Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Unable to recognize External Hard drive


  • This topic is locked This topic is locked
5 replies to this topic

#1 K()nT3nTs

K()nT3nTs

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:20 AM

Posted 11 August 2009 - 01:37 AM

My External Hard Drive is suddenly not been recognized by my computer. I want to rule out virus before I do some extensive efforts to get my data back.

Attached is a picture of what came up on my Spybot report. I did not remove the problems just in case I have other steps to take first.


Below is my Hijack this report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:56 PM, on 8/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:WindowsvVX3000.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:WindowsvVX3000.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)StardockObjectDockObjectDock.exe
C:Program Files (x86)Microsoft OfficeOFFICE11OUTLOOK.EXE
C:Program Files (x86)Microsoft OfficeOFFICE11WINWORD.EXE
C:Program Files (x86)Windows Media Playerwmplayer.exe
C:Program Files (x86)Windows Media Playerwmplayer.exe
C:Program Files (x86)Electronic ArtsEADMCore.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Trend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,C:Windowssystem32twext.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG8avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: TBSB01419 - {714758BE-281E-4BDA-9190-413BFBD3399B} - C:Program Files (x86)IESurfBarSurfLite Toolbardyn_surflite_aff_1000.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:Program Files (x86)IESurfBarSurfLite Toolbardyn_surflite_aff_1000.dll
O4 - HKCU..Run: [msnmsgr] "C:Program Files (x86)Windows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [Lsass Service] C:UsersAllenAppDataLocalTemp59041.exe
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-21-4169808711-1242010007-3904342873-1005..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun (User 'Administrator2')
O4 - Startup: Stardock ObjectDock.lnk = C:Program Files (x86)StardockObjectDockObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:Program FilesLogitechDesktop Messenger8876480ProgramGAPlugProtocol-8876480.dll
O21 - SSODL: ieModule - {C5F7B349-9DFB-456F-8FA3-0EECC6E18334} - C:ProgramDataApplication DataMicrosoftInternet ExplorerDLLsieModule.dll (file missing)
O21 - SSODL: InternetConnection - {CBD50F71-DF8D-4CBE-A820-FB78EB598E53} - C:ProgramDataApplication DataMicrosoftInternet ExplorerDLLslohcjjjkva.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program Files (x86)LavasoftAd-Awareaawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:Program Files (x86)Common FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:Program Files (x86)iPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:Windowssystem32PnkBstrB.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

--
End of file - 9642 bytes

Items in Spybot are now not coming up in scan.... In addition my Restore points are all gone.... starting to think something is definitely infected...

Merged posts. ~ OB

Edited by Orange Blossom, 13 August 2009 - 04:40 PM.


BC AdBot (Login to Remove)

 


#2 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:20 AM

Posted 21 August 2009 - 01:50 PM

Its been over a week. Not sure what to do....

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 21 August 2009 - 11:28 PM.


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:20 AM

Posted 22 August 2009 - 03:49 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 K()nT3nTs

K()nT3nTs
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SoCal
  • Local time:05:20 AM

Posted 22 August 2009 - 07:43 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Allen at 2009-08-22 17:40:51
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 306 GB (51%) free of 605 GB
Total RAM: 8190 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:58 PM, on 8/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\hp\support\hpsysdrv.exe
C:\Users\Allen\AppData\Roaming\HP SureStore Application\UACToken.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\twhirl\twhirl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Allen\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Allen.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,C:\Windows\system32\twext.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: TBSB01419 - {714758BE-281E-4BDA-9190-413BFBD3399B} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: IE Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA68} - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Lsass Service] C:\Users\Allen\AppData\Local\Temp\59041.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BTBFirstRun] C:\Program Files (x86)\Hewlett-Packard\SDP\hprun.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: ieModule - {C5F7B349-9DFB-456F-8FA3-0EECC6E18334} - C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (file missing)
O21 - SSODL: InternetConnection - {CBD50F71-DF8D-4CBE-A820-FB78EB598E53} - C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\lohcjjjkva.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9789 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{393DFD18-3185-401D-8AB5-3566280D111E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{714758BE-281E-4BDA-9190-413BFBD3399B}]
TBSB01419 Class - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll [2008-06-07 2404352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{6226BA26-C017-4007-928C-DE9715C6FA68} - IE Toolbar - C:\Program Files (x86)\IESurfBar\SurfLite Toolbar\dyn_surflite_aff_1000.dll [2008-06-07 2404352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2009-07-24 118624]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"= []
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2008-12-31 5724184]
"CubeDesktop"= []
"Lsass Service"=C:\Users\Allen\AppData\Local\Temp\59041.exe []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"BTBFirstRun"=C:\Program Files (x86)\Hewlett-Packard\SDP\hprun.exe [2007-07-19 20480]

C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebProxy -
ieModule - {C5F7B349-9DFB-456F-8FA3-0EECC6E18334} - C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll []
InternetConnection - {CBD50F71-DF8D-4CBE-A820-FB78EB598E53} - C:\ProgramData\Application Data\Microsoft\Internet Explorer\DLLs\lohcjjjkva.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"

======List of files/folders created in the last 1 months======

2009-08-22 17:40:51 ----D---- C:\rsit
2009-08-21 19:00:55 ----D---- C:\Users\Allen\AppData\Roaming\HP SureStore Application
2009-08-19 21:52:32 ----A---- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2009-08-18 12:53:11 ----D---- C:\Windows\system32\vi-VN
2009-08-18 12:53:11 ----D---- C:\Windows\system32\eu-ES
2009-08-18 12:53:11 ----D---- C:\Windows\system32\ca-ES
2009-08-18 12:33:22 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-08-18 12:33:17 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-08-18 12:33:16 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-08-18 12:33:13 ----A---- C:\Windows\system32\SLCExt.dll
2009-08-18 12:33:11 ----A---- C:\Windows\system32\mssrch.dll
2009-08-18 12:33:09 ----A---- C:\Windows\system32\WscEapPr.dll
2009-08-18 12:33:09 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-08-18 12:33:07 ----A---- C:\Windows\system32\tquery.dll
2009-08-18 12:33:05 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-08-18 12:33:04 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-08-18 12:33:04 ----A---- C:\Windows\system32\RMActivate.exe
2009-08-18 12:33:03 ----A---- C:\Windows\system32\msi.dll
2009-08-18 12:33:02 ----A---- C:\Windows\system32\secproc_isv.dll
2009-08-18 12:33:02 ----A---- C:\Windows\system32\imapi2fs.dll
2009-08-18 12:33:01 ----A---- C:\Windows\system32\icardagt.exe
2009-08-18 12:33:00 ----A---- C:\Windows\system32\mf.dll
2009-08-18 12:32:58 ----A---- C:\Windows\system32\spwizui.dll
2009-08-18 12:32:58 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-08-18 12:32:56 ----A---- C:\Windows\system32\spreview.exe
2009-08-18 12:32:56 ----A---- C:\Windows\system32\spinstall.exe
2009-08-18 12:32:55 ----A---- C:\Windows\system32\drmv2clt.dll
2009-08-18 12:32:54 ----A---- C:\Windows\system32\shell32.dll
2009-08-18 12:32:54 ----A---- C:\Windows\system32\secproc.dll
2009-08-18 12:32:52 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-08-18 12:32:52 ----A---- C:\Windows\system32\p2psvc.dll
2009-08-18 12:32:52 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-08-18 12:32:52 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-08-18 12:32:51 ----A---- C:\Windows\system32\mssvp.dll
2009-08-18 12:32:49 ----A---- C:\Windows\system32\mscoree.dll
2009-08-18 12:32:49 ----A---- C:\Windows\system32\kernel32.dll
2009-08-18 12:32:48 ----A---- C:\Windows\system32\ntdll.dll
2009-08-18 12:32:48 ----A---- C:\Windows\system32\mssphtb.dll
2009-08-18 12:32:48 ----A---- C:\Windows\system32\mssph.dll
2009-08-18 12:32:48 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-08-18 12:32:47 ----A---- C:\Windows\system32\imapi2.dll
2009-08-18 12:32:45 ----A---- C:\Windows\system32\sdohlp.dll
2009-08-18 12:32:44 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-08-18 12:32:44 ----A---- C:\Windows\system32\esent.dll
2009-08-18 12:32:44 ----A---- C:\Windows\system32\DevicePairing.dll
2009-08-18 12:32:43 ----A---- C:\Windows\system32\sperror.dll
2009-08-18 12:32:43 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-08-18 12:32:43 ----A---- C:\Windows\system32\korwbrkr.dll
2009-08-18 12:32:42 ----A---- C:\Windows\system32\SLC.dll
2009-08-18 12:32:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-08-18 12:32:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-08-18 12:32:42 ----A---- C:\Windows\system32\msshsq.dll
2009-08-18 12:32:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-08-18 12:32:41 ----A---- C:\Windows\system32\msxml6.dll
2009-08-18 12:32:41 ----A---- C:\Windows\system32\msjet40.dll
2009-08-18 12:32:41 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-08-18 12:32:40 ----A---- C:\Windows\system32\Query.dll
2009-08-18 12:32:39 ----A---- C:\Windows\system32\user32.dll
2009-08-18 12:32:39 ----A---- C:\Windows\system32\msexch40.dll
2009-08-18 12:32:39 ----A---- C:\Windows\system32\EhStorShell.dll
2009-08-18 12:32:38 ----A---- C:\Windows\system32\srchadmin.dll
2009-08-18 12:32:38 ----A---- C:\Windows\system32\P2PGraph.dll
2009-08-18 12:32:38 ----A---- C:\Windows\system32\ole32.dll
2009-08-18 12:32:38 ----A---- C:\Windows\system32\IasMigReader.exe
2009-08-18 12:32:38 ----A---- C:\Windows\explorer.exe
2009-08-18 12:32:37 ----A---- C:\Windows\system32\msxml3.dll
2009-08-18 12:32:37 ----A---- C:\Windows\system32\mmc.exe
2009-08-18 12:32:37 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-08-18 12:32:37 ----A---- C:\Windows\system32\gdi32.dll
2009-08-18 12:32:37 ----A---- C:\Windows\system32\EncDec.dll
2009-08-18 12:32:37 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-08-18 12:32:36 ----A---- C:\Windows\system32\riched20.dll
2009-08-18 12:32:36 ----A---- C:\Windows\system32\Magnify.exe
2009-08-18 12:32:36 ----A---- C:\Windows\system32\fdBth.dll
2009-08-18 12:32:35 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-08-18 12:32:35 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-08-18 12:32:35 ----A---- C:\Windows\system32\RacEngn.dll
2009-08-18 12:32:35 ----A---- C:\Windows\system32\milcore.dll
2009-08-18 12:32:35 ----A---- C:\Windows\system32\CertEnroll.dll
2009-08-18 12:32:35 ----A---- C:\Windows\system32\bcrypt.dll
2009-08-18 12:32:34 ----A---- C:\Windows\system32\spoolss.dll
2009-08-18 12:32:34 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-08-18 12:32:33 ----A---- C:\Windows\system32\Storprop.dll
2009-08-18 12:32:33 ----A---- C:\Windows\system32\msvcp60.dll
2009-08-18 12:32:33 ----A---- C:\Windows\system32\msjtes40.dll
2009-08-18 12:32:33 ----A---- C:\Windows\system32\gpedit.dll
2009-08-18 12:32:32 ----A---- C:\Windows\system32\infocardapi.dll
2009-08-18 12:32:32 ----A---- C:\Windows\system32\es.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\WMPhoto.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\WebClnt.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\slwmi.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\mstext40.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\msexcl40.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\comsvcs.dll
2009-08-18 12:32:31 ----A---- C:\Windows\system32\advapi32.dll
2009-08-18 12:32:30 ----A---- C:\Windows\system32\vssapi.dll
2009-08-18 12:32:30 ----A---- C:\Windows\system32\msxbde40.dll
2009-08-18 12:32:30 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-08-18 12:32:30 ----A---- C:\Windows\system32\authui.dll
2009-08-18 12:32:29 ----A---- C:\Windows\system32\PresentationHost.exe
2009-08-18 12:32:29 ----A---- C:\Windows\system32\msrepl40.dll
2009-08-18 12:32:28 ----A---- C:\Windows\system32\propsys.dll
2009-08-18 12:32:28 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-18 12:32:28 ----A---- C:\Windows\system32\newdev.dll
2009-08-18 12:32:28 ----A---- C:\Windows\system32\iasrecst.dll
2009-08-18 12:32:28 ----A---- C:\Windows\system32\eudcedit.exe
2009-08-18 12:32:27 ----A---- C:\Windows\system32\setupapi.dll
2009-08-18 12:32:27 ----A---- C:\Windows\system32\mspbde40.dll
2009-08-18 12:32:27 ----A---- C:\Windows\system32\explorer.exe
2009-08-18 12:32:27 ----A---- C:\Windows\system32\crypt32.dll
2009-08-18 12:32:26 ----A---- C:\Windows\system32\d3d9.dll
2009-08-18 12:32:25 ----A---- C:\Windows\system32\shlwapi.dll
2009-08-18 12:32:25 ----A---- C:\Windows\system32\msrd3x40.dll
2009-08-18 12:32:25 ----A---- C:\Windows\system32\msltus40.dll
2009-08-18 12:32:25 ----A---- C:\Windows\system32\mfc42.dll
2009-08-18 12:32:25 ----A---- C:\Windows\system32\davclnt.dll
2009-08-18 12:32:24 ----A---- C:\Windows\system32\wevtapi.dll
2009-08-18 12:32:24 ----A---- C:\Windows\system32\photowiz.dll
2009-08-18 12:32:24 ----A---- C:\Windows\system32\nlhtml.dll
2009-08-18 12:32:24 ----A---- C:\Windows\system32\browseui.dll
2009-08-18 12:32:22 ----A---- C:\Windows\system32\win32spl.dll
2009-08-18 12:32:22 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-08-18 12:32:22 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-08-18 12:32:22 ----A---- C:\Windows\system32\quartz.dll
2009-08-18 12:32:22 ----A---- C:\Windows\system32\oleaut32.dll
2009-08-18 12:32:21 ----A---- C:\Windows\system32\xmlfilter.dll
2009-08-18 12:32:21 ----A---- C:\Windows\system32\winhttp.dll
2009-08-18 12:32:21 ----A---- C:\Windows\system32\netshell.dll
2009-08-18 12:32:21 ----A---- C:\Windows\system32\mswstr10.dll
2009-08-18 12:32:21 ----A---- C:\Windows\system32\msctf.dll
2009-08-18 12:32:21 ----A---- C:\Windows\system32\apds.dll
2009-08-18 12:32:20 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-08-18 12:32:20 ----A---- C:\Windows\system32\msvcrt.dll
2009-08-18 12:32:20 ----A---- C:\Windows\system32\msrd2x40.dll
2009-08-18 12:32:20 ----A---- C:\Windows\system32\mfc42u.dll
2009-08-18 12:32:20 ----A---- C:\Windows\system32\eapphost.dll
2009-08-18 12:32:19 ----A---- C:\Windows\system32\propdefs.dll
2009-08-18 12:32:19 ----A---- C:\Windows\system32\odbc32.dll
2009-08-18 12:32:18 ----A---- C:\Windows\system32\WsmSvc.dll
2009-08-18 12:32:18 ----A---- C:\Windows\system32\wevtutil.exe
2009-08-18 12:32:18 ----A---- C:\Windows\system32\shdocvw.dll
2009-08-18 12:32:18 ----A---- C:\Windows\system32\mssitlb.dll
2009-08-18 12:32:18 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-08-18 12:32:18 ----A---- C:\Windows\system32\dbgeng.dll
2009-08-18 12:32:17 ----A---- C:\Windows\system32\usp10.dll
2009-08-18 12:32:17 ----A---- C:\Windows\system32\drvinst.exe
2009-08-18 12:32:16 ----A---- C:\Windows\system32\msctfp.dll
2009-08-18 12:32:16 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-08-18 12:32:16 ----A---- C:\Windows\system32\devmgr.dll
2009-08-18 12:32:15 ----A---- C:\Windows\system32\netlogon.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\WSDApi.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\Wldap32.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\wcnwiz.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\msscb.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\evr.dll
2009-08-18 12:32:14 ----A---- C:\Windows\system32\adsldpc.dll
2009-08-18 12:32:13 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-08-18 12:32:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-08-18 12:32:13 ----A---- C:\Windows\system32\wcncsvc.dll
2009-08-18 12:32:13 ----A---- C:\Windows\system32\services.exe
2009-08-18 12:32:13 ----A---- C:\Windows\system32\mimefilt.dll
2009-08-18 12:32:13 ----A---- C:\Windows\system32\comdlg32.dll
2009-08-18 12:32:13 ----A---- C:\Windows\system32\adtschema.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\taskeng.exe
2009-08-18 12:32:12 ----A---- C:\Windows\system32\rtffilt.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\reg.exe
2009-08-18 12:32:12 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\mswdat10.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\msjter40.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\msdtcprx.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\msdrm.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\dnsapi.dll
2009-08-18 12:32:12 ----A---- C:\Windows\system32\certutil.exe
2009-08-18 12:32:12 ----A---- C:\Windows\system32\certcli.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\rsaenh.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\msstrc.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\msshooks.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\msscntrs.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\msihnd.dll
2009-08-18 12:32:11 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-08-18 12:32:10 ----A---- C:\Windows\system32\netapi32.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\mtxclu.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\mscories.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\inetcomm.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\hidserv.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\gameux.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\fundisc.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\dfshim.dll
2009-08-18 12:32:10 ----A---- C:\Windows\system32\cryptsvc.dll
2009-08-18 12:32:09 ----A---- C:\Windows\system32\wdc.dll
2009-08-18 12:32:09 ----A---- C:\Windows\system32\shsvcs.dll
2009-08-18 12:32:09 ----A---- C:\Windows\system32\msiexec.exe
2009-08-18 12:32:09 ----A---- C:\Windows\system32\imm32.dll
2009-08-18 12:32:09 ----A---- C:\Windows\system32\imapi.dll
2009-08-18 12:32:09 ----A---- C:\Windows\system32\iassdo.dll
2009-08-18 12:32:09 ----A---- C:\Windows\system32\chsbrkr.dll
2009-08-18 12:32:08 ----A---- C:\Windows\system32\spcmsg.dll
2009-08-18 12:32:08 ----A---- C:\Windows\system32\slmgr.vbs
2009-08-18 12:32:08 ----A---- C:\Windows\system32\scrrun.dll
2009-08-18 12:32:08 ----A---- C:\Windows\system32\pnidui.dll
2009-08-18 12:32:08 ----A---- C:\Windows\system32\pdh.dll
2009-08-18 12:32:08 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-08-18 12:32:08 ----A---- C:\Windows\system32\autofmt.exe
2009-08-18 12:32:07 ----A---- C:\Windows\system32\wmpmde.dll
2009-08-18 12:32:07 ----A---- C:\Windows\system32\winlogon.exe
2009-08-18 12:32:07 ----A---- C:\Windows\system32\SyncCenter.dll
2009-08-18 12:32:07 ----A---- C:\Windows\system32\pidgenx.dll
2009-08-18 12:32:07 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-08-18 12:32:07 ----A---- C:\Windows\system32\azroles.dll
2009-08-18 12:32:06 ----A---- C:\Windows\system32\sethc.exe
2009-08-18 12:32:06 ----A---- C:\Windows\system32\ncrypt.dll
2009-08-18 12:32:06 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-08-18 12:32:06 ----A---- C:\Windows\system32\comuid.dll
2009-08-18 12:32:06 ----A---- C:\Windows\system32\certmgr.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\untfs.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\taskcomp.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\spp.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\scrobj.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\rtutils.dll
2009-08-18 12:32:05 ----A---- C:\Windows\system32\iassam.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-08-18 12:32:04 ----A---- C:\Windows\system32\userenv.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\printui.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\osk.exe
2009-08-18 12:32:04 ----A---- C:\Windows\system32\onex.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\mswsock.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\iasnap.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\cscript.exe
2009-08-18 12:32:04 ----A---- C:\Windows\system32\basecsp.dll
2009-08-18 12:32:04 ----A---- C:\Windows\system32\autoconv.exe
2009-08-18 12:32:04 ----A---- C:\Windows\system32\autochk.exe
2009-08-18 12:32:04 ----A---- C:\Windows\system32\audiodg.exe
2009-08-18 12:32:03 ----A---- C:\Windows\system32\WinSCard.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\winmm.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-08-18 12:32:03 ----A---- C:\Windows\system32\WerFault.exe
2009-08-18 12:32:03 ----A---- C:\Windows\system32\Utilman.exe
2009-08-18 12:32:03 ----A---- C:\Windows\system32\stobject.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\SndVol.exe
2009-08-18 12:32:03 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\RelMon.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\rdpencom.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\offfilt.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\msftedit.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\mfplat.dll
2009-08-18 12:32:03 ----A---- C:\Windows\system32\diskraid.exe
2009-08-18 12:32:03 ----A---- C:\Windows\system32\apphelp.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\wscript.exe
2009-08-18 12:32:02 ----A---- C:\Windows\system32\wscntfy.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\wlangpui.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\vdsdyn.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\ulib.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\rastls.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\rastapi.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\prnntfy.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\pnpsetup.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\odbccp32.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\msnetobj.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\mscms.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-08-18 12:32:02 ----A---- C:\Windows\system32\iashlpr.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\iasdatastore.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\gpapi.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\fdProxy.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\dsound.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\diskpart.exe
2009-08-18 12:32:02 ----A---- C:\Windows\system32\cryptui.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\AudioEng.dll
2009-08-18 12:32:02 ----A---- C:\Windows\system32\adsmsext.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\zipfldr.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\wusa.exe
2009-08-18 12:32:01 ----A---- C:\Windows\system32\wsnmp32.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\wshext.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-08-18 12:32:01 ----A---- C:\Windows\system32\wer.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\rasdlg.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\rasapi32.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\ntprint.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\netiohlp.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\netcenter.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\mscorier.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\logman.exe
2009-08-18 12:32:01 ----A---- C:\Windows\system32\iassvcs.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\iasrad.dll
2009-08-18 12:32:01 ----A---- C:\Windows\system32\findstr.exe
2009-08-18 12:32:00 ----A---- C:\Windows\system32\wlanhlp.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\tsbyuv.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\themecpl.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\systemcpl.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\sud.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\slcc.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\scansetting.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\powrprof.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\powercpl.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\pcaui.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\ntmarta.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\newdev.exe
2009-08-18 12:32:00 ----A---- C:\Windows\system32\networkmap.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\msutb.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\mstsc.exe
2009-08-18 12:32:00 ----A---- C:\Windows\system32\mstlsapi.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\mssprxy.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\icardres.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\iasads.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\iasacct.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\connect.dll
2009-08-18 12:32:00 ----A---- C:\Windows\system32\authz.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\wpcao.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\wlanpref.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\vdsutil.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\usercpl.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\themeui.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\tapisrv.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\scksp.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\samlib.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\rpchttp.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\regapi.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\qdvd.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\msinfo32.exe
2009-08-18 12:31:59 ----A---- C:\Windows\system32\mmci.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\feclient.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\autoplay.dll
2009-08-18 12:31:59 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\wscisvif.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\TSTheme.exe
2009-08-18 12:31:58 ----A---- C:\Windows\system32\tcpmon.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\spwinsat.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\scesrv.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\scecli.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\rekeywiz.exe
2009-08-18 12:31:58 ----A---- C:\Windows\system32\rasplap.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\rasgcw.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\qedit.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\psisdecd.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\perfdisk.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\oleprn.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\ncryptui.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\mpr.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\iaspolcy.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\hdwwiz.exe
2009-08-18 12:31:58 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-08-18 12:31:58 ----A---- C:\Windows\system32\fdWSD.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\Faultrep.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\dpapimig.exe
2009-08-18 12:31:58 ----A---- C:\Windows\system32\dot3msm.dll
2009-08-18 12:31:58 ----A---- C:\Windows\system32\cmmon32.exe
2009-08-18 12:31:58 ----A---- C:\Windows\system32\certreq.exe
2009-08-18 12:31:58 ----A---- C:\Windows\system32\AudioSes.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-08-18 12:31:57 ----A---- C:\Windows\system32\wlanui.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\wlanmsm.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\wiaaut.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\whealogr.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\shwebsvc.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\SCardSvr.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\rasppp.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\raschap.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\oobefldr.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\fontext.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\dsprop.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\dimsroam.dll
2009-08-18 12:31:57 ----A---- C:\Windows\system32\conime.exe
2009-08-18 12:31:57 ----A---- C:\Windows\system32\cmdial32.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\shsetup.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\rasmontr.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\netplwiz.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\mscandui.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\modemui.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\dataclen.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\credui.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\chtbrkr.dll
2009-08-18 12:31:56 ----A---- C:\Windows\system32\blackbox.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\WSDMon.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\wscapi.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\wpdwcn.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\wpcsvc.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\wmpeffects.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\thawbrkr.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\softkbd.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\sendmail.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\networkexplorer.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\msscp.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\msimtf.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\logagent.exe
2009-08-18 12:31:55 ----A---- C:\Windows\system32\InkEd.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\ifmon.dll
2009-08-18 12:31:55 ----A---- C:\Windows\system32\gpresult.exe
2009-08-18 12:31:55 ----A---- C:\Windows\system32\cipher.exe
2009-08-18 12:31:55 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\wshbth.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-08-18 12:31:54 ----A---- C:\Windows\system32\version.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\puiapi.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\olepro32.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\msisip.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\msctfui.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\mprapi.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\input.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\fc.exe
2009-08-18 12:31:54 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\dmsynth.dll
2009-08-18 12:31:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\wsdchngr.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\tscupgrd.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\slcinst.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\rrinstaller.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\rasdial.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\rasdiag.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\ocsetup.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\nslookup.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-08-18 12:31:53 ----A---- C:\Windows\system32\msjint40.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-08-18 12:31:53 ----A---- C:\Windows\system32\mmcico.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\mfps.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\mfpmp.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\l2nacp.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\ipconfig.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\hbaapi.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\ftp.exe
2009-08-18 12:31:53 ----A---- C:\Windows\system32\fdWCN.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\fdSSDP.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\fdeploy.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\eappgnui.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\eappcfg.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\eapp3hst.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\dot3cfg.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\dmusic.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\cscdll.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\cscapi.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-08-18 12:31:53 ----A---- C:\Windows\system32\bthudtask.exe
2009-08-18 12:31:52 ----A---- C:\Windows\system32\wmpps.dll
2009-08-18 12:31:52 ----A---- C:\Windows\system32\winrnr.dll
2009-08-18 12:31:52 ----A---- C:\Windows\system32\vdmdbg.dll
2009-08-18 12:31:52 ----A---- C:\Windows\system32\slwga.dll
2009-08-18 12:31:52 ----A---- C:\Windows\system32\odbcconf.dll
2009-08-18 12:31:52 ----A---- C:\Windows\system32\NcdProp.dll
2009-08-18 12:31:52 ----A---- C:\Windows\system32\gpupdate.exe
2009-08-18 12:31:51 ----A---- C:\Windows\system32\midimap.dll
2009-08-18 12:31:50 ----A---- C:\Windows\system32\msimsg.dll
2009-08-18 12:31:50 ----A---- C:\Windows\system32\mferror.dll
2009-08-18 12:31:50 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-08-18 12:31:42 ----A---- C:\Windows\system32\wdscore.dll
2009-08-18 12:31:41 ----A---- C:\Windows\system32\drvstore.dll
2009-08-16 19:32:22 ----D---- C:\Windows\system32\AGEIA
2009-08-16 19:32:22 ----D---- C:\Program Files (x86)\AGEIA Technologies
2009-08-16 19:26:24 ----D---- C:\Program Files (x86)\Eidos
2009-08-15 19:55:55 ----D---- C:\Users\Allen\AppData\Roaming\FFSJ
2009-08-15 19:52:13 ----D---- C:\Windows\system32\FFSJ
2009-08-15 19:52:13 ----A---- C:\Windows\unins000.exe
2009-08-15 15:47:51 ----D---- C:\Users\Allen\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2009-08-15 15:47:50 ----D---- C:\Program Files (x86)\twhirl
2009-08-15 15:47:26 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2009-08-13 23:21:37 ----D---- C:\Program Files (x86)\Microsoft LifeCam
2009-08-13 23:14:30 ----A---- C:\Windows\system32\wdigest.dll
2009-08-13 23:14:30 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-13 23:14:30 ----A---- C:\Windows\system32\kerberos.dll
2009-08-13 23:14:29 ----A---- C:\Windows\system32\secur32.dll
2009-08-13 23:14:29 ----A---- C:\Windows\system32\schannel.dll
2009-08-12 23:47:27 ----D---- C:\Program Files (x86)\Pinnacle Systems
2009-08-12 19:07:38 ----D---- C:\Users\Allen\AppData\Roaming\proDAD
2009-08-12 19:07:38 ----D---- C:\Program Files (x86)\proDAD
2009-08-12 19:07:32 ----A---- C:\Windows\unvise32.exe
2009-08-12 19:07:28 ----D---- C:\Program Files (x86)\LooksBuilderSE
2009-08-12 19:06:48 ----RA---- C:\Windows\system32\qtmlClient.dll
2009-08-12 19:06:48 ----A---- C:\Windows\system32\MtxPreview.dll
2009-08-12 19:06:48 ----A---- C:\Windows\system32\MtxParhBFXPreview.dll
2009-08-12 19:06:48 ----A---- C:\Windows\system32\CvoAPI.dll
2009-08-12 19:06:48 ----A---- C:\Windows\Graffiti5.2Pin.ini
2009-08-12 19:06:04 ----D---- C:\Program Files (x86)\Boris FX, Inc
2009-08-12 16:45:50 ----D---- C:\Program Files (x86)\Common Files\Pinnacle
2009-08-12 16:45:19 ----D---- C:\ProgramData\Pinnacle Studio Ultimate
2009-08-12 16:41:53 ----D---- C:\Program Files (x86)\Common Files\Yahoo!
2009-08-12 16:41:52 ----D---- C:\ProgramData\Studio 12
2009-08-12 16:41:52 ----D---- C:\ProgramData\Pinnacle Studio Plus
2009-08-12 16:41:52 ----D---- C:\Program Files (x86)\Pinnacle
2009-08-12 16:40:18 ----D---- C:\ProgramData\Pinnacle
2009-08-12 12:25:58 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-12 12:25:58 ----A---- C:\Windows\system32\mstscax.dll
2009-08-12 12:25:58 ----A---- C:\Windows\system32\aaclient.dll
2009-08-12 12:25:45 ----A---- C:\Windows\system32\atl.dll
2009-08-12 12:25:41 ----A---- C:\Windows\system32\avifil32.dll
2009-08-12 12:25:34 ----A---- C:\Windows\system32\wmp.dll
2009-08-12 12:25:32 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-12 12:25:31 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-12 12:25:31 ----A---- C:\Windows\system32\spwmp.dll
2009-08-12 12:25:31 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-12 10:44:47 ----A---- C:\Windows\ntbtlog.txt
2009-08-11 16:02:47 ----D---- C:\3d5eda004627d022e1c8273d8115
2009-08-11 15:58:46 ----D---- C:\83accc6b114254ebdcb911c4
2009-08-11 15:56:40 ----D---- C:\6eefbf5245a6f51a7800e8a3a6099b
2009-08-11 15:55:42 ----D---- C:\2cf8b2becced43e0c276b9c57a
2009-08-11 03:09:26 ----D---- C:\Users\Allen\AppData\Roaming\HP
2009-08-06 15:30:05 ----D---- C:\Program Files (x86)\Common Files\HP
2009-07-29 22:44:06 ----D---- C:\Program Files (x86)\iPod
2009-07-29 22:43:04 ----HD---- C:\Config.Msi
2009-07-28 16:16:37 ----A---- C:\Windows\system32\mshtml.dll
2009-07-28 16:16:36 ----A---- C:\Windows\system32\ieframe.dll
2009-07-28 16:16:35 ----A---- C:\Windows\system32\urlmon.dll
2009-07-28 16:16:35 ----A---- C:\Windows\system32\iertutil.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\wininet.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\occache.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\msfeedssync.exe
2009-07-28 16:16:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-28 16:16:34 ----A---- C:\Windows\system32\ieui.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\iesysprep.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\iepeers.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-28 16:16:34 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-28 16:16:33 ----A---- C:\Windows\system32\iesetup.dll
2009-07-28 16:16:33 ----A---- C:\Windows\system32\iernonce.dll
2009-07-23 18:57:06 ----A---- C:\Windows\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2009-08-22 17:17:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-08-22 17:14:07 ----D---- C:\Users\Allen\AppData\Roaming\BitTorrent
2009-08-22 03:49:56 ----SHD---- C:\System Volume Information
2009-08-21 23:10:30 ----D---- C:\Program Files (x86)\Steam
2009-08-21 19:01:14 ----D---- C:\Windows\System32
2009-08-21 19:01:14 ----D---- C:\Windows\inf
2009-08-21 19:00:58 ----D---- C:\Users\Allen\AppData\Roaming\ArcSoft
2009-08-21 18:59:53 ----D---- C:\Windows\Temp
2009-08-21 13:58:33 ----A---- C:\Windows\NeroDigital.ini
2009-08-20 12:21:17 ----SHD---- C:\Windows\Installer
2009-08-19 21:52:44 ----D---- C:\Users\Allen\AppData\Roaming\Ventrilo
2009-08-19 21:52:33 ----RD---- C:\Program Files
2009-08-19 21:52:32 ----D---- C:\Windows
2009-08-19 21:52:00 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-08-18 13:22:05 ----D---- C:\Windows\Microsoft.NET
2009-08-18 13:22:01 ----RSD---- C:\Windows\assembly
2009-08-18 13:19:45 ----D---- C:\Windows\rescache
2009-08-18 13:03:27 ----SHD---- C:\Boot
2009-08-18 12:54:35 ----D---- C:\Windows\Prefetch
2009-08-18 12:53:40 ----D---- C:\Program Files (x86)\Windows Sidebar
2009-08-18 12:53:40 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2009-08-18 12:53:40 ----D---- C:\Program Files (x86)\Windows Media Player
2009-08-18 12:53:40 ----D---- C:\Program Files (x86)\Windows Mail
2009-08-18 12:53:40 ----D---- C:\Program Files (x86)\Windows Calendar
2009-08-18 12:53:40 ----D---- C:\Program Files (x86)\Common Files\System
2009-08-18 12:53:39 ----D---- C:\Windows\servicing
2009-08-18 12:53:39 ----D---- C:\Windows\ehome
2009-08-18 12:53:36 ----D---- C:\Windows\system32\XPSViewer
2009-08-18 12:53:36 ----D---- C:\Windows\system32\sk-SK
2009-08-18 12:53:36 ----D---- C:\Windows\system32\lv-LV
2009-08-18 12:53:36 ----D---- C:\Windows\system32\ko-KR
2009-08-18 12:53:36 ----D---- C:\Windows\system32\hr-HR
2009-08-18 12:53:36 ----D---- C:\Windows\system32\et-EE
2009-08-18 12:53:36 ----D---- C:\Windows\system32\en-US
2009-08-18 12:53:36 ----D---- C:\Windows\system32\da-DK
2009-08-18 12:53:35 ----D---- C:\Windows\system32\zh-TW
2009-08-18 12:53:35 ----D---- C:\Windows\system32\zh-CN
2009-08-18 12:53:35 ----D---- C:\Windows\system32\uk-UA
2009-08-18 12:53:35 ----D---- C:\Windows\system32\tr-TR
2009-08-18 12:53:35 ----D---- C:\Windows\system32\th-TH
2009-08-18 12:53:35 ----D---- C:\Windows\system32\sv-SE
2009-08-18 12:53:35 ----D---- C:\Windows\system32\sr-Latn-CS
2009-08-18 12:53:35 ----D---- C:\Windows\system32\SLUI
2009-08-18 12:53:35 ----D---- C:\Windows\system32\sl-SI
2009-08-18 12:53:35 ----D---- C:\Windows\system32\setup
2009-08-18 12:53:35 ----D---- C:\Windows\system32\ru-RU
2009-08-18 12:53:35 ----D---- C:\Windows\system32\ro-RO
2009-08-18 12:53:35 ----D---- C:\Windows\system32\pt-PT
2009-08-18 12:53:35 ----D---- C:\Windows\system32\pl-PL
2009-08-18 12:53:35 ----D---- C:\Windows\system32\oobe
2009-08-18 12:53:35 ----D---- C:\Windows\system32\migration
2009-08-18 12:53:35 ----D---- C:\Windows\system32\manifeststore
2009-08-18 12:53:35 ----D---- C:\Windows\system32\ja-JP
2009-08-18 12:53:35 ----D---- C:\Windows\system32\it-IT
2009-08-18 12:53:35 ----D---- C:\Windows\system32\inetsrv
2009-08-18 12:53:35 ----D---- C:\Windows\system32\hu-HU
2009-08-18 12:53:35 ----D---- C:\Windows\system32\he-IL
2009-08-18 12:53:35 ----D---- C:\Windows\system32\fr-FR
2009-08-18 12:53:35 ----D---- C:\Windows\system32\fi-FI
2009-08-18 12:53:35 ----D---- C:\Windows\system32\es-ES
2009-08-18 12:53:35 ----D---- C:\Windows\system32\en
2009-08-18 12:53:35 ----D---- C:\Windows\system32\el-GR
2009-08-18 12:53:35 ----D---- C:\Windows\system32\de-DE
2009-08-18 12:53:35 ----D---- C:\Windows\system32\cs-CZ
2009-08-18 12:53:35 ----D---- C:\Windows\system32\bg-BG
2009-08-18 12:53:35 ----D---- C:\Windows\system32\AdvancedInstallers
2009-08-18 12:53:34 ----D---- C:\Windows\SysWOW64
2009-08-18 12:53:34 ----D---- C:\Windows\system32\wbem
2009-08-18 12:53:34 ----D---- C:\Windows\system32\pt-BR
2009-08-18 12:53:34 ----D---- C:\Windows\system32\nl-NL
2009-08-18 12:53:34 ----D---- C:\Windows\system32\nb-NO
2009-08-18 12:53:34 ----D---- C:\Windows\system32\migwiz
2009-08-18 12:53:34 ----D---- C:\Windows\system32\lt-LT
2009-08-18 12:53:34 ----D---- C:\Windows\system32\ar-SA
2009-08-18 12:53:27 ----D---- C:\Windows\IME
2009-08-18 12:53:16 ----RSD---- C:\Windows\Fonts
2009-08-18 12:53:16 ----D---- C:\Windows\AppPatch
2009-08-18 12:52:08 ----D---- C:\Windows\system32\RTCOM
2009-08-18 12:52:06 ----A---- C:\Windows\system.ini
2009-08-18 12:43:58 ----D---- C:\Windows\winsxs
2009-08-16 19:32:22 ----RD---- C:\Program Files (x86)
2009-08-16 19:26:24 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-08-16 16:50:47 ----D---- C:\Program Files (x86)\Camfrog
2009-08-15 15:47:26 ----D---- C:\Program Files (x86)\Common Files
2009-08-14 17:01:13 ----D---- C:\Users\Allen\AppData\Roaming\Skype
2009-08-13 23:31:38 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2009-08-12 16:45:19 ----HD---- C:\ProgramData
2009-08-11 19:07:31 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-08-11 19:06:34 ----D---- C:\Users\Allen\AppData\Roaming\Xfire
2009-08-11 17:59:06 ----D---- C:\Windows\pss
2009-08-10 16:06:51 ----D---- C:\Windows\Minidump
2009-08-10 14:52:16 ----D---- C:\ProgramData\HP
2009-08-06 23:40:20 ----D---- C:\Users\Allen\AppData\Roaming\Move Networks
2009-08-06 21:04:35 ----D---- C:\ProgramData\Xfire
2009-08-04 23:47:35 ----D---- C:\Users\Allen\AppData\Roaming\Vso
2009-08-03 22:06:06 ----D---- C:\Program Files (x86)\Xfire
2009-08-02 13:13:23 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-08-02 11:41:14 ----D---- C:\Users\Allen\AppData\Roaming\dvdcss
2009-07-29 22:44:10 ----D---- C:\Program Files (x86)\iTunes
2009-07-29 22:44:06 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-07-28 21:29:16 ----D---- C:\Program Files (x86)\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2008-05-15 486960]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CAXHWBS2;CAXHWBS2; C:\Windows\system32\DRIVERS\CAXHWBS2.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\CAX_DP.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 255424]
R3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr7364.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 VX3000;VX-3000; C:\Windows\system32\DRIVERS\VX3000.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbdax64.sys []
S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\Windows\system32\DRIVERS\atinavt2.sys []
S3 BTCFilterService;USB Networking Driver Filter Service; C:\Windows\system32\DRIVERS\motfilt.sys []
S3 copperhd;Razer Copperhead Driver; C:\Windows\system32\drivers\copperhd.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys []
S3 L8042Kbd;SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys []
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys []
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys []
S3 MAFW;MAFW; C:\Windows\system32\DRIVERS\mafw.sys []
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys []
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys []
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys []
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys []
S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys []
S3 Motousbnet;Motorola USB Networking Driver Service; C:\Windows\system32\DRIVERS\Motousbnet.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
S3 VST64_DPV;VST64_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 VST64HWBS2;VST64HWBS2; C:\Windows\system32\DRIVERS\VSTBS26.SYS []
S3 winusb;WinUsb Driver; C:\Windows\system32\DRIVERS\winusb.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2009-07-24 199008]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 NetPipeActivator;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 117592]
R2 NetTcpActivator;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 117592]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-04-17 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-08-11 189672]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-07-13 542496]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-08-19 72704]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-10 654848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-08-21 312568]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
S4 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S4 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2008-06-02 354840]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 160272]
S4 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Program Files (x86)\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]
S4 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S4 NetMsmqActivator;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-02-18 117592]
S4 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S4 TVService;TVService; C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe [2008-07-17 184320]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe []

-----------------EOF-----------------

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:20 AM

Posted 23 August 2009 - 04:51 PM

The following entries indicate that you have Punkbuster installed.

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe


Please see this link for information regarding PnkBstrA.exe and/or PnkBstrB.exe. and this thread in the Punkbuster Forums. If you have a version older than PB Client version 1.700, then the components could be causing a problem.

Are the new components optional?

Starting with PB Client version 1.700, the new components are required. Uninstalling and/or disabling the new components will cause PunkBuster to stop working correctly and will cause frequent kicking from PunkBuster enabled servers.
  • If you have a version older than PB Client version 1.700, then the files, PnkBstrA.exe and/or PnkBstrB.exe, could be causing a problem.
  • If you wish to uninstall the two files, then please download the this application.
  • Open the program above and click the Uninstall button. This will remove the PnkBstrA.exe and PnkBstrB.exe service.
  • Some may need to remove the registry entries.
  • Go to START > RUN. Type regedit.
  • Search in these parts:

    HKEY_LOCAL_MACHINE\SYSTEM\Controlset001\Services look for PnkBstrA PnkBstrB and PnkBstrK .. just right click on the folder listed on the left and delete.
    HKEY_LOCAL_MACHINE\SYSTEM\Controlset003\Services look for PnkBstrA PnkBstrB and PnkBstrK .. just right click on the folder listed on the left and delete.

  • PnkBstrK.sys is located in C:\windows\system32\drivers and it is safe to delete.

This is the issue with infections in relation to PunkBuster:

You have installed gaming tools. Some of these, like PunkBuster, use spyware techniques to engage in the anti-piracy battle. In the process, they take control of much of your computer and they actually meet the definition of spyware/malware. They are sometimes designed to prevent orderly removal or modification. It is not likely that your computer could be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games or worse.

Since we are dedicated to causing No Harm, normally, we will not work on computers with this type of program installed. If you want to continue using your computer in this way, you should consider using imaging software like Norton Ghost or Acronis or Terabyte Image which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe. If you really want to clean your computer, I will help, but if you so choose, understand there is NO assurance you will be able to do games afterwards.

Additional Information Regarding PunkBuster Enabled Games:
  • PunkBuster is not considered to be overtly malicious, but it is totally self-serving, even at the expense of user safety, and the risks and tactics that come with its use are not revealed in an open manner.
  • PunkBuster is tracking software which installs a server on the user's computer, establishes unique GUIDs, phones home, and sends screenshots.
  • Permission for PunkBuster to install and perform the tracking is assumed by them to be implicit in any associated gaming software installation. (Automatic installation during a request for something else.) This is characteristic of trojans.
  • PunkBuster appears to install itself secretly without warning on any computer that attempts to play certain online games.
  • There is no regular uninstaller. Why not? (There IS a special uninstaller-see link below.)
  • Some do not view the whole picture as healthy for anything but the game promoters.
  • PunkBuster requires elevated privileges to run on Vista.
  • The PunkBuster home site routinely suggests that users who have problems disable the antivirus applications and firewalls and change settings on their routers.
  • PunkBuster installs a kernel driver. Once you let that happen, the software could do anything it wants.
  • If this software were an application for any other purpose, it would be called unstable and unacceptable (maybe an alpha release?).
  • From a random infection victim, you certainly will never know how many system instabilities have been introduced by the victim's attempts to run PunkBuster games.
  • It is quite clear that some of our tools are not likely to run while PunkBuster is present on the computer. It conflicts with kernel level debuggers and says so.
  • The attitude that the computer should be modified in whatever manner necessary to get PunkBuster to run is not consistent with our site's "Do No Harm" policy.
  • The lack of transparency about how the services and kernel driver work may be necessary for PunkBuster, but it also creates potential difficulty for infections removal.
Some posts from the EvenBalance/PunkBuster home site:

My computer locks up or "chugs" sometimes while I'm playing PunkBuster Enabled, what can cause this?
PunkBuster "pushes" hardware and the Windows Operating System more than most software and uses functions in the Windows API (low level functions) that are not used by most other programs. As such, there are a few cases where using PB can actually expose flaky hardware or other situations that do not causes problems for other software. Here are a few things that have helped other users make these problems get better or go away completely:

  • Make sure you are using the latest version of BunkBuster (the latest version is always on our Download page) - also this link may help manually update your PunkBuster to the latest version when necessary. From the game's main screen, press the tilde key (the ~ key) to bring down the console and enter the following line, /pb_system1.
  • Never close other programs from your Windows Task Manager before playing the game; either leave them running or close them through the proper interface - killing a process does not always work completely even if it stops showing in the Task Manager. Renegade threads seem to conflict with PunkBuster more than other programs that may be running in memory. There is a free utility that some players use called EndItAll2 to close all extra programs before they play to avoid software conflicts, crashes, and lockups.
  • Check the Add Or Remove Programs list in your Control Panel and uninstall any programs that you do not use or that you do not know what they are.
  • One program that seems to conflict with PunkBuster more than others is Norton Antivirus. If you have it installed, try uninstalling it to see if the lockups go away. Some players have reported that when this is the culprit, they can reinstall Norton Antivirus and the lockups do not come back.
  • Other background programs that seem to conflict with PunkBuster for some users are Sound Blaster Live software and helper programs that come with video cards, especially ATI keyboard shortcut programs.
  • Some players discovered that they had a computer virus and that the lockups vanished after it was fully removed.
  • Experiment with the pb_sleep setting, try setting it to 20, 250, or 500 to see if that affects your game performance. A few players have reported that all the problems go away when they "tweak" this setting.
  • In extreme cases, a few users have reported that replacing their RAM (memory) or video/sound cards fixed the problem.

How do I uninstall PunkBuster?
If you do not wish to use PunkBuster any longer, you may remove the entire "pb" folder inside your game folder. By removing this folder, the PunkBuster software will no longer be available. PunkBuster does not save information to other locations on your hard drive nor does it change your system registry. *NOTICE* Starting with PunkBuster client version 1.3000, our new Service components are kept in the Windows folder on the hard drive and they do store information in the registry. We offer a separate program called PBSVC with an uninstall option for our service components. It may be downloaded from here.

My game crashes with an error in pbcl.dll or a General Protection Fault. Why?
This issue can be from a program that conflicts with PunkBuster. There are a few known programs that cause this: [list]

  • Get Right
  • DU Super Controller
  • Macro Toolsworks
  • Girder 3.2
  • PRTG Traffic Grapher
  • CyberCorder: cybrcrdr.exe
  • Paessler Router Traffic Grapher: prtg4.exe
  • 3dnasys.exe
  • mIRCStats
  • Closing those programs or any like them that contain user or kernel level debuggers should stop the problem.

    Privacy Policy of Even Balance, Inc.
    Due to the unique nature of how PunkBuster software operates, we have developed this Statement to describe our Policy regarding the Privacy of the users of our software. The PunkBuster system is designed specifically to allow users to optionally hold themselves accountable by allowing our software to run in the background on their computer systems while they compete in various forms of multi-player events. Our software is designed to operate in typical client / server fashion using the common Tcp/lp (Internet)protocol. Our software inspects the displayed screen, processes, and files associated with each computer system on which it is running for the purpose of authenticating those systems for play in a "cheat free" environment. The primary purpose of the scanning procedures is to inspect for the purpose of authenticating honest users who wish to compete fairly together. Our inspection procedures consists of three types: 1) validating that only non-hacked original software is being used during multi-player competition. 2) examining files that match the profile (or signature) of known cheating programs, and 3) sending screen captures during game-play. Our software does not, nor will it ever, without the explicit consent of users, make changes to any non-PunkBuster files on users' systems (such consent would be received through a confirmation action within the PunkBuster software and not as part of our Software Terms.) Furthermore, our software will not perform "hard disk scans" looking through large portions of users' directories and/or file systems. Private data is not transmitted by PunkBuster from a user's system to a PunkBuster server - all transmissions from users' systems will be encrypted using randomized keys that are meaningful within the context of providing a mutually agreeable "cheat free" online environment. Screenshots of game-play are not considered private data by PunkBuster. The PunkBuster anti-cheat system will not attempt to permanently retain information about users' systems other than standard logging of connection and authentication / inspection activities. We encourage any and all auditing or monitoring of the activity of our system for the purpose of verifying that our software performs according to this Policy Statement. We will cooperate fully with any party who believes that they have found any case where our system is being or could be used to breach the privacy of the users of our software.

    The primary purpose... What could be a secondary purpose?
    The fact that information sent back to servers is encrypted has nothing to do with Private data being sent.

    Please let me know your decision and post a new HijackThis log.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

    #6 suebaby41

    suebaby41

      W.A.M. (Women Against Malware)


    • Malware Response Team
    • 6,248 posts
    • OFFLINE
    •  
    • Gender:Female
    • Location:South Carolina, USA
    • Local time:06:20 AM

    Posted 09 September 2009 - 02:20 PM

    This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
    You don't stop laughing when you get old; you get old when you stop laughing.
    A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
    Malware Removal University Masters Graduate

    Posted Image
    Join The Fight Against Malware
    No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users