Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

jl.chura.pl. and other stuff


  • This topic is locked This topic is locked
15 replies to this topic

#1 Luk3y

Luk3y

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 19 July 2009 - 12:43 AM

So for a while I've had a virus, cfrog stuff, I did the best I could to get rid of it but it was still there (when using a search engine then click a website and it would redirect to another, and it would also block some sites, bmezine for one :@.) I've recently upgraded from XP to vista home premium x32 and that past virus seems to be gone. But now it have this jl.chura.pl. thing poping up in the websites I've designed that are on my computer. It's put in it's own link in each html document and yeah, virus haven.

Anyway, I don't really know how to go about this but any help is good help.

Here's the HJT log.






---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:52 PM, on 19/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Luke\Program Files\DNA\btdna.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Luke\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OptusNet DSL Setup] E:\OptusNet.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Luke\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 3888 bytes


---------------------------------------------------------




Thanks again, Luk3y.

BC AdBot (Login to Remove)

 


#2 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 20 July 2009 - 03:23 AM

BUMP!!!!!!!!! Please help guys it's getting worse.

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 22 July 2009 - 05:41 AM

Hello and welcome to the BleepingComputer.com! :thumbup2:

I will be helping you today. :) If you still need help, please let me know by replying to this thread. :)

Please be advised, that I am still in training.
For your own protection, I may not offer you any advice without it being checked by more experienced helpers first. This can unfortunately lead to slight delays in the responses. However we are trying to help you as quickly as possible.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please give me some time to go through your log, I'll post back shortly.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 22 July 2009 - 07:36 AM

Thanks!!!!!!!!!!!!!! As a web designer this is the worst thing to happen.

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 22 July 2009 - 01:48 PM

Heya Luk3y,

this does indeed not look good, and a format might be your only solution, I'm sorry to say. :thumbup2:

But before we jump to conclusions, I would like to check a couple of things, to see what is really putting those lines into your html-code:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Please also provide a log from OTL:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 23 July 2009 - 04:43 AM

Filename: dwm.exe
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 18 May 2009 01:27:49 (CET)
File size: 83456 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: e87b968f3d49117445893eb0503fe34f
SHA1: 6a8b97e0307a171ce513dd0e022959d0a323de3d



Filename: explorer.exe
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 1 Jun 2009 19:32:54 (CET)
File size: 2923520 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 37440d09deae0b672a04dccf7abf06be
SHA1: 28cec32abf5a85e3ba4a83b2b300d129b79db160




Filename: sidebar.exe
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Thu 23 Jul 2009 11:35:25 (CET)
File size: 1232896 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 582f3a0ba61d8f0d50c66b592808b6d6
SHA1: a776adf18801b43866169ae46b9a61c1ff4a726d















OTL logfile created on: 23/07/2009 7:37:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.0 Folder = C:\Users\Luke\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16851)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.94 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 64.30% Memory free
4.00 Gb Paging File | 3.38 Gb Available in Paging File | 84.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.08 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Drive D: | 106.31 Gb Total Space | 29.35 Gb Free Space | 27.61% Space Free | Partition Type: NTFS
Drive E: | 391.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 224.96 Gb Free Space | 96.62% Space Free | Partition Type: FAT32

Computer Name: STUDY
Current User Name: Luke
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/11/02 22:35:24 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WISPTIS.EXE
PRC - [2006/11/02 22:35:46 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2007/03/31 11:06:26 | 01,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Tablet.exe
PRC - [2006/11/02 19:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2006/11/02 22:35:24 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WISPTIS.EXE
PRC - [2006/11/02 22:35:46 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/07/18 22:30:22 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/03/31 11:07:12 | 00,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\TabUserW.exe
PRC - [2007/03/31 11:06:26 | 01,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Tablet.exe
PRC - [2009/07/18 23:01:30 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/12/18 21:34:44 | 00,868,352 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/07/18 22:04:20 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/07/19 13:31:51 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009/07/19 14:22:47 | 00,318,272 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Luke\Program Files\DNA\btdna.exe
PRC - [2009/03/01 03:39:04 | 00,516,096 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
PRC - [2009/07/23 13:22:12 | 00,011,264 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\pridl\pridl.exe
PRC - [2006/11/02 22:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/02 22:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2009/07/23 15:28:14 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/04/30 19:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2006/11/02 22:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2006/11/02 22:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/18 22:04:20 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/10/19 20:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2007/10/19 20:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2006/11/02 22:35:47 | 00,197,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
PRC - [2009/07/18 21:07:44 | 00,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/07/18 21:07:46 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/23 15:27:57 | 00,277,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2007/11/06 01:50:44 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/07/23 19:36:42 | 00,534,528 | ---- | M] (OldTimer Tools) -- C:\Users\Luke\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/18 21:41:31 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/11/02 22:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 22:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 19:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/07/18 21:56:07 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/23 15:28:08 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2007/11/06 21:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/07/18 21:56:14 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/07/18 21:56:17 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/03/31 11:06:26 | 01,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2009/07/18 23:01:29 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006/11/02 22:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/01/16 11:41:50 | 00,316,928 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/11/02 19:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 19:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 19:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 19:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 19:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 19:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 19:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/07/18 21:35:08 | 00,012,400 | ---- | M] () -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2006/11/02 18:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 18:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 18:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 18:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 19:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 17:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 19:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2007/03/19 23:10:04 | 00,040,064 | ---- | M] (Kingston) -- C:\Windows\System32\DRIVERS\EUCR6SK.SYS -- (EUCR [On_Demand | Running])
DRV - [2008/12/04 13:11:30 | 00,043,520 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\DRIVERS\fetnd6v.sys -- (FETND6V [On_Demand | Running])
DRV - [2006/11/02 17:30:56 | 00,045,568 | ---- | M] (VIA Technologies, Inc. ) -- C:\Windows\System32\DRIVERS\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])
DRV - [2006/11/02 19:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 19:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 19:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 19:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 19:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 19:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 19:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 19:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/11/02 19:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 19:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2009/07/18 21:35:06 | 00,007,680 | ---- | M] () -- C:\Windows\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2006/11/02 19:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 17:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2006/11/02 19:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 19:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/11/02 19:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 16:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 19:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 19:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2001/03/19 22:30:00 | 00,021,600 | R--- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SNXpar.sys -- (SNXPAR [Auto | Stopped])
DRV - [2001/03/19 22:30:00 | 00,072,400 | R--- | M] (Sunix Co., Ltd.) -- C:\Windows\System32\drivers\SNXser.sys -- (SNXSER [Auto | Stopped])
DRV - [2006/11/02 19:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 19:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 19:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 19:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 19:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 19:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/07/18 22:33:13 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Boot | Running])
DRV - [2001/07/27 23:17:06 | 00,003,033 | ---- | M] (VIA Technologies. Inc.) -- C:\Windows\System32\Drivers\viapfd.sys -- (VIAPFD [System | Running])
DRV - [2006/11/02 19:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/02/17 05:12:36 | 00,011,312 | ---- | M] (Wacom Technology) -- C:\Windows\System32\DRIVERS\wacommousefilter.sys -- (wacommousefilter [On_Demand | Running])
DRV - [2007/02/17 04:30:12 | 00,012,848 | ---- | M] (Wacom Technology) -- C:\Windows\System32\DRIVERS\wacomvhid.sys -- (wacomvhid [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157






IE - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000\S-1-5-21-3284150126-2932492283-1699799664-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/19 02:10:13 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [OptusNet DSL Setup] E:\OptusNet.exe File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [BitTorrent DNA] C:\Users\Luke\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [Google Update] C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [pridl] C:\Users\Luke\AppData\Roaming\pridl\pridl.exe ()
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3284150126-2932492283-1699799664-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/19 01:20:40 | 00,000,026 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 00,000,024 | ---- | M] () - C:\AUTOEXEC.VIA -- [ NTFS ]
O32 - AutoRun File - [2003/08/15 21:24:20 | 00,000,184 | RH-- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/03/23 16:18:18 | 00,000,186 | -HS- | M] () - J:\autorun.inf.tmp -- [ FAT32 ]
O33 - MountPoints2\{8c051402-7503-11de-b1c6-0015f25c0471}\Shell\1\Command - "" = J:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{8c051402-7503-11de-b1c6-0015f25c0471}\Shell\2\Command - "" = J:\RUNAUT~1\autorun.pif -- File not found
O33 - MountPoints2\{8e448a00-737d-11de-af9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e448a00-737d-11de-af9d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2003/07/15 15:57:58 | 00,416,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8e448a00-737d-11de-af9d-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE -- [2003/07/15 15:57:58 | 00,416,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{8e448a00-737d-11de-af9d-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE -- [2003/07/15 15:57:58 | 00,416,824 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/23 18:39:25 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Google
[2009/07/23 15:27:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009/07/23 15:27:57 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/07/23 13:22:13 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\pridl
[2009/07/23 13:19:43 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/23 13:19:19 | 20,048,2093 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/22 22:59:36 | 00,190,943 | ---- | C] () -- C:\Users\Luke\Desktop\Creative Suite 4 Master Collection Read Me.pdf
[2009/07/22 22:59:36 | 00,169,419 | ---- | C] () -- C:\Users\Luke\Desktop\Creative Suite 4 Master Collection — Lisez-moi.pdf
[2009/07/22 22:59:36 | 00,149,069 | ---- | C] () -- C:\Users\Luke\Desktop\Léame de Creative Suite 4 Master Collection.pdf
[2009/07/22 22:39:12 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/22 22:39:02 | 00,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2009/07/22 22:35:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/07/22 22:34:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/07/22 22:33:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/07/22 22:33:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/07/22 22:29:32 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/07/22 13:15:58 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\WinRAR
[2009/07/20 17:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/20 16:07:09 | 00,000,000 | ---D | C] -- C:\System32
[2009/07/20 10:07:16 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/07/20 00:37:25 | 00,000,000 | ---D | C] -- C:\Users\Luke\Documents\PrintScreen Files
[2009/07/20 00:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2009/07/20 00:26:50 | 00,000,000 | ---D | C] -- C:\Program Files\KeyTweak
[2009/07/20 00:23:24 | 00,000,000 | ---D | C] -- C:\Users\Luke\Documents\My Scans
[2009/07/20 00:20:58 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\HP
[2009/07/20 00:19:27 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\HP
[2009/07/20 00:18:42 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2009/07/20 00:17:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2009/07/20 00:13:48 | 00,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/07/20 00:11:17 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009/07/20 00:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/07/20 00:09:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/07/20 00:07:06 | 00,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2009/07/20 00:06:59 | 00,117,760 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpzll5mu.dll
[2009/07/20 00:06:27 | 00,729,088 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiax7.dll
[2009/07/20 00:06:27 | 00,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2009/07/20 00:06:26 | 00,581,632 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl6.dll
[2009/07/20 00:06:26 | 00,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst15.dll
[2009/07/20 00:05:08 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/07/20 00:03:43 | 00,157,454 | ---- | C] () -- C:\Windows\hpoins27.dat
[2009/07/20 00:03:43 | 00,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2009/07/20 00:00:47 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009/07/20 00:00:12 | 00,000,000 | ---D | C] -- C:\ProgramData\AppData
[2009/07/19 23:59:04 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\WTablet
[2009/07/19 23:58:55 | 01,378,779 | ---- | C] () -- C:\Windows\System32\PenTablet.znc
[2009/07/19 23:58:51 | 02,659,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\PenTablet.cpl
[2009/07/19 23:57:22 | 00,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2009/07/19 23:57:22 | 00,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2009/07/19 23:57:21 | 00,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2009/07/19 23:57:20 | 00,124,464 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2009/07/19 23:57:19 | 01,189,424 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Tablet.exe
[2009/07/19 23:57:17 | 00,000,000 | ---D | C] -- C:\Program Files\Tablet
[2009/07/19 15:36:41 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/19 15:08:53 | 00,000,000 | R-SD | C] -- C:\Users\Luke\Documents\My Stationery
[2009/07/19 14:55:29 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/19 14:55:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/19 14:46:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/19 14:14:09 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/07/19 14:11:54 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/07/19 14:11:14 | 00,000,000 | ---D | C] -- C:\Program Files\D-Link
[2009/07/19 14:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\OptusNet DSL Internet
[2009/07/19 14:04:10 | 00,000,758 | ---- | C] () -- C:\Users\Luke\Documents\My Sharing Folders.lnk
[2009/07/19 14:02:51 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\BitTorrent
[2009/07/19 14:02:45 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\DNA
[2009/07/19 14:02:45 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\DNA
[2009/07/19 14:02:45 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/07/19 14:02:44 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/07/19 13:42:03 | 00,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3284150126-2932492283-1699799664-1000UA.job
[2009/07/19 13:42:02 | 00,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3284150126-2932492283-1699799664-1000Core.job
[2009/07/19 13:41:17 | 00,000,000 | ---D | C] -- C:\Users\Luke\Documents\My Received Files
[2009/07/19 13:40:50 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/07/19 13:35:06 | 00,000,000 | -HSD | C] -- C:\Program Files\Common Files\WindowsLiveInstaller
[2009/07/19 13:34:50 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/19 13:34:26 | 00,000,000 | ---D | C] -- C:\ProgramData\WLInstaller
[2009/07/19 13:33:59 | 00,000,000 | ---D | C] -- C:\Users\Luke\Documents\Downloads
[2009/07/19 13:31:51 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Google
[2009/07/19 13:26:01 | 00,001,849 | ---- | C] () -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/07/19 13:26:01 | 00,000,000 | ---D | C] -- C:\Users\Luke\Documents\Stardock
[2009/07/19 13:26:01 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Stardock
[2009/07/19 13:24:59 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/07/19 13:23:32 | 00,000,000 | ---D | C] -- C:\Users\Luke\Desktop\Adobe CS4
[2009/07/19 13:23:08 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/07/19 13:23:05 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/07/19 13:23:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2009/07/19 13:22:56 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/07/19 13:22:54 | 00,438,840 | RHS- | C] () -- C:\bootmgr
[2009/07/19 13:22:54 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/07/19 12:00:16 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Microsoft Games
[2009/07/19 11:48:54 | 00,005,632 | ---- | C] () -- C:\Users\Luke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/19 11:12:02 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/07/19 10:53:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/19 02:39:04 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\DriverCure
[2009/07/19 02:39:01 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/07/19 02:39:01 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverCure
[2009/07/19 02:19:18 | 00,000,000 | ---D | C] -- C:\Thesycon
[2009/07/19 02:10:38 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/07/19 01:20:42 | 00,001,668 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IDETool.lnk
[2009/07/19 01:20:40 | 00,050,272 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\VIADSK.SYS
[2009/07/19 01:20:40 | 00,003,033 | ---- | C] (VIA Technologies. Inc.) -- C:\Windows\System32\drivers\viapfd.sys
[2009/07/19 01:20:40 | 00,000,000 | ---D | C] -- C:\Program Files\IDETOOL
[2009/07/19 00:48:13 | 00,599,552 | R--- | C] () -- C:\Windows\System32\SNPCICTL.cpl
[2009/07/19 00:48:13 | 00,404,480 | R--- | C] (Copyright SUNIX Co., Ltd.) -- C:\Windows\System32\SNUnInst.exe
[2009/07/19 00:48:13 | 00,072,400 | R--- | C] (Sunix Co., Ltd.) -- C:\Windows\System32\drivers\SNXser.sys
[2009/07/19 00:48:13 | 00,021,600 | R--- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\SNXpar.sys
[2009/07/19 00:44:43 | 00,000,000 | ---D | C] -- C:\Windows\Profiles
[2009/07/19 00:44:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2009/07/19 00:44:42 | 00,000,000 | ---D | C] -- C:\Users\Luke\Documents\My eBooks
[2009/07/19 00:44:42 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\InterTrust
[2009/07/19 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/07/19 00:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/07/19 00:19:39 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/07/19 00:19:10 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Downloaded Installations
[2009/07/19 00:17:36 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\GetRightToGo
[2009/07/18 23:17:23 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/07/18 23:17:23 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/07/18 23:17:22 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/07/18 23:17:22 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/07/18 23:16:01 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/07/18 23:16:01 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/07/18 23:15:59 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/07/18 23:15:59 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2009/07/18 23:15:58 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/07/18 23:15:58 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/07/18 23:15:58 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/07/18 23:15:58 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2009/07/18 23:15:58 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/07/18 23:15:57 | 00,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/07/18 23:15:57 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/07/18 23:15:57 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/07/18 23:15:57 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/07/18 23:15:57 | 00,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2009/07/18 23:15:56 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/07/18 23:15:55 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2009/07/18 23:15:54 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/07/18 23:15:54 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/07/18 23:15:54 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/07/18 23:15:54 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/07/18 23:15:53 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/07/18 23:15:53 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/07/18 23:15:53 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/07/18 23:14:36 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/07/18 23:14:36 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/07/18 23:14:36 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/07/18 23:13:03 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/07/18 23:13:03 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/07/18 23:13:03 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/07/18 23:13:03 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/07/18 23:13:03 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/07/18 23:13:02 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/07/18 23:13:02 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/07/18 23:13:02 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/07/18 23:11:24 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2009/07/18 23:11:24 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2009/07/18 23:11:24 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll
[2009/07/18 23:10:00 | 00,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/07/18 23:09:59 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/07/18 23:09:58 | 00,258,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/07/18 23:09:55 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/07/18 23:09:55 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/07/18 23:09:54 | 01,655,289 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/18 23:09:54 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/07/18 23:09:54 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/07/18 23:09:54 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/07/18 23:09:53 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/07/18 23:09:53 | 00,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/07/18 23:08:40 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/07/18 23:08:40 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/07/18 23:07:31 | 02,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/07/18 23:06:16 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/18 23:06:16 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/18 23:06:16 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/18 23:06:16 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/18 23:06:16 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/18 23:06:16 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/18 23:03:50 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2009/07/18 23:03:49 | 00,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/07/18 23:00:19 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/18 22:59:07 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/18 22:58:30 | 00,000,416 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AE0294EA-0048-4599-8D0C-F38F463D1EC5}.job
[2009/07/18 22:57:48 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/07/18 22:56:30 | 01,060,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/18 22:56:30 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/07/18 22:55:04 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/07/18 22:53:49 | 00,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/07/18 22:52:34 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/18 22:52:34 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/07/18 22:51:18 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/07/18 22:51:15 | 04,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/07/18 22:51:15 | 01,687,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/07/18 22:49:56 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/07/18 22:48:40 | 01,194,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/07/18 22:48:39 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/07/18 22:47:26 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/07/18 22:46:12 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/07/18 22:44:59 | 00,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/07/18 22:44:58 | 00,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/07/18 22:44:58 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/07/18 22:44:58 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/07/18 22:44:58 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/07/18 22:44:57 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/07/18 22:44:57 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/07/18 22:44:57 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/07/18 22:44:57 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/07/18 22:43:46 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/07/18 22:42:22 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/07/18 22:40:38 | 08,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/07/18 22:40:37 | 10,619,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/07/18 22:40:37 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/07/18 22:40:36 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/18 22:40:35 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/18 22:38:32 | 11,315,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/07/18 22:37:06 | 00,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/07/18 22:33:13 | 00,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/07/18 22:33:13 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/07/18 22:33:13 | 00,020,024 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys
[2009/07/18 22:33:12 | 00,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/07/18 22:33:11 | 00,211,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/18 22:33:11 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/18 22:31:45 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2009/07/18 22:30:22 | 02,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/18 22:27:49 | 00,000,000 | ---D | C] -- C:\Netgear
[2009/07/18 22:27:37 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2009/07/18 22:27:37 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/07/18 22:27:36 | 00,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/07/18 22:27:36 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/07/18 22:27:36 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys
[2009/07/18 22:27:36 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2009/07/18 22:27:35 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/07/18 22:27:35 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2009/07/18 22:25:28 | 00,803,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/18 22:25:28 | 00,216,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/07/18 22:25:28 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/07/18 22:25:28 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/07/18 22:25:28 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/07/18 22:24:14 | 01,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/07/18 22:24:13 | 01,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/07/18 22:24:13 | 01,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/07/18 22:24:13 | 01,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/07/18 22:24:13 | 01,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/07/18 22:24:12 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/07/18 22:24:12 | 01,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/07/18 22:24:11 | 07,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/07/18 22:24:11 | 05,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/07/18 22:24:11 | 05,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/07/18 22:24:10 | 06,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/07/18 22:24:10 | 04,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/07/18 22:24:10 | 02,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/07/18 22:24:09 | 04,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/07/18 22:24:09 | 03,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/07/18 22:24:08 | 11,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/07/18 22:24:08 | 06,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/07/18 22:24:07 | 04,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/07/18 22:24:07 | 01,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/07/18 22:24:06 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/07/18 22:24:06 | 03,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/07/18 22:24:06 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/07/18 22:24:06 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/07/18 22:24:05 | 04,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/07/18 22:24:05 | 01,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/07/18 22:24:04 | 06,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/07/18 22:24:04 | 04,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/07/18 22:24:04 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/07/18 22:24:03 | 06,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/07/18 22:24:03 | 06,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/07/18 22:24:02 | 09,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/07/18 22:24:02 | 06,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/07/18 22:24:01 | 05,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/07/18 22:24:01 | 04,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/07/18 22:24:01 | 01,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/07/18 22:24:00 | 07,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/07/18 22:24:00 | 05,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/07/18 22:24:00 | 05,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/07/18 22:23:59 | 05,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/07/18 22:23:59 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/07/18 22:23:59 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/07/18 22:23:57 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/07/18 22:23:57 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/07/18 22:23:57 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/07/18 22:23:57 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/07/18 22:23:57 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/07/18 22:23:56 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/07/18 22:23:56 | 02,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/07/18 22:23:56 | 01,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/07/18 22:23:55 | 04,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/07/18 22:23:55 | 03,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/07/18 22:23:55 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/07/18 22:23:55 | 01,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/07/18 22:23:54 | 02,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/07/18 22:23:54 | 02,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/07/18 22:23:54 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/07/18 22:23:54 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/07/18 22:23:53 | 04,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/07/18 22:23:53 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/07/18 22:23:53 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/07/18 22:23:52 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/07/18 22:23:52 | 03,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/07/18 22:23:52 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/07/18 22:23:52 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/07/18 22:23:52 | 01,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/07/18 22:23:51 | 09,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/07/18 22:23:51 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/07/18 22:23:51 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/07/18 22:23:50 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/07/18 22:23:50 | 02,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/07/18 22:23:50 | 02,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/07/18 22:23:50 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/07/18 22:23:49 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/07/18 22:23:49 | 04,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/07/18 22:23:49 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2009/07/18 22:23:49 | 00,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/07/18 22:23:48 | 06,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/07/18 22:23:48 | 01,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/07/18 22:19:39 | 01,585,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/07/18 22:18:49 | 00,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/07/18 22:18:49 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/07/18 22:18:49 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/07/18 22:18:49 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/07/18 22:18:48 | 00,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/07/18 22:18:48 | 00,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/07/18 22:18:48 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/07/18 22:18:48 | 00,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/07/18 22:18:47 | 00,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/07/18 22:18:47 | 00,224,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/18 22:18:46 | 00,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/07/18 22:18:46 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/07/18 22:18:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/07/18 22:18:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/07/18 22:18:45 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/07/18 22:18:45 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/07/18 22:18:45 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/07/18 22:18:44 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/07/18 22:18:44 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/07/18 22:18:44 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/07/18 22:18:44 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/07/18 22:18:43 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/07/18 22:18:42 | 00,495,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/07/18 22:18:42 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/07/18 22:18:42 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/07/18 22:18:41 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/18 22:18:41 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/07/18 22:18:41 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/07/18 22:18:41 | 00,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/07/18 22:18:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/07/18 22:18:41 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2009/07/18 22:18:41 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/07/18 22:18:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/07/18 22:15:39 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/07/18 22:15:38 | 03,503,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/18 22:15:38 | 03,469,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/18 22:15:38 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/18 22:15:38 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/18 22:15:36 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/18 22:15:36 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/18 22:15:35 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/07/18 22:15:35 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/18 22:12:21 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/07/18 22:12:21 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/07/18 22:12:21 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/07/18 22:11:23 | 00,875,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/18 22:11:22 | 01,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/18 22:11:22 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/07/18 22:11:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/07/18 22:11:21 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/07/18 22:11:21 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/07/18 22:10:18 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/07/18 22:10:17 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/07/18 22:10:17 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/07/18 22:10:16 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/07/18 22:10:16 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/07/18 22:10:16 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/07/18 22:10:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/07/18 22:10:15 | 02,605,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/07/18 22:10:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/07/18 22:09:12 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/07/18 22:09:11 | 00,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/07/18 22:09:10 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/07/18 22:07:30 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/07/18 22:07:30 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/07/18 22:07:29 | 01,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/07/18 22:07:29 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/07/18 22:07:29 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/07/18 22:07:29 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/07/18 22:07:27 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/07/18 22:07:27 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/07/18 22:07:27 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/07/18 22:07:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/07/18 22:07:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/07/18 22:07:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/07/18 22:07:26 | 08,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/07/18 22:07:26 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/07/18 22:06:26 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/07/18 22:06:26 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/07/18 22:05:23 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/07/18 22:05:23 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/07/18 22:04:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/07/18 22:02:03 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/07/18 22:01:21 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/07/18 22:01:21 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/07/18 22:01:21 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/07/18 22:00:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/07/18 22:00:01 | 00,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/18 21:56:13 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/18 21:56:13 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/18 21:56:12 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/18 21:56:12 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/18 21:56:07 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/18 21:56:06 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/18 21:56:06 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/18 21:56:06 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/18 21:52:04 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Macromedia
[2009/07/18 21:52:04 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Adobe
[2009/07/18 21:52:02 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/07/18 21:44:09 | 18,546,688 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/18 21:44:09 | 00,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/18 21:44:09 | 00,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/18 21:41:34 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/18 21:41:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/07/18 21:41:32 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/18 21:41:32 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/18 21:41:32 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/18 21:35:44 | 00,962,612 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42d.dll
[2009/07/18 21:35:44 | 00,434,252 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVCRTD.DLL
[2009/07/18 21:35:34 | 00,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2009/07/18 21:35:34 | 00,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/07/18 21:35:32 | 00,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2009/07/18 21:35:32 | 00,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2009/07/18 21:35:32 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS
[2009/07/18 21:35:06 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/18 21:14:41 | 02,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/07/18 21:14:41 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/07/18 21:14:41 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/07/18 21:14:40 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/07/18 21:14:40 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/07/18 21:14:40 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/07/18 21:14:40 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/07/18 21:14:39 | 02,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/07/18 21:14:10 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/07/18 21:14:10 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/07/18 21:14:10 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/07/18 21:14:10 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/07/18 21:13:27 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/07/18 21:13:27 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/07/18 21:12:56 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/07/18 21:12:30 | 02,540,846 | -H-- | C] () -- C:\Users\Luke\AppData\Local\IconCache.db
[2009/07/18 21:12:14 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/07/18 21:12:14 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2009/07/18 21:12:13 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2009/07/18 21:11:30 | 00,788,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/07/18 21:10:35 | 01,327,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/07/18 21:10:11 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/07/18 21:09:44 | 00,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/07/18 21:08:01 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/07/18 21:08:00 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/18 21:08:00 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/18 21:08:00 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/07/18 21:08:00 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/07/18 21:07:59 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/07/18 21:07:58 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/18 21:07:58 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/18 21:07:57 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/18 21:07:56 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/07/18 21:07:56 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/07/18 21:07:55 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/18 21:07:54 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/18 21:07:53 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/18 21:07:51 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/18 21:07:51 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/18 21:07:51 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/18 21:07:50 | 03,596,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/18 21:07:50 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/07/18 21:07:49 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/18 21:07:48 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/18 21:07:48 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/07/18 21:07:47 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/18 21:07:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/18 21:07:45 | 01,159,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/18 21:07:45 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/18 21:07:44 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/18 21:07:44 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/18 21:07:44 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/18 21:07:44 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/07/18 21:07:44 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/18 21:06:26 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/07/18 21:06:01 | 01,341,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/07/18 21:06:01 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/07/18 21:04:19 | 00,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/07/18 21:02:08 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\skypePM
[2009/07/18 20:55:29 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Skype
[2009/07/18 20:54:38 | 00,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/18 20:54:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/07/18 20:54:35 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/07/18 20:54:21 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/07/18 20:54:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/07/18 20:31:55 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2009/07/18 20:25:03 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\InstallShield
[2009/07/18 19:56:54 | 00,053,248 | ---- | C] (Analog Devices Inc.) -- C:\Windows\System32\wdmioctl.dll
[2009/07/18 19:56:53 | 01,285,632 | ---- | C] (Analog Devices) -- C:\Windows\System32\SMMedia.dll
[2009/07/18 19:56:49 | 00,049,152 | ---- | C] (Analog Devices Inc.) -- C:\Windows\System32\DSndUp.exe
[2009/07/18 19:56:49 | 00,045,056 | ---- | C] (adi) -- C:\Windows\System32\CleanUp.exe
[2009/07/18 19:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2009/07/18 19:56:32 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/07/18 19:52:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/07/18 19:50:51 | 00,000,486 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/18 19:50:50 | 00,000,000 | ---D | C] -- C:\Windows\AS_SCRIPTS
[2009/07/18 19:50:47 | 00,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009/07/18 19:46:24 | 00,078,048 | ---- | C] () -- C:\Users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/18 19:46:02 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Identities
[2009/07/18 19:45:59 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\VirtualStore
[2009/07/18 19:45:56 | 00,000,680 | ---- | C] () -- C:\Users\Luke\AppData\Local\d3d9caps.dat
[2009/07/18 19:45:54 | 00,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Videos
[2009/07/18 19:45:54 | 00,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Pictures
[2009/07/18 19:45:54 | 00,000,000 | -HSD | C] -- C:\Users\Luke\Documents\My Music
[2009/07/18 19:45:54 | 00,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\Temporary Internet Files
[2009/07/18 19:45:54 | 00,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\History
[2009/07/18 19:45:54 | 00,000,000 | -HSD | C] -- C:\Users\Luke\AppData\Local\Application Data
[2009/07/18 19:45:53 | 00,000,000 | --SD | C] -- C:\Users\Luke\AppData\Roaming\Microsoft
[2009/07/18 19:45:53 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Roaming\Media Center Programs
[2009/07/18 19:45:53 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Temp
[2009/07/18 19:45:53 | 00,000,000 | ---D | C] -- C:\Users\Luke\AppData\Local\Microsoft
[2009/07/18 19:45:46 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/07/18 19:45:46 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/07/18 19:45:46 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/07/18 19:45:46 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/07/18 19:45:19 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/07/18 19:45:19 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/07/18 19:45:19 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/07/18 19:44:50 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/07/18 19:44:49 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/07/18 19:40:54 | 20,797,11232 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/18 19:32:57 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/07/18 19:31:30 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/07/18 19:30:10 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2006/11/02 22:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 20:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 20:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 17:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll

========== Files - Modified Within 30 Days ==========

[2009/07/23 19:25:33 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/23 19:25:33 | 00,621,746 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/23 19:25:33 | 00,107,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/23 19:22:58 | 00,000,680 | ---- | M] () -- C:\Users\Luke\AppData\Local\d3d9caps.dat
[2009/07/23 19:22:32 | 00,078,048 | ---- | M] () -- C:\Users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/23 19:19:31 | 00,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/23 19:19:31 | 00,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/23 19:19:30 | 00,317,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/23 19:19:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/23 19:19:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/23 19:19:08 | 20,797,11232 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 18:52:57 | 02,540,846 | -H-- | M] () -- C:\Users\Luke\AppData\Local\IconCache.db
[2009/07/23 18:47:00 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3284150126-2932492283-1699799664-1000UA.job
[2009/07/23 13:47:00 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3284150126-2932492283-1699799664-1000Core.job
[2009/07/23 13:19:43 | 20,048,2093 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/22 22:39:12 | 00,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2009/07/22 19:34:03 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AE0294EA-0048-4599-8D0C-F38F463D1EC5}.job
[2009/07/20 21:10:52 | 00,005,632 | ---- | M] () -- C:\Users\Luke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/20 00:18:38 | 00,157,454 | ---- | M] () -- C:\Windows\hpoins27.dat
[2009/07/20 00:18:08 | 00,000,179 | ---- | M] () -- C:\Windows\win.ini
[2009/07/20 00:13:48 | 00,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/07/19 17:15:19 | 00,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/19 14:56:03 | 00,000,758 | ---- | M] () -- C:\Users\Luke\Documents\My Sharing Folders.lnk
[2009/07/19 13:26:01 | 00,001,849 | ---- | M] () -- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2009/07/19 13:22:56 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/07/19 02:10:38 | 00,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/07/19 01:20:42 | 00,001,668 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IDETool.lnk
[2009/07/19 01:20:40 | 00,000,026 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/18 23:56:46 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/07/18 23:17:23 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/07/18 23:17:23 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/07/18 23:17:22 | 00,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/07/18 23:17:22 | 00,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/07/18 23:16:01 | 00,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/07/18 23:16:01 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/07/18 23:15:59 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2009/07/18 23:15:59 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndistapi.sys
[2009/07/18 23:15:58 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2009/07/18 23:15:58 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/07/18 23:15:58 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2009/07/18 23:15:58 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndproxy.sys
[2009/07/18 23:15:58 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2009/07/18 23:15:57 | 00,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/07/18 23:15:57 | 00,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/07/18 23:15:57 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wanarp.sys
[2009/07/18 23:15:57 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2009/07/18 23:15:57 | 00,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2009/07/18 23:15:56 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2009/07/18 23:15:55 | 00,286,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipnathlp.dll
[2009/07/18 23:15:54 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/07/18 23:15:54 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/07/18 23:15:54 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/07/18 23:15:54 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/07/18 23:15:53 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/07/18 23:15:53 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/07/18 23:15:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/07/18 23:14:36 | 00,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/07/18 23:14:36 | 00,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/07/18 23:14:36 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/07/18 23:13:03 | 01,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/07/18 23:13:03 | 00,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/07/18 23:13:03 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/07/18 23:13:03 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/07/18 23:13:03 | 00,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/07/18 23:13:02 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/07/18 23:13:02 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2009/07/18 23:13:02 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2009/07/18 23:11:24 | 00,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2009/07/18 23:11:24 | 00,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2009/07/18 23:11:24 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll
[2009/07/18 23:10:00 | 00,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/07/18 23:09:59 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/07/18 23:09:58 | 00,258,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/07/18 23:09:55 | 01,655,289 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2009/07/18 23:09:55 | 00,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/07/18 23:09:55 | 00,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/07/18 23:09:54 | 00,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/07/18 23:09:54 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/07/18 23:09:54 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/07/18 23:09:53 | 00,502,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/07/18 23:09:53 | 00,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/07/18 23:08:40 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/07/18 23:08:40 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/07/18 23:07:31 | 02,028,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/07/18 23:06:16 | 00,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/18 23:06:16 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/18 23:06:16 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/18 23:06:16 | 00,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/18 23:06:16 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/18 23:06:16 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/18 23:03:50 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2009/07/18 23:03:49 | 00,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/07/18 23:00:19 | 00,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/18 22:59:07 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/18 22:57:48 | 00,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/07/18 22:56:30 | 01,060,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/18 22:56:30 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys
[2009/07/18 22:55:04 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/07/18 22:53:49 | 00,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/07/18 22:52:34 | 00,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/18 22:52:34 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/07/18 22:51:18 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/07/18 22:51:15 | 04,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/07/18 22:51:15 | 01,687,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/07/18 22:49:56 | 00,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/07/18 22:48:40 | 01,194,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/07/18 22:48:39 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2009/07/18 22:47:26 | 00,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/07/18 22:46:12 | 00,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/07/18 22:44:59 | 00,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/07/18 22:44:58 | 00,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/07/18 22:44:58 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/07/18 22:44:58 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/07/18 22:44:58 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/07/18 22:44:57 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/07/18 22:44:57 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/07/18 22:44:57 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/07/18 22:44:57 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/07/18 22:43:46 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/07/18 22:42:22 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/07/18 22:40:38 | 08,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/07/18 22:40:37 | 10,619,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/07/18 22:40:37 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/07/18 22:40:36 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/18 22:40:35 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/18 22:38:32 | 11,315,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/07/18 22:37:06 | 00,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/07/18 22:33:13 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/07/18 22:33:13 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/07/18 22:33:13 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys
[2009/07/18 22:33:12 | 00,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/07/18 22:33:11 | 00,211,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/18 22:33:11 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/18 22:31:45 | 00,104,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2009/07/18 22:30:22 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/18 22:27:37 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2009/07/18 22:27:37 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/07/18 22:27:36 | 00,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/07/18 22:27:36 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/07/18 22:27:36 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbuhci.sys
[2009/07/18 22:27:36 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2009/07/18 22:27:35 | 00,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/07/18 22:27:35 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2009/07/18 22:25:28 | 00,803,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/18 22:25:28 | 00,216,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/07/18 22:25:28 | 00,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/07/18 22:25:28 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/07/18 22:25:28 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2009/07/18 22:24:14 | 01,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2009/07/18 22:24:13 | 01,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2009/07/18 22:24:13 | 01,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2009/07/18 22:24:13 | 01,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2009/07/18 22:24:13 | 01,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2009/07/18 22:24:12 | 05,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2009/07/18 22:24:12 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2009/07/18 22:24:12 | 01,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2009/07/18 22:24:11 | 07,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2009/07/18 22:24:11 | 05,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2009/07/18 22:24:10 | 06,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2009/07/18 22:24:10 | 04,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2009/07/18 22:24:10 | 02,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2009/07/18 22:24:09 | 06,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2009/07/18 22:24:09 | 04,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2009/07/18 22:24:09 | 03,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2009/07/18 22:24:08 | 11,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2009/07/18 22:24:07 | 12,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/07/18 22:24:07 | 04,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2009/07/18 22:24:07 | 01,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2009/07/18 22:24:06 | 03,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2009/07/18 22:24:06 | 02,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/07/18 22:24:06 | 01,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2009/07/18 22:24:05 | 04,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2009/07/18 22:24:05 | 04,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2009/07/18 22:24:05 | 01,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2009/07/18 22:24:04 | 06,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2009/07/18 22:24:04 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2009/07/18 22:24:03 | 06,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2009/07/18 22:24:03 | 06,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2009/07/18 22:24:02 | 09,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2009/07/18 22:24:02 | 06,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2009/07/18 22:24:01 | 05,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2009/07/18 22:24:01 | 04,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2009/07/18 22:24:01 | 01,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2009/07/18 22:24:00 | 07,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2009/07/18 22:24:00 | 05,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2009/07/18 22:24:00 | 05,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2009/07/18 22:23:59 | 05,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2009/07/18 22:23:59 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2009/07/18 22:23:59 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2009/07/18 22:23:58 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2009/07/18 22:23:57 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2009/07/18 22:23:57 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2009/07/18 22:23:57 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2009/07/18 22:23:57 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2009/07/18 22:23:56 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2009/07/18 22:23:56 | 02,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2009/07/18 22:23:56 | 01,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2009/07/18 22:23:55 | 04,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2009/07/18 22:23:55 | 03,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2009/07/18 22:23:55 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2009/07/18 22:23:55 | 01,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2009/07/18 22:23:54 | 02,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2009/07/18 22:23:54 | 02,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2009/07/18 22:23:54 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2009/07/18 22:23:54 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2009/07/18 22:23:53 | 04,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2009/07/18 22:23:53 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2009/07/18 22:23:53 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2009/07/18 22:23:53 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2009/07/18 22:23:52 | 03,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2009/07/18 22:23:52 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2009/07/18 22:23:52 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2009/07/18 22:23:52 | 01,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2009/07/18 22:23:51 | 09,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2009/07/18 22:23:51 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2009/07/18 22:23:51 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2009/07/18 22:23:50 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2009/07/18 22:23:50 | 02,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2009/07/18 22:23:50 | 02,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2009/07/18 22:23:50 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2009/07/18 22:23:49 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2009/07/18 22:23:49 | 04,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2009/07/18 22:23:49 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2009/07/18 22:23:49 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/07/18 22:23:48 | 06,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2009/07/18 22:23:48 | 01,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2009/07/18 22:19:39 | 01,585,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/07/18 22:18:53 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2009/07/18 22:18:53 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2009/07/18 22:18:53 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2009/07/18 22:18:53 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2009/07/18 22:18:53 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2009/07/18 22:18:53 | 00,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2009/07/18 22:18:49 | 00,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/07/18 22:18:49 | 00,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/07/18 22:18:49 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/07/18 22:18:49 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/07/18 22:18:48 | 00,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/07/18 22:18:48 | 00,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/07/18 22:18:48 | 00,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/07/18 22:18:48 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/07/18 22:18:47 | 00,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/07/18 22:18:47 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/18 22:18:46 | 00,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/07/18 22:18:46 | 00,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/07/18 22:18:46 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/07/18 22:18:46 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/07/18 22:18:45 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/07/18 22:18:45 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/07/18 22:18:45 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/07/18 22:18:44 | 00,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/07/18 22:18:44 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/07/18 22:18:44 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/07/18 22:18:44 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2009/07/18 22:18:43 | 00,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/07/18 22:18:42 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys
[2009/07/18 22:18:42 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2009/07/18 22:18:42 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/07/18 22:18:41 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/07/18 22:18:41 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/07/18 22:18:41 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2009/07/18 22:18:41 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/07/18 22:18:41 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/07/18 22:18:41 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2009/07/18 22:18:41 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/07/18 22:18:41 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2009/07/18 22:15:39 | 03,503,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/18 22:15:39 | 00,549,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/07/18 22:15:38 | 03,469,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/18 22:15:38 | 00,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/18 22:15:38 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/18 22:15:36 | 00,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/18 22:15:36 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/18 22:15:35 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/07/18 22:15:35 | 00,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/18 22:12:21 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/07/18 22:12:21 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2009/07/18 22:12:21 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2009/07/18 22:11:23 | 00,875,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/18 22:11:22 | 01,233,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/18 22:11:22 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/07/18 22:11:22 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/07/18 22:11:21 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/07/18 22:11:21 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/07/18 22:10:18 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/07/18 22:10:17 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/07/18 22:10:17 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/07/18 22:10:16 | 00,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/07/18 22:10:16 | 00,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/07/18 22:10:16 | 00,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/07/18 22:10:16 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/07/18 22:10:15 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/07/18 22:10:15 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/07/18 22:09:12 | 00,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/07/18 22:09:11 | 00,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/07/18 22:09:10 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/07/18 22:07:30 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/07/18 22:07:30 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2009/07/18 22:07:29 | 01,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/07/18 22:07:29 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/07/18 22:07:29 | 00,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/07/18 22:07:29 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2009/07/18 22:07:27 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2009/07/18 22:07:27 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/07/18 22:07:27 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2009/07/18 22:07:27 | 00,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2009/07/18 22:07:27 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvidc32.dll
[2009/07/18 22:07:27 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrle32.dll
[2009/07/18 22:07:26 | 08,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/07/18 22:07:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/07/18 22:06:26 | 00,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/07/18 22:06:26 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2009/07/18 22:05:23 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/07/18 22:05:23 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2009/07/18 22:04:20 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2009/07/18 22:02:03 | 00,290,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/07/18 22:01:21 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/07/18 22:01:21 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/07/18 22:01:21 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/07/18 22:00:43 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/07/18 22:00:01 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/18 21:56:13 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/18 21:56:13 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/18 21:56:12 | 00,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/18 21:56:12 | 00,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/18 21:56:07 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/18 21:56:06 | 00,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/18 21:56:06 | 00,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/18 21:56:06 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/18 21:48:49 | 18,546,688 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2009/07/18 21:48:49 | 00,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2009/07/18 21:48:49 | 00,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2009/07/18 21:41:34 | 00,096,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/18 21:41:34 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/07/18 21:41:32 | 00,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/18 21:41:32 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/18 21:41:32 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/18 21:35:08 | 00,012,400 | ---- | M] () -- C:\Windows\System32\drivers\AsIO.sys
[2009/07/18 21:35:07 | 00,024,576 | ---- | M] () -- C:\Windows\System32\AsIO.dll
[2009/07/18 21:35:06 | 00,007,680 | ---- | M] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/18 21:23:57 | 02,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/07/18 21:23:57 | 00,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/07/18 21:23:57 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/07/18 21:23:57 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/07/18 21:23:56 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/07/18 21:23:55 | 00,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/07/18 21:23:55 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/07/18 21:23:54 | 02,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/07/18 21:14:10 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/07/18 21:14:10 | 00,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/07/18 21:14:10 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/07/18 21:14:10 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/07/18 21:13:27 | 00,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/07/18 21:13:27 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2009/07/18 21:12:56 | 01,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/07/18 21:12:14 | 00,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2009/07/18 21:12:14 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/07/18 21:12:14 | 00,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2009/07/18 21:11:30 | 00,788,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/07/18 21:10:35 | 01,327,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/07/18 21:10:11 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/07/18 21:09:44 | 00,974,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/07/18 21:08:01 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/07/18 21:08:00 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/18 21:08:00 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/18 21:08:00 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/07/18 21:08:00 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/07/18 21:07:59 | 02,455,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/07/18 21:07:59 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/18 21:07:58 | 00,827,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/18 21:07:57 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/07/18 21:07:57 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/18 21:07:56 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/07/18 21:07:55 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/18 21:07:54 | 00,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/18 21:07:53 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/18 21:07:51 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/18 21:07:51 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/18 21:07:51 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/18 21:07:50 | 03,596,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/18 21:07:50 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/07/18 21:07:49 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/18 21:07:48 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/18 21:07:48 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/07/18 21:07:47 | 01,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/18 21:07:46 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/18 21:07:45 | 01,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/18 21:07:45 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/18 21:07:44 | 00,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/18 21:07:44 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/18 21:07:44 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/18 21:07:44 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/07/18 21:07:44 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/18 21:06:26 | 00,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/07/18 21:06:01 | 01,341,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/07/18 21:06:01 | 00,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2009/07/18 21:04:19 | 00,750,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/07/18 19:50:54 | 00,000,486 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2009/07/18 19:45:46 | 01,809,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/07/18 19:45:46 | 01,524,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/07/18 19:45:46 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/07/18 19:45:46 | 00,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/07/18 19:45:19 | 00,561,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/07/18 19:45:19 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/07/18 19:45:19 | 00,034,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/07/18 19:44:50 | 00,162,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/07/18 19:44:49 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/07/18 19:36:47 | 00,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/07/18 19:34:05 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2009/07/07 08:10:58 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >




OTL Extras logfile created on: 23/07/2009 7:37:24 PM - Run 1
OTL by OldTimer - Version 3.0.10.0 Folder = C:\Users\Luke\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16851)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.94 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 64.30% Memory free
4.00 Gb Paging File | 3.38 Gb Available in Paging File | 84.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 26.08 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Drive D: | 106.31 Gb Total Space | 29.35 Gb Free Space | 27.61% Space Free | Partition Type: NTFS
Drive E: | 391.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 232.83 Gb Total Space | 224.96 Gb Free Space | 96.62% Space Free | Partition Type: FAT32

Computer Name: STUDY
Current User Name: Luke
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3284150126-2932492283-1699799664-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{899888A9-ADA0-40AC-8F65-BA2F3582804A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{905DA6F2-2320-4C0C-A60C-842D144F320D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{63AFBA05-4587-4E3F-9515-ED364582B9BA}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{64576B07-D9C3-4561-BD55-E4EF0C5FBBA2}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{6A979EDC-6A65-4B4C-B503-BA225958AD22}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{77E97CA5-58FB-4A38-A0B2-0AABE7D6485B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7F4BF1CA-79F1-4646-A87C-81645A0559E5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{8B3703EC-A8C5-4382-9BFF-29C874E58C0C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9BD8F0FA-72BF-4A97-86B2-434C0E92FB5F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{B17CCE19-0839-42E2-B629-0045530011BE}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B3DDE9DB-6DA5-400C-B230-5057A9603508}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFDEBEC8-E89D-4182-9710-09CFA3F335A2}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{A51244CB-F605-41E5-A82A-A9CB67A474BB}C:\users\luke\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\luke\program files\dna\btdna.exe |
"TCP Query User{B0D18FBC-EEBC-48C8-858E-4C14597DE5DE}C:\users\luke\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\luke\program files\dna\btdna.exe |
"UDP Query User{60005070-3959-47D3-953D-70F65E30AB1D}C:\users\luke\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\luke\program files\dna\btdna.exe |
"UDP Query User{C03BA222-7A7A-46FD-93D1-4402B540FF6D}C:\users\luke\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\luke\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ACCEC3BD-FFCA-4146-8587-17650B86165B}" = D-Link DSL-302G USB Driver
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Gadwin PrintScreen Professional" = Gadwin PrintScreen Professional
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ObjectDock" = ObjectDock
"OptusNet DSL" = OptusNet DSL
"Shop for HP Supplies" = Shop for HP Supplies
"SNXSer" = Multi-I/O Card Uninstall
"Tablet Driver" = Tablet
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3284150126-2932492283-1699799664-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/07/2009 10:59:51 AM | Computer Name = Study | Source = VSS | ID = 8194
Description =

Error - 20/07/2009 11:01:04 AM | Computer Name = Study | Source = EventSystem | ID = 4622
Description =

Error - 20/07/2009 11:01:04 AM | Computer Name = Study | Source = EventSystem | ID = 4622
Description =

Error - 20/07/2009 10:20:38 PM | Computer Name = Study | Source = EventSystem | ID = 4621
Description =

Error - 21/07/2009 10:12:44 AM | Computer Name = Study | Source = Google Update | ID = 20
Description =

Error - 22/07/2009 8:13:00 AM | Computer Name = Study | Source = EventSystem | ID = 4622
Description =

Error - 22/07/2009 8:13:00 AM | Computer Name = Study | Source = EventSystem | ID = 4622
Description =

Error - 22/07/2009 8:13:00 AM | Computer Name = Study | Source = EventSystem | ID = 4621
Description =

Error - 22/07/2009 11:27:09 PM | Computer Name = Study | Source = Application Hang | ID = 1002
Description = The program VRT592E.tmp version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c68 Start Time: 01ca0b44cac466a8 Termination Time: 7

Error - 23/07/2009 4:37:34 AM | Computer Name = Study | Source = Application Hang | ID = 1002
Description = The program ehshell.exe version 6.0.6000.16386 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: d58 Start Time: 01ca0b45a9364fdc Termination Time: 31

[ System Events ]
Error - 19/07/2009 8:03:58 PM | Computer Name = Study | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:01:27 AM on 20/07/2009 was unexpected.

Error - 20/07/2009 2:09:15 AM | Computer Name = Study | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=141735

Scan
ID: {FDAD48FA-9B41-4714-8604-10D1DC0383E6} User: Study\Dad Name: Adware:Win32/Digfast.A

ID:
141735 Severity ID: 2 Category ID: 1 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508022 Error description: To finish removing spyware and other potentially unwanted
software, restart the computer.

Error - 20/07/2009 2:10:39 AM | Computer Name = Study | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=141735

Scan
ID: {9F8337BB-057B-42C2-9900-EAEEFCC71461} User: Study\Dad Name: Adware:Win32/Digfast.A

ID:
141735 Severity ID: 2 Category ID: 1 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508022 Error description: To finish removing spyware and other potentially unwanted
software, restart the computer.

Error - 20/07/2009 2:11:09 AM | Computer Name = Study | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=141735

Scan
ID: {DBDC8D90-F306-463F-BF9C-BDCAC64CED54} User: Study\Dad Name: Adware:Win32/Digfast.A

ID:
141735 Severity ID: 2 Category ID: 1 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508022 Error description: To finish removing spyware and other potentially unwanted
software, restart the computer.

Error - 20/07/2009 2:12:08 AM | Computer Name = Study | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=141735

Scan
ID: {1D898C0B-A344-420B-8A94-07D37897B7D9} User: Study\Dad Name: Adware:Win32/Digfast.A

ID:
141735 Severity ID: 2 Category ID: 1 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508022 Error description: To finish removing spyware and other potentially unwanted
software, restart the computer.

Error - 20/07/2009 4:03:37 AM | Computer Name = Study | Source = Service Control Manager | ID = 7022
Description =

Error - 20/07/2009 11:00:08 AM | Computer Name = Study | Source = WinDefend | ID = 3006
Description = %%827 Real-Time Protection agent has encountered an error when taking
action on spyware or other potentially unwanted software. For more information please
see the following: http://go.microsoft.com/fwlink/?linkid=370...threatid=131726

Scan
ID: {E89B66AC-5399-403A-8EFC-57605159253F} User: Study\Dad Name: Trojan:Win32/Vundo.gen!AN

ID:
131726 Severity ID: 5 Category ID: 8 Path: Alert Type: %%805 Action: %%811 Error Code:
0x80508022 Error description: To finish removing spyware and other potentially unwanted
software, restart the computer.

Error - 22/07/2009 11:18:58 PM | Computer Name = Study | Source = Microsoft-Windows-Kernel-WHEA | ID = 12
Description =

Error - 22/07/2009 11:19:35 PM | Computer Name = Study | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:15:59 PM on 23/07/2009 was unexpected.

Error - 23/07/2009 5:21:10 AM | Computer Name = Study | Source = Service Control Manager | ID = 7022
Description =


< End of report >






By the way, the computer went to a blue screen before (not THE blue screen) It said something about memory dump and had a percentage, it was fairly quick, so I didn't get to read much of it. Once 100% was reached it restarted the computer. Now Google Chrome won't work. Thanks _temp_!

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 23 July 2009 - 12:55 PM

Heya Luk3y,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Your logs also indicate that the infection is possibly spreading via flash drives, please do not connect any device, that you used on your infected PC, to other PCs, as this might infect them as well.

We will focus on getting your PC clean for now, before trying to fix your problem with chrome.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
and run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please post back the two logs in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 27 July 2009 - 02:49 AM

It never prompted me to instal Active X. I tried to follow the next few steps but there is no Scan Settings.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 27 July 2009 - 03:23 AM

Hi,

if Kaspersky doesn't work, please try Eset:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Uncheck remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please make sure, you untick the remove found threats box.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 27 July 2009 - 03:56 AM

Hey _temp_, This might be a bit late/stupid but should I plug in any external/usb drives that I use with this computer?

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 27 July 2009 - 04:08 AM

Hi,

no, this is fine. We will take care of the external drives/flash drive seperately. Please do not connect any flash drives that you used on this computer to clean PCs for now, you might infect them.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 27 July 2009 - 04:24 PM

Again, thanks so much mate!

C:\Program Files\IDETOOL\IDETOOL.EXE Win32/Virut.NBP virus
C:\Users\Clare\AppData\Local\Temp\VRT12A8.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Clare\AppData\Local\Temp\VRT5439.tmp a variant of Win32/TrojanDownloader.FakeAlert.AFK trojan
C:\Users\Clare\AppData\Local\Temp\VRT5FD3.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Clare\AppData\Local\Temp\VRT65E8.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Clare\AppData\Local\Temp\VRT8C65.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Clare\AppData\Roaming\pridl\pridl.exe probably a variant of Win32/TrojanDownloader.Agent.OOL trojan
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB4QG9ZN\163[1].net probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB4QG9ZN\8737[1].pdf PDF/Exploit.Pidief.OJS.Gen trojan
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELW2K5NF\156[1].net probably unknown NewHeur_PE virus
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELW2K5NF\dfuninstaller.prod.v14000.18mar2009.exe[1].10b9665cc5f98c037e9b8dcc0e88929e probably a variant of Win32/Genetik trojan
C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R88FD2C2\f2[1].htm JS/TrojanDownloader.SWFlash.NAO trojan
C:\Users\Dad\AppData\Local\Temp\uninstall.exe Win32/Virut.NBP virus
C:\Users\Dad\AppData\Local\Temp\VRT1F6A.tmp a variant of Win32/Kryptik.XS trojan
C:\Users\Dad\AppData\Local\Temp\VRT3736.tmp a variant of Win32/TrojanDownloader.FakeAlert.AFK trojan
C:\Users\Dad\AppData\Local\Temp\VRT38DA.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRT58.tmp probably unknown NewHeur_PE virus
C:\Users\Dad\AppData\Local\Temp\VRT5984.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRT7174.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRT81FD.tmp a variant of Win32/TrojanDownloader.FakeAlert.AFK trojan
C:\Users\Dad\AppData\Local\Temp\VRT8818.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRT90D8.tmp a variant of Win32/TrojanDownloader.FakeAlert.AFK trojan
C:\Users\Dad\AppData\Local\Temp\VRT97B2.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRT9FF5.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRTA7B4.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRTB3B.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRTB656.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRTDDC9.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRTE19B.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\VRTF800.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Dad\AppData\Local\Temp\__5CF4.tmp probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Users\Dad\AppData\Local\Temp\__9D86.tmp probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Users\Dad\AppData\Roaming\pridl\pridl.exe probably a variant of Win32/TrojanDownloader.Agent.OOL trojan
C:\Users\Dad\AppData\Roaming\pridl\pridl.exe2505 probably a variant of Win32/TrojanDownloader.Agent.OOL trojan
C:\Users\Dad\AppData\Roaming\pridl\pridl.exe4554 probably a variant of Win32/TrojanDownloader.Agent.OOL trojan
C:\Users\Dad\AppData\Roaming\pridl\pridl.exe5983 probably a variant of Win32/TrojanDownloader.Agent.OOL trojan
C:\Users\Luke\AppData\Local\Temp\VRT17E8.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRT1931.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRT592E.tmp a variant of Win32/TrojanDownloader.FakeAlert.AFK trojan
C:\Users\Luke\AppData\Local\Temp\VRT754A.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRT7593.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRT7D41.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRT8A30.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRTC2BE.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\VRTF509.tmp Win32/TrojanDownloader.Nurech.NCN trojan
C:\Users\Luke\AppData\Local\Temp\__7DB2.tmp probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Users\Luke\AppData\Roaming\pridl\pridl.exe probably a variant of Win32/TrojanDownloader.Agent.OOL trojan
C:\Users\Luke\Downloads\driver_detective_6.4.1.3_key.exe Win32/Virut.NBP virus
C:\Users\Luke\Downloads\OTL.exe Win32/Virut.NBP virus
C:\Users\Luke\Downloads\ad1980_1888_51225280_64bit\64bit\devsetup.exe Win32/Virut.NBP virus
C:\Users\Luke\Downloads\ad1980_1888_51225280_64bit\64bit\Sys\DSndUp.exe Win32/Virut.NBP virus
D:\claire\downloads\SmileyCentralPFSetup2.3.50.22.ZNman000.exe.download Win32/Toolbar.MyWebSearch application
D:\claire\SCHOOL\year 12\Autodesk Student Community Download Tool\ADT.exe Win32/Virut.NBP virus
D:\claire\SCHOOL\year 12\Autodesk Student Community Download Tool\ADT.vshost.exe Win32/Virut.NBP virus
D:\Lukes\Desktop\WH.exe Win32/Virut.NBP virus
D:\Lukes\Desktop\Junk\iPodWizard.exe Win32/Virut.NBP virus
D:\Lukes\Desktop\selectorbarhex\HexEdit\HexEdit.exe Win32/Virut.NBP virus
D:\Lukes\Desktop\winhex\WinHex.exe Win32/Virut.NBP virus
D:\Lukes\Downloads\Adobe Photoshop CS4 Extended KeyGen [RkChimaira]\Adobe Photoshop CS4 KeyGen [RkChimaira].exe Win32/Virut.NBP virus
D:\Lukes\Emulators\ZSNES\zsnesw.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\HandyTweakers.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\DCU - 5-5-09\New Folder\Setup.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\DCU - 5-5-09\NoPE\adobe.photoshop.cs4.x32-nope.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\DCU - 5-5-09\NoPE\adobe.photoshop.cs4.x64-ENGiNE.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\DCU - 5-5-09\OS\SimpleOS.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\DCU - 5-5-09\OS\bin\ipkz.exe Win32/Virut.NBP virus
D:\Lukes\MYDOCS\desktop\DCU - 5-5-09\slider\Slider.exe Win32/Virut.NBP virus
D:\Lukes\Other\CS3\Adobe CS3 - Cracks\Adobe Photoshop CS3\Photoshop.exe Win32/Virut.NBP virus
D:\Lukes\Other\CS3\Adobe Premiere Pro CS3\Setup.exe Win32/Virut.NBP virus
D:\Lukes\Other\CS3\PowerISO 3.7\PowerISO_keygen.exe Win32/Virut.NBP virus
D:\Lukes\XP\My Documents\Downloads\programs\AntiBrontokA-en.exe Win32/Virut.NBP virus
D:\Lukes\XP\My Documents\Downloads\programs\mc_setup.exe Win32/Virut.NBP virus
D:\Lukes\XP\My Documents\Downloads\programs\Setup.exe Win32/Virut.NBP virus
D:\Lukes\XP\My Documents\Downloads\programs\Guitar Pro 5\GP5.exe Win32/Virut.NBP virus
D:\Lukes\XP\My Documents\Downloads\programs\Guitar Pro 5\GPOnline.exe Win32/Virut.NBP virus
D:\Lukes\XP\My Documents\Downloads\programs\radio.blog.3.1\creat.sound\bin\lame.exe Win32/Virut.NBP virus
Operating memory probably a variant of Win32/TrojanDownloader.Agent.OOL trojan

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 27 July 2009 - 05:08 PM

Hey,

I was hoping to bring this to a happy end, since the initial scans came back clean, but you are out of luck, sorry. :thumbup2:

C:\Users\Luke\Downloads\driver_detective_6.4.1.3_key.exe Win32/Virut.NBP virus
D:\Lukes\Downloads\Adobe Photoshop CS4 Extended KeyGen [RkChimaira]\Adobe Photoshop CS4 KeyGen [RkChimaira].exe Win32/Virut.NBP virus
D:\Lukes\Other\CS3\Adobe CS3 - Cracks\Adobe Photoshop CS3\Photoshop.exe Win32/Virut.NBP virus
D:\Lukes\Other\CS3\PowerISO 3.7\PowerISO_keygen.exe Win32/Virut.NBP virus

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/


When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

And this is exactly what happened in this case. You got the "worst infection" so to say:

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:If you insist on trying to fix this infection instead of following our advice to reformat and reinstall your operating system, there are various rescue disks available from major anti-virus vendors which you can try. Keep in mind, even the vendors like Kaspersky say there is no guarantee that some files will not get corrupted during the disinfection process. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove infected files. IMO the safest and easiest thing to do is just reformat and reinstall Windows.

Bleeping Computer DOES NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

My advice to you, Luk3y, is to reformat and reinstall. Virut is a nasty and relatively new infection and no-one can promise that the fix will work completely. Bleeping Computer does not recommend that you attempt it.

I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc..
Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.


Note: If you have to backup files, do so only for MS Office documents & any non executable file. Burn them to CD/DVD. Do NOT copy files from the infected machine to your pendrive OR another machine. You risk infecting the other machine.


Virut is not disinfectable. Your only option is to perform a full reformat. Do NOT attempt a repair install. It shall be a waste of time. If you do so, the infected executables remain on the machine & you shall likely trigger another bout of Virut.

If you do not know how to perform a fresh install, use this websites and read for instructions how to format and reinstall Windows
:

http://web.mit.edu/ist/products/winxp/adva...all-format.html

http://www.windowsreinstall.com/


If I were you, I wouldn't make any backups and use the clean backups you have.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Luk3y

Luk3y
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:11 AM

Posted 28 July 2009 - 05:50 AM

Thanks dude. I thought this might be the only way, *sigh*.

Is there any way to re-use html etc files? Since I am a graphic designer this really sucks, I have many, many websites I've created.


Hmmm this sucks.



Thanks again.


Oh yeah and about the external devices. Just get rid of that stuff too?

Edited by Luk3y, 28 July 2009 - 06:52 AM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:11 PM

Posted 28 July 2009 - 09:13 AM

Hi, :thumbup2:

I would highly advise you not to backup your html files, especially since you already know, that they have been compromised. (if you get a chance also check, that your sites are clean and you haven't uploaded infected files)

If you still want to recover the html files, I would advise that you use on of the mentioned rescue-cds, eg the one from DrWeb, and check if they pick up the infected html-files and if they can clean them.


You can do the following to prevent infection from your flash drives:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

This will prevent that a script can be run from your flash drive automatically, so connecting those drive to other PCs won't be dangerous. It will however not clean virut. So any *.exe, *.scr, *.html on those drives still will be dangerous.
Either do this on your infected PC, or, if you have to connect the flash drives to a clean PC, make sure that you hold the shift-key down, while you connect them, to prevent scripts from being executed.


regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users