 22:52 . 2009-07-13 00:17 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-08 22:52 . 2009-07-14 01:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-08 22:52 . 2009-07-13 00:17 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-08 22:52 . 2009-07-14 01:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-12 00:57 . 2009-07-12 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-12 00:57 . 2009-07-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-12 00:57 . 2009-07-12 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-12 00:57 . 2009-07-14 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-09 14:19 . 2009-07-14 16:46 643320 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2006-11-02 13:04 . 2009-07-14 02:24 103996 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-07-14 05:42 645296 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 00:20 645296 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-14 05:42 119836 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-14 00:20 119836 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-05-09 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-17 1948440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13531680]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2008-04-09 44168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 13:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PASPortal.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PASPortal.lnk
backup=c:\windows\pss\PASPortal.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Class2012^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
path=c:\users\Class2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::1a,a7,ed,dc,e7,f6,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3281148458-3325854604-1032724346-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4422647E-F0D5-46B4-9F6F-6799EFEE2478}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2B4188C8-88E3-4601-9C6F-7CA393726B56}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{438122F2-D9C7-4AD0-A113-FFE435FF5B62}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{51FB409D-A27B-462D-AEFC-7DC3ED49113D}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{3C789369-A26C-4504-9546-CEDEF69BE030}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{EB2DCAC8-5198-4EA3-84C3-59759FF8A285}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{8E024E2D-5A9A-47A8-A58E-4DE170E50E6C}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{D9A15E57-878C-4185-8D1A-516F7101BF33}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{1A90E36E-0A12-4B37-978D-36CF8827BC13}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{928D2D2F-1121-4B4F-8055-F226DEB68749}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{266FF06C-36A8-4EB5-8DC2-7D02911D476F}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{FC39AC54-B5A4-46FB-90CE-EB7DE11B7761}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe
"{D9038191-0050-412C-8515-62CA21CB2CF3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{73192117-4B6F-4ABB-AAF8-F75029479CDE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{75CA2BBD-BAF4-4F52-980C-24D917DFBCE8}"= UDP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{4102E447-D6F4-4E88-8A2B-B50DB473D354}"= TCP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{4C38C653-EF0B-40E8-9494-6AEBC1E2FDA1}"= UDP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{91DD6123-831F-4231-AAB9-D2136DAA9CE2}"= TCP:c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"{76D6D510-F514-42DB-979F-60ED5436CAC0}"= c:\program files\PharosSystems\Core\CTskMstr.exe:Pharos Com Task Master
"TCP Query User{53CDCAFA-544F-4B58-9267-82641A58B7C6}e:\\computrace\\ctmweb.exe"= UDP:e:\computrace\ctmweb.exe:ctmweb.exe
"UDP Query User{758F12AB-FFB6-4C57-8A3F-80EC3BDBD2DE}e:\\computrace\\ctmweb.exe"= TCP:e:\computrace\ctmweb.exe:ctmweb.exe
"{364460C7-4153-4596-8E8F-D22124EED980}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{98DF830B-54DC-4B02-AF47-CBECD361D647}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{D9454B57-6C29-4731-9B23-04B6FD96E7B6}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{96EE7E55-3BD5-4AED-B811-1BE579635D27}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{9413DB94-3650-4798-9393-4F62AA5829D5}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{2910691F-09C0-4F12-9103-03376ED8970F}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{7A6E6413-C64F-431B-91C2-3C811C28A0D9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{76BBC52C-CF24-4152-9AD0-6EB7D30486F6}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{50AA3DAA-ECD0-461D-9D31-5EEB48DD4EFF}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{9FF6424F-0548-42E5-9140-B0222E70BEFD}c:\\program files\\steam\\steamapps\\koreathebest\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\koreathebest\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{F8A37CAE-ACB9-45AE-8BF2-169E41A759D8}c:\\program files\\microsoft games\\halo\\halo.exe"= UDP:c:\program files\microsoft games\halo\halo.exe:Halo
"UDP Query User{446FD3D7-AC0C-403F-85F7-0F0BC7C4FE29}c:\\program files\\microsoft games\\halo\\halo.exe"= TCP:c:\program files\microsoft games\halo\halo.exe:Halo
"TCP Query User{64321643-4750-4834-8174-66E5593F8403}c:\\users\\class2012\\desktop\\halo\\haloce.exe"= UDP:c:\users\class2012\desktop\halo\haloce.exe:haloce.exe
"UDP Query User{8CD0AB65-8905-42D5-B56F-6DE8032925A1}c:\\users\\class2012\\desktop\\halo\\haloce.exe"= TCP:c:\users\class2012\desktop\halo\haloce.exe:haloce.exe
"{5D46C455-A62F-420E-A0D9-2069BC677946}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{1D5F1685-8E5F-4283-8624-2A539F593388}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"TCP Query User{71DBA0CF-4321-4B76-B504-6098B3CDE1F7}c:\\program files\\steam\\steamapps\\xantih3r0x\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\xantih3r0x\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{EF96E177-9058-4D6F-B0CC-B30322E0D48A}c:\\program files\\steam\\steamapps\\xantih3r0x\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\xantih3r0x\counter-strike\hl.exe:Half-Life Launcher
"{26ABA4E0-A4E1-4BC7-A0B3-5933E2C4F449}"= UDP:c:\program files\Steam\steamapps\common\empire total war demo\Empire.exe:Empire: Total War Demo
"{EED473F7-255B-458B-8841-9408E37AEBF9}"= TCP:c:\program files\Steam\steamapps\common\empire total war demo\Empire.exe:Empire: Total War Demo
"{AD9906E6-C37E-46BD-84B1-65233B686771}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{6A85DCC1-636B-47B1-96DF-AF7A31107B85}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{AB3B6B62-CF54-42BE-976C-E1FC3CD30707}c:\\program files\\halo\\haloce.exe"= UDP:c:\program files\halo\haloce.exe:Halo
"UDP Query User{22926AD5-7F8B-4E4C-8449-311C696EA0C9}c:\\program files\\halo\\haloce.exe"= TCP:c:\program files\halo\haloce.exe:Halo
"{F9C426EC-7B6E-4201-B6A8-4C9ECCB3DD79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{65864768-7BB0-48B9-A587-D51979ED99DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5E40319F-482A-448C-AFFC-D9E039C96EF7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3B39EB36-0B4B-48B2-AB78-2F0DCCEF478D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{F4EADBBC-08AF-4652-BE66-188529199C65}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{F48EA2C6-1E07-438D-9677-91FC1EB798FF}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{91ABAB62-52D5-4E20-AA81-4347F157351B}c:\\users\\class2012\\desktop\\demigod\\bin\\demigod.exe"= UDP:c:\users\class2012\desktop\demigod\bin\demigod.exe:demigod.exe
"UDP Query User{49EA7499-ED96-4A89-8B96-4FDF19DAC218}c:\\users\\class2012\\desktop\\demigod\\bin\\demigod.exe"= TCP:c:\users\class2012\desktop\demigod\bin\demigod.exe:demigod.exe
"TCP Query User{08DD508A-7C09-4D34-99E9-C5C1BF795AA4}c:\\program files\\steam\\steamapps\\coyn3burglar\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\team fortress 2\hl2.exe:hl2
"UDP Query User{E06CA6E5-EA35-4F28-B1E2-3EF17FF4A1FB}c:\\program files\\steam\\steamapps\\coyn3burglar\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\team fortress 2\hl2.exe:hl2
"TCP Query User{B855DD7B-22A5-494E-B809-378801CAA1AC}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{1C635CBD-71E0-4F56-8D2B-746410681D3C}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{7C885368-6116-4B1F-834B-C65DD31C1337}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{A979F4E5-52AA-436D-AE77-30FEFB59B482}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{6CC5C3BB-6C7C-4159-9D86-5016E06EB716}c:\\program files\\steam\\steamapps\\coyn3burglar\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{C49A655F-52A6-4942-95EA-166F5A01B07B}c:\\program files\\steam\\steamapps\\coyn3burglar\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\counter-strike\hl.exe:Half-Life Launcher
"{CA48744F-1D54-4DDA-AF68-DD283A0B13FA}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{49189671-85FB-4976-8C04-14B0A6A55304}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B8434C05-83BE-40BD-BEEA-F5FA97D7F087}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{27585677-4267-4386-95EE-F1226DD3DD27}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{312F77AD-ABEA-4007-8C18-28CF78D2D830}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{35C8970F-3F73-4F47-8276-4773DB11FE22}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{51FECAA2-6C6C-4DA4-8A0F-B350F5301431}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{A1E2EC11-1EAD-413A-9D56-B82DDDED2A41}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{10FB83A1-5566-4BB8-9498-34AA9A684670}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{720C0438-A080-48AE-9551-A96A80385E93}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{DEBA6350-8FDF-4614-94A4-4A1EEF56EEB6}"= UDP:56457:Pando Media Booster
"{B1755116-8AC2-48CD-A5F1-5169CD4D46BF}"= TCP:56457:Pando Media Booster
"{ACEC5B3F-1221-4A80-AE7C-1B8C8364399C}"= UDP:56457:Pando Media Booster
"{3DCC9E57-91A2-4482-9DA2-1DB7E723F67A}"= TCP:56457:Pando Media Booster
"{61FFBFB9-9204-4ADA-AAAA-56E1F23BDA76}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"TCP Query User{E0CF03A7-0EF6-495F-9A56-854EAED4126D}c:\\program files\\pando networks\\media booster\\pmb.exe"= UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{32E813AE-D881-4CE7-A2EF-65FD03156475}c:\\program files\\pando networks\\media booster\\pmb.exe"= TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"TCP Query User{D5F232A1-5142-4731-BFA5-ED129CCE09EF}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{85DBCA3C-C7A4-4138-884A-729D067C9913}c:\\program files\\steam\\steamapps\\coyn3burglar\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\coyn3burglar\condition zero\hl.exe:Half-Life Launcher
"{634980ED-5B51-4F2B-952A-DACBA4318C72}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{82E21E88-3185-41F1-BCDE-4B1E1405FF78}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {8973C9FE-6FC6-4767-92A2-41EA1DC307A2}

R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [7/10/2007 7:08 PM 15448]
R0 SbAlg;SbAlg;c:\windows\System32\drivers\SbAlg.sys [10/9/2006 1:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\System32\drivers\SbFsLock.sys [6/14/2007 4:22 PM 13184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/17/2009 3:48 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/17/2009 3:49 PM 108552]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [7/24/2007 8:21 AM 38816]
R1 RsvLock;RsvLock;c:\windows\System32\drivers\rsvlock.sys [8/14/2007 5:59 PM 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 10:23 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [1/20/2008 10:23 PM 21504]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2009 3:48 PM 298776]
R2 HamachiService;Hamachi Service;c:\program files\Hamachi\hamachi.exe [3/10/2009 1:04 AM 625952]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [9/6/2007 1:26 PM 221184]
R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\System32\nipalsm.exe [2/16/2007 10:21 AM 12696]
R2 niarbk;niarbk;c:\windows\System32\drivers\niarbk.dll [4/16/2007 3:40 PM 37376]
R2 nibffrk;nibffrk;c:\windows\System32\drivers\nibffrk.dll [4/16/2007 3:40 PM 21504]
R2 Nidaq32k;Nidaq32k;c:\windows\System32\drivers\nidaq32k.sys [4/16/2007 5:04 PM 674304]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\System32\drivers\nidmmk.dll [4/16/2007 5:06 PM 50688]
R2 nimdsk;nimdsk;c:\windows\System32\drivers\nimdsk.dll [4/16/2007 3:41 PM 30208]
R2 nipxirmk;nipxirmk;c:\windows\System32\drivers\nipxirmkl.sys [9/18/2007 7:24 AM 11552]
R2 nistck;nistck;c:\windows\System32\drivers\niSTCk.dll [4/16/2007 3:42 PM 111616]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\System32\drivers\NiViPxiKl.sys [1/10/2008 3:18 PM 11360]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;c:\program files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe [4/2/2007 11:39 AM 655360]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [7/9/2008 10:56 AM 1464856]
R3 nidimk;nidimk;c:\windows\System32\drivers\nidimkl.sys [12/14/2007 12:41 PM 11360]
R3 nimru2k;nimru2k;c:\windows\System32\drivers\nimru2kl.sys [12/14/2007 3:06 PM 11360]
R3 nimstsk;nimstsk;c:\windows\System32\drivers\nimstskl.sys [12/18/2007 6:14 PM 11360]
R3 rismc32;RICOH Smart Card Reader;c:\windows\System32\drivers\rismc32.sys [7/9/2008 10:53 AM 47616]
S2 gupdate1c9e0181716b1d0;Google Update Service (gupdate1c9e0181716b1d0);c:\program files\Google\Update\GoogleUpdate.exe [5/29/2009 12:44 AM 133104]
S2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [1/5/2007 3:00 AM 18944]
S2 nidevldu;NI Device Loader;c:\windows\System32\nipalsm.exe [2/16/2007 10:21 AM 12696]
S3 CH341SER;CH341SER;c:\windows\System32\drivers\CH341SER.SYS [7/30/2008 3:10 PM 37488]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7/9/2008 10:27 AM 193840]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [6/8/2007 8:49 AM 30008]
S3 EMSUSB2;EMS USB Joypad2;c:\windows\System32\drivers\Emsusb2.sys [3/2/2009 7:09 PM 9728]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [6/8/2007 9:06 AM 172131]
S3 lvalarmk;lvalarmk;c:\windows\System32\drivers\lvalarmk.sys [12/20/2007 9:37 AM 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\System32\drivers\ni1006k.sys [10/8/2007 2:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\System32\drivers\ni1045kl.sys [10/8/2007 2:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\System32\drivers\ni1065k.sys [10/8/2007 2:10 PM 22360]
S3 ni488lock;NI-488.2 Locking Service;c:\windows\System32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672]
S3 nicdrk;nicdrk;c:\windows\System32\drivers\nicdrkl.sys [12/26/2007 11:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\System32\drivers\nicsrkl.sys [2/19/2008 11:43 PM 11336]
S3 nidmxfk;nidmxfk;c:\windows\System32\drivers\nidmxfkl.sys [12/18/2007 6:20 PM 11336]
S3 nidsark;nidsark;c:\windows\System32\drivers\nidsarkl.sys [2/15/2008 3:37 PM 11344]
S3 nidwgk;nidwgk;c:\windows\System32\drivers\nidwgkl.sys [10/9/2007 5:35 PM 11360]
S3 niemrk;niemrk;c:\windows\System32\drivers\niemrkl.sys [2/19/2008 11:43 PM 11336]
S3 niesrk;niesrk;c:\windows\System32\drivers\niesrkl.sys [2/19/2008 11:43 PM 11336]
S3 nifslk;nifslk;c:\windows\System32\drivers\nifslkl.sys [12/26/2007 11:18 AM 11352]
S3 nigplk;nigplk;c:\windows\System32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552]
S3 nihsdrk;nihsdrk;c:\windows\System32\drivers\nihsdrkl.sys [10/11/2007 11:51 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\System32\drivers\nimsdrkl.sys [1/11/2008 4:08 PM 11392]
S3 nimsrlk;nimsrlk;c:\windows\System32\drivers\nimsrlk.dll [4/4/2007 8:06 AM 151683]
S3 nimxpk;nimxpk;c:\windows\System32\drivers\nimxpkl.sys [12/18/2007 6:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\System32\drivers\ninshsdkl.sys [12/27/2007 9:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\System32\drivers\nipalfwedl.sys [12/12/2007 11:23 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\System32\drivers\nipalusbedl.sys [12/12/2007 11:22 PM 11896]
S3 nipsdk;nipsdk;c:\windows\System32\drivers\nipsdkl.sys [12/25/2007 9:47 PM 11392]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\System32\drivers\nipxigpk.sys [11/26/2007 5:22 PM 20768]
S3 nirfsa2k;nirfsa2k;c:\windows\System32\drivers\niRFSA2kl.sys [6/30/2007 11:07 PM 11552]
S3 niscdk;niscdk;c:\windows\System32\drivers\niscdkl.sys [1/8/2008 12:38 AM 11376]
S3 nisdigk;nisdigk;c:\windows\System32\drivers\nisdigkl.sys [2/14/2008 7:08 PM 11352]
S3 nisftk;nisftk;c:\windows\System32\drivers\nisftkl.sys [12/20/2007 3:54 PM 11344]
S3 nisldk;nisldk;c:\windows\System32\drivers\nisldkl.sys [8/3/2007 3:08 PM 11624]
S3 nispdk;nispdk;c:\windows\System32\drivers\nispdkl.sys [1/8/2008 12:38 AM 11376]
S3 nisrcdk;nisrcdk;c:\windows\System32\drivers\nisrcdkl.sys [11/13/2007 12:26 PM 11352]
S3 nissrk;nissrk;c:\windows\System32\drivers\nissrkl.sys [2/19/2008 11:43 PM 11336]
S3 nistc2k;nistc2k;c:\windows\System32\drivers\nistc2kl.sys [1/8/2008 12:35 AM 11312]
S3 nistcrk;nistcrk;c:\windows\System32\drivers\nistcrkl.sys [2/14/2008 8:58 PM 11360]
S3 niswdk;niswdk;c:\windows\System32\drivers\niswdkl.sys [1/2/2008 1:14 PM 11336]
S3 nitiork;nitiork;c:\windows\System32\drivers\nitiorkl.sys [2/19/2008 11:56 PM 11360]
S3 nitnr2k;nitnr2k;c:\windows\System32\drivers\nitnr2kl.sys [12/1/2007 6:01 PM 11328]
S3 niufurk;niufurk;c:\windows\System32\drivers\niufurkl.sys [2/19/2008 11:43 PM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\System32\drivers\NiViFWKl.sys [7/19/2007 10:48 AM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\System32\drivers\NiViPciKl.sys [1/10/2008 3:18 PM 11360]
S3 niwfrk;niwfrk;c:\windows\System32\drivers\niwfrkl.sys [2/19/2008 11:43 PM 11336]
S3 nixsrk;nixsrk;c:\windows\System32\drivers\nixsrkl.sys [2/19/2008 11:43 PM 11336]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\System32\drivers\silabenm.sys [7/5/2009 7:33 PM 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\System32\drivers\silabser.sys [7/5/2009 7:33 PM 62592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-29 04:43]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:43]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:43]

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000Core.job
- c:\users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 05:50]

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281148458-3325854604-1032724346-1000UA.job
- c:\users\Class2012\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-09 05:50]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{65857977-4242-41A6-B843-447FA13969B5}.job
- c:\windows\system32\msfeedssync.exe [2009-06-27 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.stevens.edu/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Class2012\AppData\Roaming\Mozilla\Firefox\Profiles\2qqsb9wa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevens.edu/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-14 13:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc2779F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(832)
c:\windows\SbHpNp.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(5716)
c:\windows\system32\APSHook.dll
.
Completion time: 2009-07-14 13:11
ComboFix-quarantined-files.txt 2009-07-14 17:10
ComboFix2.txt 2009-07-14 00:22

Pre-Run: 36,180,897,792 bytes free
Post-Run: 36,051,197,952 bytes free

430 --- E O F --- 2009-07-13 23:38

#15 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:43 PM

Posted 14 July 2009 - 06:03 PM

Hello.

Well, in that case, the only way to get a clean copy of the file is to uninstall and reinstall the Service Packs.

First, we'll create a new restore point.

Create New System Restore Point
  • Click on your Start Menu -> Run. Type into the Run box:
    %systemroot%\system32\restore\rstrui.exe
  • In the System Restore, select Create a restore point.
  • Give the Restore Point a name and click Create.
  • You should see a success message. Exit the System Restore.
Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.

Do not use the NTREGOPT that comes with the installation package.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. If you are using Windows Vista, right click the icon and select "Run As Administrator." Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes only if you are using Windows XP. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.


Using Add/Remove Programs, uninstall Windows Vista Service Pack 3.

Then, using Windows Updates, reinstall all updates.

Tell me how it goes.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users