Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Variant Issues


  • This topic is locked This topic is locked
10 replies to this topic

#1 AmDot

AmDot

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 28 October 2009 - 06:36 PM

I am running into some issues. Ok, so I am running vista 32 bit on my system, I recently found a program in C:\windows\system32 called b.exe, and noticed some errors it was causing. Naturally, I thought.... well thats odd, and it was created today so i knew that it was not a valid windows file. Tried to delete, didnt have permission or the ability to change permissions. Downloaded MBAM, shut down on first run, now i dont have permission to run it again. Tried RKILL, reinstalled MBAM, renamed all the exes, ran MBAM, and it died after 2 seconds. Same with HJTHS. Only antivirus i can get to scan is AVG because it was running before the program started. It actually found B.exe trying to start and shut it down and removed it.

I tried to run rootrepeal, and it wouldnt run, tried to run dds and it wouldnt run, tried to get highkackthis to run and no dice either. All i have for you is a win32kdiag and a log from running the command > DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt

Also, during my first rootrepeal, before it shut down one me and changed the permissions, i noticed that it said "Rootkit Detected!" right before it shut off... I guess it's kinda obvious, but i figured i would throw that out there anyways.

Win32k Log

Running from: C:\Users\Kris\Desktop\Win32kDiag.exe

Log file at : C:\Users\Kris\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point	   : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\AspNetMMCExt.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_es_31bf3856ad364e35\6.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_fr_31bf3856ad364e35\6.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_zh-CHS_31bf3856ad364e35\6.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\EventViewer.Resources\6.0.0.0_zh-CHT_31bf3856ad364e35\6.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Tasks.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.build.utilities.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_es_31bf3856ad364e35\6.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_fr_31bf3856ad364e35\6.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_zh-CHS_31bf3856ad364e35\6.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Ink.Resources\6.0.0.0_zh-CHT_31bf3856ad364e35\6.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_es_b03f5f7f11d50a3a\8.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_fr_b03f5f7f11d50a3a\8.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_zh-CHS_b03f5f7f11d50a3a\8.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Jscript.resources\8.0.0.0_zh-CHT_b03f5f7f11d50a3a\8.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_es_31bf3856ad364e35\3.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_fr_31bf3856ad364e35\3.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_zh-CHS_31bf3856ad364e35\3.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.ManagementConsole.Resources\3.0.0.0_zh-CHT_31bf3856ad364e35\3.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.0.0.0_es_31bf3856ad364e35\6.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.0.0.0_fr_31bf3856ad364e35\6.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.0.0.0_zh-CHS_31bf3856ad364e35\6.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.Tpm.Resources\6.0.0.0_zh-CHT_31bf3856ad364e35\6.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_es_b03f5f7f11d50a3a\8.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_fr_b03f5f7f11d50a3a\8.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_zh-CHS_b03f5f7f11d50a3a\8.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.data.resources\8.0.0.0_zh-CHT_b03f5f7f11d50a3a\8.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_es_b03f5f7f11d50a3a\8.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_fr_b03f5f7f11d50a3a\8.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_zh-CHS_b03f5f7f11d50a3a\8.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\microsoft.visualbasic.compatibility.resources\8.0.0.0_zh-CHT_b03f5f7f11d50a3a\8.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_es_b03f5f7f11d50a3a\8.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_fr_b03f5f7f11d50a3a\8.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_zh-CHS_b03f5f7f11d50a3a\8.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_zh-CHT_b03f5f7f11d50a3a\8.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_es_31bf3856ad364e35\1.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_fr_31bf3856ad364e35\1.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_zh-CHS_31bf3856ad364e35\1.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MiguiControls.Resources\1.0.0.0_zh-CHT_31bf3856ad364e35\1.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_es_31bf3856ad364e35\3.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_fr_31bf3856ad364e35\3.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_zh-CHS_31bf3856ad364e35\3.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCEx.Resources\3.0.0.0_zh-CHT_31bf3856ad364e35\3.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_es_31bf3856ad364e35\3.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_fr_31bf3856ad364e35\3.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_zh-CHS_31bf3856ad364e35\3.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\MMCFxCommon.Resources\3.0.0.0_zh-CHT_31bf3856ad364e35\3.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_es_31bf3856ad364e35\6.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_fr_31bf3856ad364e35\6.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_zh-CHS_31bf3856ad364e35\6.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napinit.resources\6.0.0.0_zh-CHT_31bf3856ad364e35\6.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_es_31bf3856ad364e35\6.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_fr_31bf3856ad364e35\6.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_zh-CHS_31bf3856ad364e35\6.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\napsnap.resources\6.0.0.0_zh-CHT_31bf3856ad364e35\6.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\sysglobl.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Configuration.Install.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\system.configuration.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.OracleClient.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Design.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.Design.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.EnterpriseServices.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Management.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Messaging.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Transactions.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Mobile.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_es_b03f5f7f11d50a3a\2.0.0.0_es_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_fr_b03f5f7f11d50a3a\2.0.0.0_fr_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\2.0.0.0_zh-CHS_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Web.Services.resources\2.0.0.0_zh-CHT_b03f5f7f11d50a3a\2.0.0.0_zh-CHT_b03f5f7f11d50a3a

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_es_b77a5c561934e089\2.0.0.0_es_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_fr_b77a5c561934e089\2.0.0.0_fr_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_zh-CHS_b77a5c561934e089\2.0.0.0_zh-CHS_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\System.XML.resources\2.0.0.0_zh-CHT_b77a5c561934e089\2.0.0.0_zh-CHT_b77a5c561934e089

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_es_31bf3856ad364e35\6.0.0.0_es_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_fr_31bf3856ad364e35\6.0.0.0_fr_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_zh-CHS_31bf3856ad364e35\6.0.0.0_zh-CHS_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\GAC_MSIL\TaskScheduler.Resources\6.0.0.0_zh-CHT_31bf3856ad364e35\6.0.0.0_zh-CHT_31bf3856ad364e35

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C13.tmp\ZAP9C13.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA28A.tmp\ZAPA28A.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE977.tmp\ZAPE977.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point	   : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-10-27 06:31:26 12 C:\Windows\bthservsdp.dat ()


Log from the DOS command


Volume in drive C is VistaOS
 Volume Serial Number is 0EFE-08EB

 Directory of C:\Windows\System32

04/10/2009  11:28 PM		   177,152 scecli.dll

 Directory of C:\Windows\System32

04/10/2009  11:28 PM		   592,896 netlogon.dll
			   2 File(s)		770,048 bytes

 Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/20/2008  07:24 PM		   177,152 scecli.dll
			   1 File(s)		177,152 bytes

 Directory of C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/10/2009  11:28 PM		   177,152 scecli.dll
			   1 File(s)		177,152 bytes

 Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/20/2008  07:24 PM		   592,384 netlogon.dll
			   1 File(s)		592,384 bytes

 Directory of C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/10/2009  11:28 PM		   592,896 netlogon.dll
			   1 File(s)		592,896 bytes

	 Total Files Listed:
			   6 File(s)	  2,309,632 bytes
			   0 Dir(s)  62,921,285,632 bytes free

Thanks for any help you guys can give me.

Edited by AmDot, 28 October 2009 - 06:52 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:37 PM

Posted 03 November 2009 - 06:38 AM

Hello AmDot

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 AmDot

AmDot
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 03 November 2009 - 06:24 PM

I ran OTL with no issues at all, but the other program got shut down and the permissions were changed like the other files.

Extras

OTL Extras logfile created on: 11/3/2009 3:40:59 PM - Run 1
OTL by OldTimer - Version 3.1.3.3	 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 132.70 Gb Total Space | 42.62 Gb Free Space | 32.12% Space Free | Partition Type: NTFS
Drive D: | 88.46 Gb Total Space | 59.70 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KRIS-PC
Current User Name: Kris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E5B9B9-8D3F-4937-9ADC-77683C62B7FB}" = lport=18289 | protocol=17 | dir=in | name=bitcomet 18289 udp | 
"{06619BF8-E19E-4862-B7F8-03B9DB10B1A6}" = lport=18289 | protocol=17 | dir=in | name=bitcomet 18289 udp | 
"{4CC7DA74-4859-43AC-AEAE-7A1179915F79}" = lport=18289 | protocol=6 | dir=in | name=bitcomet 18289 tcp | 
"{87FAFAAA-6213-46E4-93C9-5DDB9502B678}" = lport=18289 | protocol=6 | dir=in | name=bitcomet 18289 tcp | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066C9D0A-12B7-4941-9716-E176EB1CE83D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{06D09571-904D-4A31-A8F3-BA233EA5E0A7}" = protocol=6 | dir=in | app=d:\program files\combat arms\nmservice.exe | 
"{0770772F-41A5-4E19-BD6E-2869AA793F36}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{0FCAD203-8726-442F-9F05-1A5E49623029}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{15CB6264-167D-4BC9-B168-4CE733EDF34A}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{182FEB9F-3684-48C5-A05D-165E6FE075FE}" = dir=in | app=d:\program files\avg\avgam.exe | 
"{1F56224D-996E-4A1B-B7D5-3FAEA0C86A83}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{3408995A-0A0A-4FF2-BA20-F6A3304CBD1F}" = dir=in | app=d:\program files\avg\avgupd.exe | 
"{406955B3-3F5A-499D-9DEC-0DC042EAC884}" = protocol=6 | dir=in | app=d:\gc\grand chase\main.exe | 
"{4C53CDFB-B1AC-4094-8EB4-1981E1D4EEFE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{4F6BB848-DBFE-42EB-9165-C3ED75A80A68}" = protocol=17 | dir=in | app=d:\program files\combat arms\nmservice.exe | 
"{4FC6BAA1-E702-400F-9F3C-750114E6BE51}" = protocol=6 | dir=in | app=d:\gc\grand chase\main.exe | 
"{55CE02CF-0DB7-44AF-AF8B-CD14576282E0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 demo\arma2demo.exe | 
"{59210279-F888-4F49-91F3-4FF58E5FAC9A}" = dir=in | app=d:\program files\avg\avgdiagex.exe | 
"{5AE58CD7-935C-4FE7-A8A8-C6061F8972A8}" = protocol=17 | dir=in | app=d:\program files\combat arms\nmservice.exe | 
"{63274E2E-8D9A-4AC1-A77E-E35720EA02CB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7C3FCE05-D1A9-4232-99DF-1FB02695C31E}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{8EC608A9-F1D7-4370-AFFE-3312E78EB13B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 demo\arma2demo.exe | 
"{91A97995-4D12-4507-A288-7066FE8F487F}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{9489A701-A7DF-4ECF-9DDF-B5D1366D42CA}" = protocol=17 | dir=in | app=d:\gc\grand chase\main.exe | 
"{9D8AB585-6270-4B06-8A22-F73CD74F87F8}" = protocol=6 | dir=in | app=d:\program files\combat arms\nmservice.exe | 
"{A22C9A5B-7468-483E-8142-F0A6DB8166A3}" = protocol=17 | dir=in | app=d:\gc\grand chase\main.exe | 
"{A4255593-B5C4-4680-8A4A-04D9FBEB8382}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B52422EA-49EC-42B3-91BB-E5BE82009B0B}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{B5EAC7CE-124D-4620-B07F-DD1C3B09007B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B9ED1F61-2AF5-40CC-AEC7-764DE7B87693}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{C30D0BC5-6EF8-4E1A-A3FF-7936B9D7FC1A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C5615F4B-90EE-454B-8124-9AE2FCDD80BF}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{C90E50D8-0D1F-4150-9E95-330170AE035D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{CB23F836-F40D-4A8B-A954-C132E3CA7EDF}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{EC49A011-0696-494D-B2A7-983567506EC0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EE632521-4001-4263-BF3F-BB67E253C1A9}" = dir=in | app=d:\program files\avg\avgnsx.exe | 
"TCP Query User{39C8A48F-A820-4320-987F-865A42C94A04}C:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe | 
"TCP Query User{4CFD9C17-8F0F-4A68-A7F3-204EC3FE87DD}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{E2C29509-0182-486C-98BB-AD51F97BFF0B}C:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe | 
"UDP Query User{4486761B-F552-4D7D-B9DA-96FEC43D9D12}C:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe | 
"UDP Query User{916FFCF9-FCE0-4BE3-9C92-BA192955B038}C:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dozer69@adelphia.net\counter-strike source\hl2.exe | 
"UDP Query User{BE9F8FFB-59F3-4810-B41E-DB40AD044A1D}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}" = Cisco EAP-FAST Module
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{934B3B19-8193-467A-B356-E73F82647D38}" = Cisco LEAP Module
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAD1449B-DF0C-4118-B76D-68C54009576C}" = Cisco PEAP Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DA41F9E9-B878-467F-95E7-27E4D1943533}" = Multimedia Card Reader
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}" = Pen Tablet
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.6.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"AVG9Uninstall" = AVG 9.0
"BitComet" = BitComet 1.15
"Combat Arms" = Combat Arms
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DFO" = DFOLauncher
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Emote-Launcher" = Emote-Launcher (remove only)
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
"ffdshow_is1" = ffdshow [rev 3097] [2009-10-08]
"FOOK2 v1.0" = FOOK2
"Game Maker 7.0" = Game Maker 7.0
"HijackThis" = HijackThis 2.0.2
"InstallShield_{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}" = Pen Tablet
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MinGW" = MinGW 5.1.6
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PCSI" = Prevx
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"Privoxy" = Privoxy 3.0.6
"PunkBusterSvc" = PunkBuster Services
"Runic Games Torchlight" = Torchlight
"Sacred Underworld_is1" = Sacred Underworld
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 33920" = ARMA 2 Demo
"Tor" = Tor 0.2.1.19
"USB Mass Storage Filter Driver" = Multimedia Card Reader
"Vidalia" = Vidalia 0.1.15
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Kris)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 10/31/2009 2:14:50 AM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application dds.exe, version 0.0.0.0, time stamp 0x4942b819,
 faulting module libgimp-2.0-0.dll, version 6.0.6002.18005, time stamp 0x49e03821,
 exception code 0xc0000135, fault offset 0x00009eed,  process id 0xf84, application
 start time 0x01ca59f17294cbe8.
 
Error - 10/31/2009 2:15:45 AM | Computer Name = Kris-PC | Source = Application Error | ID = 1000
Description = Faulting application dds.exe, version 0.0.0.0, time stamp 0x4942b819,
 faulting module libgimp-2.0-0.dll, version 6.0.6002.18005, time stamp 0x49e03821,
 exception code 0xc0000135, fault offset 0x00009eed,  process id 0xdd4, application
 start time 0x01ca59f193de47e8.
 
Error - 10/31/2009 5:41:29 PM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 10/31/2009 5:41:30 PM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 11/1/2009 8:44:03 PM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 11/1/2009 8:44:03 PM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 11/3/2009 4:45:44 AM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 11/3/2009 4:45:44 AM | Computer Name = Kris-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description = 
 
Error - 11/3/2009 5:50:44 AM | Computer Name = Kris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11/3/2009 5:53:28 AM | Computer Name = Kris-PC | Source = EventSystem | ID = 4609
Description = 
 
[ System Events ]
Error - 11/3/2009 6:07:35 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11/3/2009 6:07:35 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11/3/2009 6:08:08 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11/3/2009 6:08:08 AM | Computer Name = Kris-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11/3/2009 6:08:09 AM | Computer Name = Kris-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11/3/2009 6:08:09 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11/3/2009 6:24:15 AM | Computer Name = Kris-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 11/3/2009 6:25:07 AM | Computer Name = Kris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11/3/2009 4:18:02 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 11/3/2009 5:59:47 PM | Computer Name = Kris-PC | Source = DCOM | ID = 10000
Description = 
 
 
< End of report >


OTL


OTL logfile created on: 11/3/2009 3:40:59 PM - Run 1
OTL by OldTimer - Version 3.1.3.3	 Folder = C:\Users\Kris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 8000 8000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 132.70 Gb Total Space | 42.62 Gb Free Space | 32.12% Space Free | Partition Type: NTFS
Drive D: | 88.46 Gb Total Space | 59.70 Gb Free Space | 67.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KRIS-PC
Current User Name: Kris
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Kris\Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files\AVG\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe (The Privoxy team - www.privoxy.org)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Kris\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe ()
SRV - (avg9wd) -- D:\Program Files\AVG\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PnkBstrB) -- C:\Windows\System32\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\Windows\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ehSched) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx)
DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx)
DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation											)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.10
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.2
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.4.0.4
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.75
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/16 19:23:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: D:\Program Files\AVG\Firefox [2009/10/27 22:53:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 17:00:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 17:00:50 | 00,000,000 | ---D | M]
 
[2009/10/15 17:29:41 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions
[2009/10/15 17:29:41 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/02 19:41:55 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions
[2009/10/31 13:43:34 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/10/16 20:01:58 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/30 17:27:26 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2009/10/15 18:06:59 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/10/27 16:39:00 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/10/22 01:44:29 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/10/16 20:01:58 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com
[2009/10/17 21:35:58 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\yyginstantplay@yoyogames.com
[2009/11/02 19:41:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/29 17:00:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/16 01:42:18 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/29 17:00:48 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/10/29 17:00:48 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/09/25 09:41:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009/07/17 01:40:12 | 00,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/10/16 01:42:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/09/25 09:41:24 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/09/25 09:41:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/10/29 17:00:49 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/10/17 22:08:28 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/09/25 09:41:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	   localhost
O1 - Hosts: ::1			 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PopRock] C:\Users\Kris\AppData\Local\Temp\b.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3643a459-b9c5-11de-ad1a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3643a459-b9c5-11de-ad1a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/11/03 03:19:33 | 00,000,000 | ---D | C] -- C:\Users\Kris\Desktop\mbam
[2009/11/03 03:18:23 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/11/03 03:06:39 | 00,000,000 | ---D | C] -- C:\Program Files\mbam
[2009/11/02 23:40:12 | 00,000,000 | ---D | C] -- C:\Users\Kris\Desktop\torchlight
[2009/11/01 19:43:35 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\DivX
[2009/11/01 19:40:10 | 00,000,000 | ---D | C] -- C:\Users\Kris\Desktop\TL Backup
[2009/10/30 23:12:57 | 00,000,000 | ---D | C] -- C:\MinGW
[2009/10/30 21:01:46 | 00,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2009/10/30 21:01:46 | 00,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2009/10/30 21:01:46 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2009/10/30 20:48:23 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\runic games
[2009/10/30 20:44:40 | 00,000,000 | ---D | C] -- C:\Program Files\Runic Games
[2009/10/30 20:32:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Estsoft
[2009/10/30 20:32:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Estsoft
[2009/10/30 18:18:14 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\ESTsoft
[2009/10/30 18:18:14 | 00,000,000 | ---D | C] -- C:\Program Files\ESTsoft
[2009/10/30 17:27:28 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/10/30 17:27:27 | 00,000,000 | ---D | C] -- C:\Program Files\XfireXO
[2009/10/30 17:27:16 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Xfire
[2009/10/30 17:27:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009/10/30 17:27:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009/10/30 17:27:13 | 00,000,000 | ---D | C] -- C:\Program Files\Xfire
[2009/10/29 14:02:01 | 00,000,000 | ---D | C] -- C:\Windows\FOOK2
[2009/10/27 03:17:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/27 03:16:15 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2009/10/27 02:58:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/27 02:44:56 | 00,052,624 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2009/10/27 02:44:56 | 00,051,656 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2009/10/27 02:44:56 | 00,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2009/10/27 02:44:55 | 00,024,368 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2009/10/27 02:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/10/27 02:44:51 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/10/27 02:44:51 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2009/10/27 02:35:27 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Malwarebytes
[2009/10/27 02:35:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/27 02:35:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/26 23:02:48 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/26 23:02:31 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/26 23:02:29 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/10/26 23:02:21 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/26 23:02:16 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/26 23:02:15 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/26 23:02:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/10/26 19:35:48 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/10/26 19:34:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/10/26 18:49:40 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\InstallShield Installation Information
[2009/10/26 15:58:53 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Fallout3
[2009/10/26 15:40:21 | 00,000,000 | ---D | C] -- C:\Users\Kris\Documents\My Games
[2009/10/26 15:37:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2009/10/25 13:31:57 | 00,097,792 | ---- | C] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV05.sys
[2009/10/25 00:50:49 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/25 00:50:39 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/25 00:50:39 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009/10/25 00:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2009/10/24 21:46:12 | 00,000,000 | ---D | C] -- C:\Users\Kris\Documents\ArmA 2 Demo
[2009/10/24 21:46:12 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\ArmA 2 Demo
[2009/10/24 14:00:06 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2009/10/24 14:00:06 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Fonts
[2009/10/24 14:00:06 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2009/10/24 01:03:29 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2009/10/24 01:03:29 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/10/24 01:03:29 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/10/24 01:03:29 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/10/24 01:03:29 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2009/10/24 01:03:29 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/10/24 01:03:29 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/10/24 01:03:28 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/10/24 01:03:28 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/10/24 01:03:28 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009/10/24 01:03:28 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/10/24 01:03:28 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009/10/24 01:03:28 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009/10/24 01:03:28 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009/10/24 01:03:27 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009/10/24 01:03:27 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009/10/24 01:03:27 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009/10/24 01:03:27 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/10/24 01:03:27 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009/10/24 01:03:27 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009/10/24 01:03:27 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009/10/24 01:03:27 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/10/24 01:03:26 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/10/24 01:03:26 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/10/24 01:03:26 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/10/24 01:03:26 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/10/24 01:03:26 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/10/24 01:03:26 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/10/24 01:03:22 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/10/24 01:03:22 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/10/24 01:03:22 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/10/24 01:03:22 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/10/24 01:03:22 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/10/24 01:03:21 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/10/24 01:03:20 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/10/24 01:03:20 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/10/24 01:03:20 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/10/24 01:03:19 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/10/24 01:03:19 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/10/24 01:03:19 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/10/24 01:03:19 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/10/24 01:03:19 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/10/24 01:03:19 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/10/24 01:03:18 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/10/24 01:03:18 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/10/24 01:03:18 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/10/24 01:03:18 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/10/24 01:03:18 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/10/24 01:03:18 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/10/24 01:03:18 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/10/24 01:03:17 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/10/24 01:03:16 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/10/24 01:03:16 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/10/24 01:03:16 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/10/24 01:03:16 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/10/24 01:03:16 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/10/24 01:03:14 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/10/24 01:03:14 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/10/24 01:03:14 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/10/24 01:03:14 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/10/24 01:03:13 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/10/24 01:03:04 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/10/24 01:03:04 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/10/24 01:03:04 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/10/24 01:03:04 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/10/24 01:03:04 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/10/24 01:03:03 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/10/24 01:03:03 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/10/24 01:03:02 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/10/23 18:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2009/10/23 18:26:06 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/10/23 18:26:06 | 00,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2009/10/23 18:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/10/23 18:25:59 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/10/23 18:07:58 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/10/23 18:05:24 | 00,438,272 | R--- | C] (EA.com/On2.com) -- C:\Windows\System32\vp6vfw.dll
[2009/10/23 18:05:24 | 00,327,680 | ---- | C] (On2.com Inc.) -- C:\Windows\System32\vp6dec.ax
[2009/10/23 14:09:51 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/10/23 14:08:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/10/23 14:08:00 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/10/23 14:08:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/10/23 13:59:04 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/10/23 03:40:47 | 00,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2009/10/22 12:40:46 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\DAEMON Tools Lite
[2009/10/21 04:11:59 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Tor
[2009/10/21 04:11:58 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Vidalia
[2009/10/21 04:11:58 | 00,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2009/10/21 02:51:36 | 00,000,000 | ---D | C] -- C:\Users\Kris\Documents\DFO
[2009/10/21 00:16:46 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/21 00:16:46 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/21 00:16:46 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/20 23:36:38 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/20 19:30:24 | 00,000,000 | ---D | C] -- C:\Users\Kris\.thumbnails
[2009/10/20 19:30:24 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\gtk-2.0
[2009/10/20 17:37:46 | 03,022,158 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2009/10/20 17:36:33 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2009/10/20 17:36:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/10/20 17:18:53 | 00,000,000 | ---D | C] -- C:\Users\Kris\Desktop\School
[2009/10/20 12:13:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2009/10/20 12:13:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2009/10/19 12:03:31 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/10/19 12:03:26 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/10/19 12:03:26 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/10/19 12:03:25 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/10/19 12:03:25 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/10/19 12:03:23 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/10/19 12:03:21 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/10/19 12:03:20 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/10/19 12:03:19 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/10/19 12:03:18 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/10/19 12:03:17 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/10/19 12:03:17 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/10/19 12:03:16 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/10/19 12:03:16 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/10/19 12:03:15 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/10/19 12:03:14 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/10/19 12:03:13 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/10/19 12:03:13 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/10/19 12:03:13 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/10/19 12:03:13 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/10/19 12:03:12 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/10/19 12:03:11 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/10/19 12:03:11 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/10/19 12:03:10 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/10/19 12:03:10 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/10/19 12:03:10 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/10/19 12:03:09 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/10/19 12:03:09 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/10/19 12:03:09 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/10/19 12:03:09 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/10/19 12:03:07 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/10/19 12:03:07 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/10/19 12:03:06 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/10/19 12:03:05 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/10/19 12:03:05 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/10/19 12:03:05 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/10/19 12:03:05 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/10/19 12:03:05 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/10/19 12:03:04 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/10/19 12:03:03 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/10/19 12:03:03 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/10/19 12:03:02 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/10/19 12:03:02 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/10/19 12:03:02 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/10/19 12:03:02 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/10/19 12:03:02 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/10/19 12:03:02 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/10/19 12:03:02 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/10/19 12:03:02 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/10/19 12:03:02 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/10/19 12:03:01 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/10/19 12:03:00 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/10/19 12:03:00 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/10/19 12:02:59 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/10/19 12:02:58 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/10/19 12:02:58 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/10/19 12:02:57 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/10/19 12:02:57 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/10/19 12:02:57 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/10/19 12:02:57 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/10/19 12:02:56 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/10/19 12:02:56 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/10/19 12:02:56 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/10/19 12:02:56 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/10/19 12:02:55 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/10/19 12:02:55 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/10/19 12:02:55 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/19 12:02:55 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/10/19 12:02:54 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/10/19 12:02:54 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/10/19 12:02:54 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/10/19 12:02:54 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/10/19 12:02:53 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/10/19 12:02:53 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/10/19 12:02:53 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/10/19 12:02:52 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/10/19 12:02:52 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/10/19 12:02:52 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/10/19 12:02:52 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/10/19 12:02:52 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/10/19 12:02:52 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/10/19 12:02:51 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/10/19 12:02:51 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/10/19 12:02:51 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/10/19 12:02:51 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/10/19 12:02:50 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/10/19 12:02:50 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/10/19 12:02:50 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/10/19 12:02:49 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/10/19 12:02:48 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/10/19 12:02:48 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/10/19 12:02:47 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/10/19 12:02:47 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/10/19 12:02:47 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/10/19 12:02:47 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/10/19 12:02:47 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/10/19 12:02:46 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/10/19 12:02:46 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/10/19 12:02:46 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/19 12:02:46 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/19 12:02:46 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/10/19 12:02:46 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/10/19 12:02:45 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/10/19 12:02:45 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/10/19 12:02:45 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/10/19 12:02:44 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/10/19 12:02:44 | 00,461,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/19 12:02:43 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/10/19 12:02:43 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/10/19 12:02:43 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/10/19 12:02:43 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/10/19 12:02:43 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/10/19 12:02:43 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/10/19 12:02:43 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/10/19 12:02:43 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/10/19 12:02:43 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/10/19 12:02:43 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/10/19 12:02:42 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/19 12:02:42 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/10/19 12:02:42 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/10/19 12:02:42 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/10/19 12:02:42 | 00,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/19 12:02:42 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/10/19 12:02:41 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/10/19 12:02:41 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/10/19 12:02:40 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/10/19 12:02:40 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/10/19 12:02:40 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/10/19 12:02:40 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/10/19 12:02:40 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/10/19 12:02:39 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/10/19 12:02:39 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/10/19 12:02:39 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/10/19 12:02:38 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/19 12:02:38 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/10/19 12:02:38 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/10/19 12:02:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/10/19 12:02:37 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/10/19 12:02:37 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/10/19 12:02:37 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/10/19 12:02:36 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/10/19 12:02:36 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/19 12:02:36 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/10/19 12:02:36 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/10/19 12:02:36 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/10/19 12:02:36 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/10/19 12:02:35 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/10/19 12:02:35 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/10/19 12:02:35 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/10/19 12:02:35 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/10/19 12:02:35 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/10/19 12:02:35 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/10/19 12:02:35 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/10/19 12:02:35 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/10/19 12:02:34 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/10/19 12:02:34 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/10/19 12:02:34 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/10/19 12:02:34 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/10/19 12:02:34 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/10/19 12:02:34 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/10/19 12:02:34 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/10/19 12:02:34 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/10/19 12:02:34 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/10/19 12:02:34 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/10/19 12:02:33 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/10/19 12:02:33 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/10/19 12:02:33 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/10/19 12:02:33 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/10/19 12:02:33 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/10/19 12:02:32 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/10/19 12:02:32 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/10/19 12:02:32 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/10/19 12:02:32 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/10/19 12:02:31 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/10/19 12:02:31 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/10/19 12:02:31 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/10/19 12:02:30 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/10/19 12:02:30 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/10/19 12:02:29 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/10/19 12:02:29 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/10/19 12:02:29 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/10/19 12:02:29 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/10/19 12:02:28 | 00,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/10/19 12:02:28 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/10/19 12:02:28 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/10/19 12:02:28 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/10/19 12:02:27 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/10/19 12:02:27 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/10/19 12:02:27 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/10/19 12:02:27 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/10/19 12:02:27 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/10/19 12:02:27 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/10/19 12:02:27 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/10/19 12:02:26 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/10/19 12:02:26 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/10/19 12:02:26 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/19 12:02:26 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/10/19 12:02:26 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/10/19 12:02:25 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/10/19 12:02:25 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/10/19 12:02:25 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/19 12:02:25 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/10/19 12:02:25 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/19 12:02:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/10/19 12:02:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/10/19 12:02:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/10/19 12:02:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/10/19 12:02:25 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/10/19 12:02:24 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/10/19 12:02:24 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/10/19 12:02:24 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/10/19 12:02:24 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/19 12:02:24 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/10/19 12:02:24 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/10/19 12:02:23 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/10/19 12:02:23 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/10/19 12:02:23 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/10/19 12:02:23 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/10/19 12:02:23 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/10/19 12:02:23 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/10/19 12:02:23 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/10/19 12:02:23 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/10/19 12:02:22 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/10/19 12:02:22 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/10/19 12:02:22 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/10/19 12:02:22 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/10/19 12:02:22 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/10/19 12:02:22 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/10/19 12:02:21 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/10/19 12:02:21 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/10/19 12:02:21 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/10/19 12:02:21 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/10/19 12:02:21 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/10/19 12:02:20 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/10/19 12:02:20 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/10/19 12:02:20 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/10/19 12:02:20 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/10/19 12:02:20 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/10/19 12:02:20 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/10/19 12:02:20 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/10/19 12:02:20 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/10/19 12:02:20 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/10/19 12:02:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/10/19 12:02:19 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/10/19 12:02:19 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/10/19 12:02:19 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/10/19 12:02:19 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/10/19 12:02:19 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/10/19 12:02:19 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/10/19 12:02:19 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/10/19 12:02:19 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/10/19 12:02:19 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/10/19 12:02:19 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/10/19 12:02:19 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/10/19 12:02:19 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/10/19 12:02:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/10/19 12:02:18 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/10/19 12:02:18 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/10/19 12:02:18 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/10/19 12:02:18 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/10/19 12:02:18 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/10/19 12:02:18 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/10/19 12:02:18 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/10/19 12:02:18 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/10/19 12:02:18 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/10/19 12:02:18 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/10/19 12:02:18 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/10/19 12:02:18 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/10/19 12:02:18 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/10/19 12:02:17 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/10/19 12:02:17 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/10/19 12:02:17 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/10/19 12:02:17 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/10/19 12:02:17 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/10/19 12:02:17 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/10/19 12:02:16 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/10/19 12:02:16 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/10/19 12:02:16 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/10/19 12:02:16 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/10/19 12:02:16 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/10/19 12:02:16 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/10/19 12:02:16 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/10/19 12:02:16 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/10/19 12:02:16 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/10/19 12:02:15 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/10/19 12:02:15 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/10/19 12:02:15 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/10/19 12:02:15 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/10/19 12:02:15 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/10/19 12:02:15 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/10/19 12:02:15 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/19 12:02:15 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/10/19 12:02:14 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/10/19 12:02:14 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/10/19 12:02:13 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/10/19 12:02:13 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/10/19 12:02:13 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/10/19 12:02:13 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/19 12:02:13 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/10/19 12:02:13 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/10/19 12:02:13 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/10/19 12:02:13 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/10/19 12:02:13 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/10/19 12:02:13 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/10/19 12:02:13 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/10/19 12:02:12 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/10/19 12:02:12 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/10/19 12:02:12 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/10/19 12:02:12 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/10/19 12:02:12 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/10/19 12:02:12 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/10/19 12:02:12 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/10/19 12:02:11 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/10/19 12:02:11 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/10/19 12:02:11 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/10/19 12:02:11 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/10/19 12:02:10 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/10/19 12:02:10 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/10/19 12:02:10 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/10/19 12:02:10 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/10/19 12:02:09 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/10/19 12:02:09 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/10/19 12:02:08 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/10/19 12:02:08 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/10/19 12:02:08 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/10/19 12:02:08 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/10/19 12:02:08 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/10/19 12:02:08 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/10/19 12:02:08 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/10/19 12:02:08 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/10/19 12:02:08 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/10/19 12:02:08 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/10/19 12:02:07 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/10/19 12:02:07 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/10/19 12:02:07 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/10/19 12:02:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/10/19 12:02:06 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/10/19 12:02:06 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/10/19 12:02:05 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/10/19 12:02:05 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/10/19 12:02:05 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/10/19 12:02:04 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/10/19 12:02:04 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/10/19 12:02:04 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/10/19 12:02:03 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/19 12:02:03 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/10/19 12:02:03 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/10/19 12:02:03 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/10/19 12:02:03 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/10/19 12:02:03 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/10/19 12:02:03 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/10/19 12:02:03 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/10/19 12:02:03 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/10/19 12:02:02 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/10/19 12:02:02 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/10/19 12:02:02 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/10/19 12:02:02 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/10/19 12:02:02 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/10/19 12:02:02 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/10/19 12:02:02 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/10/19 12:02:02 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/10/19 12:02:02 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/10/19 12:02:02 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/10/19 12:02:01 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/10/19 12:02:01 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/10/19 12:02:01 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/10/19 12:02:01 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/10/19 12:02:01 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/10/19 12:02:01 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/10/19 12:02:01 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/10/19 12:02:01 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/10/19 12:02:00 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/10/19 12:02:00 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/10/19 12:02:00 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/10/19 12:02:00 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/10/19 12:02:00 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/10/19 12:02:00 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/10/19 12:02:00 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/10/19 12:02:00 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/10/19 12:02:00 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/10/19 12:02:00 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/10/19 12:02:00 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/10/19 12:02:00 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/10/19 12:02:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/10/19 12:01:59 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/10/19 12:01:59 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/10/19 12:01:59 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/10/19 12:01:59 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/19 12:01:59 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/10/19 12:01:59 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/10/19 12:01:59 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/10/19 12:01:59 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/10/19 12:01:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/10/19 12:01:58 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/10/19 12:01:58 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/10/19 12:01:58 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/10/19 12:01:58 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/10/19 12:01:58 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/10/19 12:01:58 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/10/19 12:01:58 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/10/19 12:01:57 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/10/19 12:01:57 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/10/19 12:01:57 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/10/19 12:01:57 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/10/19 12:01:57 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/10/19 12:01:57 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/10/19 12:01:57 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/10/19 12:01:56 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/10/19 12:01:56 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/10/19 12:01:56 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/10/19 12:01:56 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/10/19 12:01:56 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/10/19 12:01:56 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/10/19 12:01:56 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/10/19 12:01:56 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/10/19 12:01:56 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/10/19 12:01:56 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/10/19 12:01:56 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/10/19 12:01:56 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/10/19 12:01:56 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/10/19 12:01:56 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/10/19 12:01:55 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/10/19 12:01:55 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/10/19 12:01:55 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/10/19 12:01:55 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/10/19 12:01:55 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/10/19 12:01:55 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/10/19 12:01:55 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/10/19 12:01:54 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/10/19 12:01:54 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/10/19 12:01:54 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/10/19 12:01:54 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/10/19 12:01:53 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/10/19 12:01:53 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/10/19 12:01:53 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/10/19 12:01:53 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/10/19 12:01:53 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/10/19 12:01:53 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/10/19 12:01:52 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/10/19 12:01:52 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/10/19 12:01:52 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/10/19 12:01:52 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/10/19 12:01:52 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/10/19 12:01:51 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/10/19 12:01:51 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/10/19 12:01:51 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/19 12:01:51 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/10/19 12:01:51 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/10/19 12:01:50 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/10/19 12:01:50 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/19 12:01:50 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/10/19 12:01:50 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/10/19 12:01:50 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/10/19 12:01:50 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/10/19 12:01:50 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/10/19 12:01:50 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/10/19 12:01:50 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/10/19 12:01:50 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/10/19 12:01:50 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/10/19 12:01:50 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/10/19 12:01:50 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/10/19 12:01:50 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/10/19 12:01:50 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/10/19 12:01:49 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/10/19 12:01:49 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/10/19 12:01:49 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/10/19 12:01:49 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/10/19 12:01:49 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/10/19 12:01:49 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/10/19 12:01:49 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/10/19 12:01:49 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/10/19 12:01:49 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/10/19 12:01:49 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/10/19 12:01:49 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/10/19 12:01:49 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/10/19 12:01:48 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/10/19 12:01:48 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/10/19 12:01:48 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/10/19 12:01:48 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/10/19 12:01:48 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll
[2009/10/19 12:01:48 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/10/19 12:01:48 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/10/19 12:01:47 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/10/19 12:01:47 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/10/19 12:01:47 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/10/19 12:01:47 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/10/19 12:01:47 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/10/19 12:01:47 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/10/19 12:01:47 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/10/19 12:01:47 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/10/19 12:01:47 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/10/19 12:01:47 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/10/19 12:01:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/10/19 12:01:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/10/19 12:01:47 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/10/19 12:01:46 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/10/19 12:01:46 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/10/19 12:01:46 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/10/19 12:01:46 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/10/19 12:01:46 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/10/19 12:01:46 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/10/19 12:01:46 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/10/19 12:01:46 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/10/19 12:01:46 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/10/19 12:01:46 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/10/19 12:01:46 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/10/19 12:01:46 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/10/19 12:01:46 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/10/19 12:01:45 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/10/19 12:01:45 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/10/19 12:01:45 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/10/19 12:01:45 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/10/19 12:01:45 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/10/19 12:01:45 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/10/19 12:01:44 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/10/19 12:01:44 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/19 12:01:44 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/10/19 12:01:43 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/10/19 12:01:43 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/10/19 12:01:43 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/10/19 12:01:42 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/10/19 12:01:42 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/10/19 12:01:42 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/10/19 12:01:42 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/10/19 12:01:42 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/10/19 12:01:42 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/10/19 12:01:41 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/10/19 12:01:41 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/19 12:01:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/10/19 12:01:41 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/10/19 12:01:41 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/10/19 12:01:41 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/10/19 12:01:41 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/10/19 12:01:41 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/10/19 12:01:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/10/19 12:01:41 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/10/19 12:01:41 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/10/19 12:01:41 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/10/19 12:01:41 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/10/19 12:01:40 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/10/19 12:01:40 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/10/19 12:01:40 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/10/19 12:01:40 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/10/19 12:01:40 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/10/19 12:01:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/10/19 12:01:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/10/19 12:01:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/10/19 12:01:39 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/10/19 12:01:39 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/10/19 12:01:39 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/10/19 12:01:38 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/10/19 12:01:38 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/10/19 12:01:38 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/10/19 12:01:38 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/19 12:01:38 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/10/19 12:01:38 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/10/19 12:01:38 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/10/19 12:01:38 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/10/19 12:01:38 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/10/19 12:01:38 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/19 12:01:38 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/10/19 12:01:38 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/10/19 12:01:37 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/10/19 12:01:37 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/10/19 12:01:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/19 12:01:37 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/10/19 12:01:37 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/10/19 12:01:37 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/10/19 12:01:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/10/19 12:01:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/10/19 12:01:36 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/10/19 12:01:36 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/10/19 12:01:36 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/10/19 12:01:36 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/10/19 12:01:36 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/10/19 12:01:36 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/19 12:01:36 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/10/19 12:01:36 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/10/19 12:01:36 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/10/19 12:01:36 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/10/19 12:01:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/19 12:01:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/10/19 12:01:36 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/10/19 12:01:36 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/10/19 12:01:35 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/19 12:01:35 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/10/19 12:01:35 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/10/19 12:01:35 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/10/19 12:01:35 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/10/19 12:01:35 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/10/19 12:01:35 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/10/19 12:01:35 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/10/19 12:01:35 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/10/19 12:01:35 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/10/19 12:01:35 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/19 12:01:35 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/10/19 12:01:35 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/10/19 12:01:35 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/10/19 12:01:35 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/10/19 12:01:35 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/10/19 12:01:35 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/10/19 12:01:35 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/10/19 12:01:35 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/10/19 12:01:35 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/10/19 12:01:35 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/10/19 12:01:35 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/10/19 12:01:34 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/10/19 12:01:34 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/10/19 12:01:34 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/10/19 12:01:34 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/10/19 12:01:34 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/10/19 12:01:34 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/10/19 12:01:34 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/10/19 12:01:34 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/10/19 12:01:34 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/10/19 12:01:34 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/10/19 12:01:34 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/10/19 12:01:34 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/10/19 12:01:33 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/10/19 12:01:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/10/19 12:01:33 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/10/19 12:01:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/10/19 12:01:33 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/10/19 12:01:33 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/10/19 12:01:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/10/19 12:01:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/10/19 12:01:33 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/10/19 12:01:32 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/10/19 12:01:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/10/19 12:01:31 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/10/19 12:01:31 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/10/19 12:01:31 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/10/19 12:01:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/10/19 12:01:30 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/19 12:01:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/10/19 12:01:30 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/10/19 12:01:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/10/19 12:01:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/10/19 12:01:16 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/10/19 12:01:13 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/10/19 12:01:13 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/10/19 12:01:06 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/10/18 18:51:50 | 00,000,000 | ---D | C] -- C:\ProgramData\AppData
[2009/10/18 18:51:50 | 00,000,000 | ---D | C] -- C:\ProgramData\AppData
[2009/10/18 18:47:59 | 00,015,656 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys
[2009/10/18 18:35:31 | 00,000,000 | ---D | C] -- C:\Users\Kris\Documents\gegl-0.0
[2009/10/18 18:35:31 | 00,000,000 | ---D | C] -- C:\Users\Kris\.gimp-2.6
[2009/10/18 18:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2009/10/18 01:58:31 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\NeopleLauncherDFO
[2009/10/17 22:47:28 | 00,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2009/10/17 22:47:28 | 00,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2009/10/17 22:18:45 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/10/17 22:08:36 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/10/17 22:08:36 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\PMB Files
[2009/10/17 22:08:36 | 00,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2009/10/17 22:08:20 | 00,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2009/10/17 21:36:03 | 00,000,000 | ---D | C] -- C:\Users\Kris\Documents\YoYoGames
[2009/10/17 21:36:03 | 00,000,000 | ---D | C] -- C:\ProgramData\YoYoGames
[2009/10/17 21:36:03 | 00,000,000 | ---D | C] -- C:\ProgramData\YoYoGames
[2009/10/17 04:23:06 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/16 20:24:01 | 00,000,000 | ---D | C] -- C:\Users\Kris\Documents\Battlefield Heroes
[2009/10/16 20:02:20 | 00,000,000 | ---D | C] -- C:\Program Files\EA Games
[2009/10/16 16:59:31 | 00,000,000 | ---D | C] -- C:\Users\Kris\AbiSuite
[2009/10/16 16:58:31 | 00,000,000 | ---D | C] -- C:\Program Files\AbiSuite2
[2009/10/16 16:24:03 | 00,000,000 | ---D | C] -- C:\Program Files\Game_Maker7
[2009/10/16 01:42:16 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/16 01:42:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/16 01:42:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/16 01:41:55 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/16 01:23:59 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/16 00:51:19 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/10/16 00:51:19 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/10/16 00:20:12 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\WinRAR
[2009/10/15 23:55:55 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/15 22:27:34 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/10/15 22:20:17 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/15 22:01:48 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/10/15 22:00:12 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/15 22:00:07 | 00,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/10/15 22:00:07 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/10/15 22:00:06 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/10/15 22:00:06 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/10/15 22:00:06 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/10/15 22:00:06 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/10/15 22:00:01 | 00,904,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/10/15 22:00:00 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/10/15 22:00:00 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/10/15 21:59:59 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/10/15 21:59:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/10/15 21:59:59 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/10/15 21:59:59 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/10/15 21:59:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/10/15 21:59:59 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/10/15 21:59:59 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/10/15 21:59:58 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/10/15 21:59:34 | 02,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/10/15 21:59:33 | 03,599,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/15 21:59:31 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/15 21:59:30 | 01,176,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/15 21:59:30 | 00,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/15 21:59:29 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/15 21:59:29 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/15 21:59:29 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/15 21:59:28 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/15 21:59:27 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/15 21:59:22 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/10/15 21:59:21 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/10/15 21:59:21 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/10/15 21:59:21 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/10/15 21:59:21 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/10/15 21:59:21 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/10/15 21:59:21 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/10/15 21:57:53 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/15 21:57:52 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/15 21:57:26 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/10/15 21:57:26 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/10/15 21:57:26 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/10/15 21:57:26 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/10/15 21:57:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/10/15 21:57:25 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/10/15 21:57:22 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/10/15 21:57:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2009/10/15 21:57:11 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/10/15 21:57:11 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/10/15 21:57:11 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/10/15 21:57:10 | 02,034,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/10/15 21:57:08 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/10/15 21:57:08 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/10/15 21:57:07 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/10/15 21:57:07 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/10/15 21:57:07 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/10/15 21:57:07 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/10/15 21:57:07 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/10/15 21:57:06 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/10/15 21:57:05 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/10/15 21:57:02 | 10,628,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/15 21:57:00 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/15 21:57:00 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/10/15 21:57:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/10/15 21:57:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/10/15 21:57:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/10/15 21:56:59 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/10/15 21:56:59 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/10/15 21:56:51 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/10/15 21:55:58 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/15 21:55:57 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/15 21:51:17 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/10/15 21:50:27 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/15 21:44:58 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/15 21:44:58 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/15 21:44:58 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/15 21:44:58 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/15 21:44:45 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/15 21:44:45 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/15 21:44:45 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/15 21:44:39 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/15 21:44:39 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/15 18:07:07 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/10/15 18:06:57 | 00,000,000 | ---D | C] -- C:\Program Files\BitComet
[2009/10/15 17:34:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/10/15 17:34:00 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/10/15 17:32:52 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Macromedia
[2009/10/15 17:32:52 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Adobe
[2009/10/15 17:32:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/10/15 17:29:37 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Mozilla
[2009/10/15 17:29:37 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Mozilla
[2009/10/15 17:29:29 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/15 17:23:25 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Microsoft Games
[2009/10/15 16:36:42 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/10/15 16:36:42 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/10/15 16:33:23 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS
[2009/10/15 16:32:07 | 00,000,000 | ---D | C] -- C:\ProgramData\P4G
[2009/10/15 16:32:07 | 00,000,000 | ---D | C] -- C:\ProgramData\P4G
[2009/10/15 16:32:07 | 00,000,000 | ---D | C] -- C:\Program Files\P4G
[2009/10/15 16:31:22 | 00,000,000 | ---D | C] -- C:\Program Files\Multimedia Card Reader
[2009/10/15 16:29:23 | 00,135,680 | ---- | C] (Realtek Corporation											) -- C:\Windows\System32\drivers\Rtlh86.sys
[2009/10/15 16:29:23 | 00,009,728 | ---- | C] (Realtek Semiconductor Corporation						   ) -- C:\Windows\System32\RtNicProp32.dll
[2009/10/15 16:26:46 | 01,093,632 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2009/10/15 16:26:46 | 00,952,832 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2009/10/15 16:26:40 | 00,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2009/10/15 16:26:40 | 00,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2009/10/15 16:26:40 | 00,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2009/10/15 16:26:05 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco
[2009/10/15 16:26:05 | 00,000,000 | ---D | C] -- C:\Program Files\Atheros
[2009/10/15 16:25:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2009/10/15 16:25:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2009/10/15 16:23:30 | 00,372,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraiins.dll
[2009/10/15 16:23:30 | 00,372,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvraidco.dll
[2009/10/15 16:23:30 | 00,146,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor32.sys
[2009/10/15 16:23:30 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoPtb.dll
[2009/10/15 16:23:30 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoPt.dll
[2009/10/15 16:23:30 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoIt.dll
[2009/10/15 16:23:30 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEsm.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoTr.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoSv.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoSl.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoSk.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoRu.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoPl.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoNo.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoNl.dll
[2009/10/15 16:23:30 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoHu.dll
[2009/10/15 16:23:30 | 00,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoTh.dll
[2009/10/15 16:23:30 | 00,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoENU.dll
[2009/10/15 16:23:30 | 00,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEng.dll
[2009/10/15 16:23:30 | 00,014,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoKo.dll
[2009/10/15 16:23:30 | 00,013,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoZht.dll
[2009/10/15 16:23:30 | 00,013,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoZhc.dll
[2009/10/15 16:23:29 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoFr.dll
[2009/10/15 16:23:29 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEs.dll
[2009/10/15 16:23:29 | 00,016,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoEl.dll
[2009/10/15 16:23:29 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoFi.dll
[2009/10/15 16:23:29 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoDe.dll
[2009/10/15 16:23:29 | 00,016,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoDa.dll
[2009/10/15 16:23:29 | 00,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoCs.dll
[2009/10/15 16:23:29 | 00,015,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoAr.dll
[2009/10/15 16:23:29 | 00,015,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoHe.dll
[2009/10/15 16:23:29 | 00,014,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvRCoJa.dll
[2009/10/15 16:22:57 | 00,122,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVCOSMU.DLL
[2009/10/15 16:22:57 | 00,015,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys
[2009/10/15 16:22:40 | 00,122,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVCOSMB.DLL
[2009/10/15 16:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\ATKGFNEX
[2009/10/15 16:20:51 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\InstallShield
[2009/10/15 16:20:33 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/10/15 16:18:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/10/15 16:18:29 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/10/15 16:18:25 | 01,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2009/10/15 16:18:24 | 01,003,040 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/10/15 16:18:24 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2009/10/15 16:18:24 | 00,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/10/15 16:18:24 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2009/10/15 16:18:24 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2009/10/15 16:18:24 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2009/10/15 16:18:24 | 00,046,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/10/15 16:18:23 | 02,525,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/10/15 16:18:22 | 00,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/10/15 16:18:22 | 00,282,112 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\RTPCEE32.dll
[2009/10/15 16:18:21 | 02,346,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/10/15 16:18:21 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2009/10/15 16:18:21 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2009/10/15 16:18:21 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2009/10/15 16:18:20 | 00,159,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2009/10/15 16:18:19 | 00,143,360 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2009/10/15 16:18:19 | 00,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2009/10/15 16:18:19 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/15 16:18:19 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/10/15 16:18:17 | 00,540,672 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/10/15 16:18:17 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/10/15 16:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/15 16:17:15 | 01,112,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2009/10/15 16:17:15 | 00,801,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2009/10/15 16:17:15 | 00,760,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2009/10/15 16:17:15 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2009/10/15 16:17:15 | 00,211,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2009/10/15 16:17:15 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2009/10/15 16:16:34 | 00,457,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2009/10/15 16:16:03 | 00,457,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2009/10/15 15:38:57 | 00,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2009/10/15 15:38:10 | 00,007,680 | ---- | C] (ATK0100) -- C:\Windows\System32\drivers\ATKACPI.sys
[2009/10/15 13:20:04 | 00,000,000 | R--D | C] -- C:\Users\Kris\Searches
[2009/10/15 13:19:55 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Identities
[2009/10/15 13:19:54 | 00,000,000 | R--D | C] -- C:\Users\Kris\Contacts
[2009/10/15 13:19:53 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\VirtualStore
[2009/10/15 13:19:49 | 00,000,000 | --SD | C] -- C:\Users\Kris\AppData\Roaming\Microsoft
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Videos
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Saved Games
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Pictures
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Music
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Links
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Favorites
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Downloads
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Documents
[2009/10/15 13:19:49 | 00,000,000 | R--D | C] -- C:\Users\Kris\Desktop
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Templates
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Start Menu
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\SendTo
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Recent
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\PrintHood
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\NetHood
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Documents\My Videos
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Documents\My Pictures
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Documents\My Music
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\My Documents
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Local Settings
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Cookies
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\Application Data
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\AppData\Local\Temporary Internet Files
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\AppData\Local\History
[2009/10/15 13:19:49 | 00,000,000 | -HSD | C] -- C:\Users\Kris\AppData\Local\Application Data
[2009/10/15 13:19:49 | 00,000,000 | -H-D | C] -- C:\Users\Kris\AppData
[2009/10/15 13:19:49 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Roaming\Media Center Programs
[2009/10/15 13:19:49 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Temp
[2009/10/15 13:19:49 | 00,000,000 | ---D | C] -- C:\Users\Kris\AppData\Local\Microsoft
[2009/10/15 13:03:24 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/10/15 12:59:25 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/11/03 15:40:09 | 01,835,008 | -HS- | M] () -- C:\Users\Kris\NTUSER.DAT
[2009/11/03 15:18:41 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/03 15:18:41 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/03 15:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/11/03 15:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/11/03 13:55:10 | 00,011,762 | ---- | M] () -- C:\Users\Kris\.recently-used.xbel
[2009/11/03 13:44:20 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/03 13:44:20 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/03 13:44:20 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/03 13:44:20 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/03 13:44:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/03 13:44:07 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/03 13:44:07 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/03 13:44:07 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/03 09:24:10 | 44,665,035 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/11/03 09:23:54 | 00,069,545 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/11/03 03:23:37 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/03 03:23:30 | 00,000,000 | ---- | M] () -- C:\Windows\win32k.sys
[2009/11/03 03:23:28 | 37,572,19840 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/03 03:22:37 | 00,524,288 | -HS- | M] () -- C:\Users\Kris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/03 03:22:37 | 00,065,536 | -HS- | M] () -- C:\Users\Kris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/03 03:02:33 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/11/03 02:54:32 | 00,009,216 | ---- | M] () -- C:\Users\Kris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/02 23:46:50 | 98,093,6052 | ---- | M] () -- C:\Users\Kris\Desktop\torchlight.zip
[2009/10/31 19:02:23 | 00,002,645 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2009/10/30 23:28:59 | 00,000,983 | ---- | M] () -- C:\Users\Kris\Desktop\Torchlight - Shortcut.lnk
[2009/10/30 21:01:46 | 00,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2009/10/30 21:01:46 | 00,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2009/10/30 20:54:53 | 98,992,1280 | ---- | M] () -- C:\Users\Kris\Desktop\torchlight.iso
[2009/10/30 20:52:28 | 31,674,3680 | ---- | M] () -- C:\Users\Kris\Documents\Torchlight.iso
[2009/10/30 17:27:15 | 00,000,767 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2009/10/29 20:49:00 | 30,018,7226 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/10/28 16:22:19 | 00,000,015 | ---- | M] () -- C:\Users\Kris\Desktop\settings.dat
[2009/10/28 16:19:41 | 00,472,064 | ---- | M] () -- C:\Users\Kris\Desktop\RootRepeal.exe
[2009/10/27 16:07:35 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/10/27 16:07:34 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/10/27 16:07:05 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2009/10/27 03:35:03 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/27 03:35:03 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/27 02:44:56 | 00,052,624 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2009/10/27 02:44:56 | 00,051,656 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2009/10/27 02:44:56 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2009/10/27 02:44:55 | 00,024,368 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2009/10/27 02:44:51 | 00,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2009/10/26 23:02:31 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/10/26 23:02:31 | 00,000,610 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/10/26 23:02:16 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/10/26 23:02:15 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/26 23:02:15 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/26 23:02:15 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:58:12 | 00,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/26 19:52:25 | 00,048,600 | ---- | M] () -- C:\Users\Kris\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/26 19:43:36 | 00,000,703 | ---- | M] () -- C:\Users\Kris\Desktop\Fallout Mod Manager.lnk
[2009/10/26 18:16:10 | 00,000,181 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2009/10/26 18:09:56 | 00,000,274 | ---- | M] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2009/10/25 13:43:55 | 00,004,096 | ---- | M] () -- C:\Users\Public\Documents\000000A7.LCS
[2009/10/25 13:31:57 | 00,097,792 | ---- | M] (Protect Software GmbH) -- C:\Windows\System32\drivers\ACEDRV05.sys
[2009/10/25 13:31:25 | 00,000,671 | ---- | M] () -- C:\Users\Kris\Desktop\Sacred.lnk
[2009/10/25 13:15:06 | 00,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2009/10/24 23:15:58 | 00,000,044 | ---- | M] () -- C:\Users\Kris\.gtk-bookmarks
[2009/10/24 22:54:23 | 00,138,056 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/24 22:54:23 | 00,138,056 | ---- | M] () -- C:\Users\Kris\AppData\Roaming\PnkBstrK.sys
[2009/10/24 22:54:03 | 00,189,248 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/10/24 22:53:57 | 02,395,944 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/10/24 22:53:57 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009/10/24 14:00:06 | 00,000,000 | -H-- | M] () -- C:\Windows\SwSys2.bmp
[2009/10/24 14:00:06 | 00,000,000 | -H-- | M] () -- C:\Windows\SwSys1.bmp
[2009/10/23 18:26:00 | 00,001,742 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/10/22 12:41:02 | 00,721,904 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/21 04:12:01 | 00,000,982 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2009/10/21 03:59:09 | 00,000,104 | ---- | M] () -- C:\Users\Kris\Desktop\Computer - Shortcut.lnk
[2009/10/20 23:38:42 | 00,012,406 | ---- | M] () -- C:\Users\Kris\Desktop\Blog.rtf
[2009/10/18 18:41:56 | 00,000,320 | ---- | M] () -- C:\Windows\System32\wacom.dat
[2009/10/18 18:35:24 | 00,000,905 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/10/18 13:59:26 | 00,008,886 | ---- | M] () -- C:\Users\Kris\Documents\Flight Game design doc..doc
[2009/10/17 22:50:06 | 00,000,743 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2009/10/17 13:24:08 | 00,000,122 | ---- | M] () -- C:\Users\Kris\Desktop\Battlefield Heroes.url
[2009/10/16 16:24:08 | 00,000,842 | ---- | M] () -- C:\Users\Kris\Desktop\Game Maker.lnk
[2009/10/16 01:41:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/16 01:41:59 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/16 01:41:59 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/16 01:41:59 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/16 01:00:54 | 00,000,036 | ---- | M] () -- C:\Users\Kris\AppData\Roaming\TheHunterSettings.cfg
[2009/10/15 21:59:33 | 00,001,853 | ---- | M] () -- C:\Users\Kris\Desktop\Counter-Strike Source.lnk
[2009/10/15 18:06:58 | 00,000,849 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2009/10/15 17:29:32 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/15 16:34:34 | 00,524,288 | -HS- | M] () -- C:\Users\Kris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/10/15 16:18:29 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/10/15 13:20:10 | 00,000,680 | ---- | M] () -- C:\Users\Kris\AppData\Local\d3d9caps.dat
[2009/10/15 13:19:49 | 00,000,020 | -HS- | M] () -- C:\Users\Kris\ntuser.ini
[2009/10/15 13:15:54 | 00,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/10/14 17:01:24 | 00,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009/10/08 19:27:52 | 00,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2009/11/03 13:55:10 | 00,011,762 | ---- | C] () -- C:\Users\Kris\.recently-used.xbel
[2009/11/03 03:23:28 | 37,572,19840 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/02 23:43:57 | 98,093,6052 | ---- | C] () -- C:\Users\Kris\Desktop\torchlight.zip
[2009/10/30 23:28:59 | 00,000,983 | ---- | C] () -- C:\Users\Kris\Desktop\Torchlight - Shortcut.lnk
[2009/10/30 20:53:25 | 98,992,1280 | ---- | C] () -- C:\Users\Kris\Desktop\torchlight.iso
[2009/10/30 20:52:08 | 31,674,3680 | ---- | C] () -- C:\Users\Kris\Documents\Torchlight.iso
[2009/10/30 17:27:15 | 00,000,767 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2009/10/28 16:21:10 | 00,000,015 | ---- | C] () -- C:\Users\Kris\Desktop\settings.dat
[2009/10/28 16:19:39 | 00,472,064 | ---- | C] () -- C:\Users\Kris\Desktop\RootRepeal.exe
[2009/10/27 03:35:03 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/27 03:35:03 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/27 02:44:51 | 00,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2009/10/26 23:02:31 | 00,000,610 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2009/10/26 23:02:15 | 44,665,035 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/10/26 23:02:15 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/10/26 23:02:15 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/10/26 23:02:15 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009/10/26 23:02:15 | 00,069,545 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/10/26 19:43:36 | 00,000,703 | ---- | C] () -- C:\Users\Kris\Desktop\Fallout Mod Manager.lnk
[2009/10/26 18:34:52 | 00,000,278 | -H-- | C] () -- C:\Windows\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/10/26 18:34:42 | 00,000,278 | -H-- | C] () -- C:\Windows\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/26 18:34:35 | 00,000,000 | ---- | C] () -- C:\Windows\win32k.sys
[2009/10/26 18:09:56 | 00,000,274 | ---- | C] () -- C:\Users\Public\Documents\neople_uninstaller0.bat
[2009/10/25 13:31:57 | 00,004,096 | ---- | C] () -- C:\Users\Public\Documents\000000A7.LCS
[2009/10/25 13:25:37 | 00,000,671 | ---- | C] () -- C:\Users\Kris\Desktop\Sacred.lnk
[2009/10/25 13:15:06 | 00,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2009/10/24 23:15:58 | 00,000,044 | ---- | C] () -- C:\Users\Kris\.gtk-bookmarks
[2009/10/24 22:54:24 | 00,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/24 22:54:23 | 00,138,056 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\PnkBstrK.sys
[2009/10/24 22:53:58 | 00,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/10/24 22:53:57 | 02,395,944 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009/10/24 22:53:57 | 00,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/10/24 14:00:06 | 00,002,645 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2009/10/24 14:00:06 | 00,000,000 | -H-- | C] () -- C:\Windows\SwSys2.bmp
[2009/10/24 14:00:06 | 00,000,000 | -H-- | C] () -- C:\Windows\SwSys1.bmp
[2009/10/23 18:26:00 | 00,001,742 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/10/23 14:09:53 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/23 13:59:04 | 00,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/23 13:59:04 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/23 13:59:04 | 00,077,824 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2009/10/22 12:41:02 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/21 04:12:01 | 00,000,982 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
[2009/10/21 03:59:09 | 00,000,104 | ---- | C] () -- C:\Users\Kris\Desktop\Computer - Shortcut.lnk
[2009/10/20 20:08:39 | 00,012,406 | ---- | C] () -- C:\Users\Kris\Desktop\Blog.rtf
[2009/10/20 17:36:33 | 00,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2009/10/19 12:03:30 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/10/19 12:02:53 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/10/19 12:02:51 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/10/19 12:02:42 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/10/19 12:02:40 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/19 12:02:40 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/19 12:02:37 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/10/19 12:02:36 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/10/19 12:02:33 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/10/19 12:02:18 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/10/19 12:02:16 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/10/19 12:01:53 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/19 12:01:32 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/10/19 12:01:26 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/10/18 18:41:56 | 00,000,320 | ---- | C] () -- C:\Windows\System32\wacom.dat
[2009/10/18 18:35:24 | 00,000,905 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2009/10/18 13:59:26 | 00,008,886 | ---- | C] () -- C:\Users\Kris\Documents\Flight Game design doc..doc
[2009/10/18 01:55:36 | 00,000,181 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Fighter Online.url
[2009/10/17 22:50:06 | 00,000,743 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2009/10/17 22:17:56 | 30,018,7226 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/10/17 13:24:08 | 00,000,122 | ---- | C] () -- C:\Users\Kris\Desktop\Battlefield Heroes.url
[2009/10/16 16:40:43 | 00,009,216 | ---- | C] () -- C:\Users\Kris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/16 16:24:08 | 00,000,842 | ---- | C] () -- C:\Users\Kris\Desktop\Game Maker.lnk
[2009/10/16 01:00:54 | 00,000,036 | ---- | C] () -- C:\Users\Kris\AppData\Roaming\TheHunterSettings.cfg
[2009/10/15 22:00:07 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/10/15 18:28:25 | 00,001,853 | ---- | C] () -- C:\Users\Kris\Desktop\Counter-Strike Source.lnk
[2009/10/15 18:06:58 | 00,000,849 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2009/10/15 17:29:32 | 00,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/15 16:36:43 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/15 16:36:43 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/15 16:36:42 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/15 16:36:42 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/15 16:26:46 | 00,127,978 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2009/10/15 16:26:46 | 00,040,728 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2009/10/15 16:18:28 | 00,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/10/15 16:16:34 | 00,009,825 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2009/10/15 13:20:11 | 00,048,600 | ---- | C] () -- C:\Users\Kris\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/15 13:19:50 | 00,000,680 | ---- | C] () -- C:\Users\Kris\AppData\Local\d3d9caps.dat
[2009/10/15 13:19:49 | 01,835,008 | -HS- | C] () -- C:\Users\Kris\NTUSER.DAT
[2009/10/15 13:19:49 | 00,524,288 | -HS- | C] () -- C:\Users\Kris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/10/15 13:19:49 | 00,524,288 | -HS- | C] () -- C:\Users\Kris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/10/15 13:19:49 | 00,065,536 | -HS- | C] () -- C:\Users\Kris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/10/15 13:19:49 | 00,000,020 | -HS- | C] () -- C:\Users\Kris\ntuser.ini
[2009/10/14 17:01:24 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/07/14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/04/14 07:39:33 | 00,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006/11/02 05:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 05:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 05:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 01:43:04 | 00,061,952 | ---- | C] () -- C:\Windows\System32\cngaudit.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/10/23 18:50:34 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\DAEMON Tools Lite
[2009/11/03 13:55:10 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\gtk-2.0
[2009/10/18 01:58:32 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\NeopleLauncherDFO
[2009/10/30 20:48:23 | 00,000,000 | ---D | M] -- C:\Users\Kris\AppData\Roaming\runic games
[2009/11/03 03:23:37 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/11/03 03:02:33 | 00,014,280 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/11/03 15:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/11/03 15:00:02 | 00,000,278 | -H-- | M] () -- C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >


Thanks for the help I appreciate it.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:37 PM

Posted 04 November 2009 - 07:07 AM

You are welcome. :(

First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 AmDot

AmDot
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 04 November 2009 - 02:16 PM

Rand the program, log is below

ComboFix 09-11-04.02 - Kris 11/04/2009 11:50.1.2 - NTFSx86
Running from: c:\users\Kris\Desktop\kahda.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2330285501-1174853365-1785747919-500
c:\$recycle.bin\S-1-5-21-2475733215-3894735241-1946436196-500
D:\install.exe

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll 

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


(((((((((((((((((((((((((   Files Created from 2009-10-04 to 2009-11-04  )))))))))))))))))))))))))))))))
.

2009-11-04 18:59 . 2009-11-04 19:10	--------	d-----w-	c:\users\Kris\AppData\Local\temp
2009-11-04 18:59 . 2009-11-04 18:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2009-11-04 04:23 . 2009-11-04 04:23	--------	d-----w-	c:\program files\Bethesda Softworks
2009-11-04 04:22 . 2009-11-04 04:22	--------	d-----w-	c:\users\Kris\AppData\Local\Oblivion
2009-11-03 10:18 . 2009-11-03 10:18	4096	d-----w-	C:\Malwarebytes' Anti-Malware
2009-11-03 10:06 . 2009-11-03 10:10	4096	d-----w-	c:\program files\mbam
2009-11-02 02:43 . 2009-11-02 02:43	--------	d-----w-	c:\users\Kris\AppData\Roaming\DivX
2009-10-31 06:12 . 2009-10-31 06:13	4096	d-----w-	C:\MinGW
2009-10-31 04:01 . 2009-10-31 04:01	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2009-10-31 04:01 . 2009-10-31 04:01	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2009-10-31 04:01 . 2009-10-31 04:01	--------	d-----w-	c:\program files\OpenAL
2009-10-31 03:48 . 2009-10-31 03:48	--------	d-----w-	c:\users\Kris\AppData\Roaming\runic games
2009-10-31 03:44 . 2009-10-31 03:44	--------	d-----w-	c:\program files\Runic Games
2009-10-31 03:32 . 2009-10-31 03:32	--------	d-----w-	c:\programdata\Estsoft
2009-10-31 01:18 . 2009-10-31 03:32	--------	d-----w-	c:\users\Kris\AppData\Roaming\ESTsoft
2009-10-31 01:18 . 2009-10-31 01:18	--------	d-----w-	c:\program files\ESTsoft
2009-10-31 00:27 . 2009-10-31 00:27	--------	d-----w-	c:\program files\Conduit
2009-10-31 00:27 . 2009-10-31 00:27	--------	d-----w-	c:\program files\XfireXO
2009-10-31 00:27 . 2009-10-07 00:10	52224	------w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-10-31 00:27 . 2009-10-07 00:10	114688	------w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-10-31 00:27 . 2009-10-31 23:43	--------	d-----w-	c:\users\Kris\AppData\Roaming\Xfire
2009-10-31 00:27 . 2009-10-31 00:29	4096	d-----w-	c:\programdata\Xfire
2009-10-31 00:27 . 2009-10-31 00:27	8192	d-----w-	c:\program files\Xfire
2009-10-29 21:02 . 2009-10-29 21:02	--------	d-----w-	c:\windows\FOOK2
2009-10-27 23:07 . 2009-10-27 06:02	161672	----a-w-	c:\programdata\avg9\update\backup\avgrkx86.sys
2009-10-27 23:07 . 2009-10-27 06:02	356616	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2009-10-27 23:07 . 2009-10-27 06:02	28424	----a-w-	c:\programdata\avg9\update\backup\avgmfx86.sys
2009-10-27 23:06 . 2009-10-27 06:02	875288	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2009-10-27 23:06 . 2009-10-27 06:02	1656088	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2009-10-27 10:49 . 2009-10-27 06:02	927000	----a-w-	c:\programdata\avg9\update\backup\avglvex.dll
2009-10-27 10:17 . 2009-10-27 10:17	4096	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-27 10:16 . 2009-11-04 18:59	--------	d--h--w-	c:\windows\PIF
2009-10-27 09:58 . 2009-10-27 09:58	--------	d-----w-	c:\program files\Trend Micro
2009-10-27 09:44 . 2009-10-27 09:44	52624	----a-w-	c:\windows\system32\PxSecure.dll
2009-10-27 09:44 . 2009-10-27 09:44	51656	----a-w-	c:\windows\system32\drivers\pxrts.sys
2009-10-27 09:44 . 2009-10-27 09:44	30280	----a-w-	c:\windows\system32\drivers\pxscan.sys
2009-10-27 09:44 . 2009-10-27 09:44	24368	----a-w-	c:\windows\system32\drivers\pxkbf.sys
2009-10-27 09:44 . 2009-10-27 09:44	--------	d-----w-	c:\program files\Prevx
2009-10-27 09:44 . 2009-10-27 09:49	--------	d-----w-	c:\programdata\PrevxCSI
2009-10-27 09:35 . 2009-10-27 09:35	--------	d-----w-	c:\users\Kris\AppData\Roaming\Malwarebytes
2009-10-27 09:35 . 2009-10-27 09:35	--------	d-----w-	c:\programdata\Malwarebytes
2009-10-27 06:02 . 2009-10-27 06:22	--------	d-----w-	C:\$AVG
2009-10-27 06:02 . 2009-10-27 06:02	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2009-10-27 06:02 . 2009-10-27 23:07	161800	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2009-10-27 06:02 . 2009-10-27 23:07	360584	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-10-25 07:34 . 2009-10-25 07:34	--------	d-----w-	c:\program files\ReflexiveArcade
2009-10-25 05:54 . 2009-10-25 05:54	138056	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-10-25 05:54 . 2009-10-25 05:54	138056	----a-w-	c:\users\Kris\AppData\Roaming\PnkBstrK.sys
2009-10-25 05:53 . 2009-10-25 05:54	189248	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-10-25 05:53 . 2009-10-25 05:53	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-10-25 05:53 . 2009-10-25 05:53	2395944	----a-w-	c:\windows\system32\pbsvc_heroes.exe
2009-10-25 04:46 . 2009-10-25 04:46	--------	d-----w-	c:\users\Kris\AppData\Local\ArmA 2 Demo
2009-10-24 01:29 . 2009-10-24 01:36	4096	d-----w-	c:\program files\MagicISO
2009-10-24 01:26 . 2009-10-24 01:26	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2009-10-24 01:26 . 2009-10-24 01:26	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2009-10-24 01:25 . 2009-10-24 01:26	4096	d-----w-	c:\program files\DAEMON Tools Lite
2009-10-24 01:05 . 2005-06-24 23:24	438272	----a-r-	c:\windows\system32\vp6vfw.dll
2009-10-23 21:09 . 2009-10-09 02:27	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-10-23 21:09 . 2009-10-23 21:09	8192	d-----w-	c:\program files\ffdshow
2009-10-23 21:08 . 2009-10-23 21:08	4096	d-----w-	c:\program files\Common Files\PX Storage Engine
2009-10-23 21:08 . 2009-10-23 21:08	8192	d-----w-	c:\program files\DivX
2009-10-23 21:08 . 2009-10-23 21:08	4096	d-----w-	c:\program files\Common Files\DivX Shared
2009-10-23 20:59 . 2009-10-23 21:07	4096	d-----w-	c:\program files\Xvid
2009-10-23 20:59 . 2009-06-07 23:24	180224	----a-w-	c:\windows\system32\xvidvfw.dll
2009-10-23 20:59 . 2009-06-07 23:16	819200	----a-w-	c:\windows\system32\xvidcore.dll
2009-10-23 10:40 . 1999-12-17 15:13	86016	----a-w-	c:\windows\unvise32.exe
2009-10-22 19:41 . 2009-10-22 19:41	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-10-22 19:40 . 2009-10-24 01:50	--------	d-----w-	c:\users\Kris\AppData\Roaming\DAEMON Tools Lite
2009-10-21 11:11 . 2009-10-21 11:35	--------	d-----w-	c:\users\Kris\AppData\Roaming\Tor
2009-10-21 11:11 . 2009-10-21 11:15	--------	d-----w-	c:\users\Kris\AppData\Roaming\Vidalia
2009-10-21 11:11 . 2009-10-21 11:12	4096	d-----w-	c:\program files\Vidalia Bundle
2009-10-21 07:16 . 2009-10-21 07:17	--------	d-----w-	c:\windows\system32\ca-ES
2009-10-21 07:16 . 2009-10-21 07:17	--------	d-----w-	c:\windows\system32\eu-ES
2009-10-21 07:16 . 2009-10-21 07:17	--------	d-----w-	c:\windows\system32\vi-VN
2009-10-21 06:36 . 2009-10-21 06:36	4096	d-----w-	c:\windows\system32\EventProviders
2009-10-21 02:30 . 2009-11-04 01:36	--------	d-----w-	c:\users\Kris\AppData\Roaming\gtk-2.0
2009-10-21 02:30 . 2009-10-21 02:30	--------	d-----w-	c:\users\Kris\.thumbnails
2009-10-21 00:36 . 2005-01-02 21:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2009-10-21 00:36 . 2009-10-21 00:36	--------	d-----w-	c:\program files\Common Files\INCA Shared
2009-10-20 19:13 . 2009-10-20 19:13	--------	d-----w-	c:\programdata\Nexon
2009-10-19 19:02 . 2009-04-11 06:28	1336320	----a-w-	c:\windows\system32\msxml6.dll
2009-10-19 19:01 . 2009-04-11 06:28	61440	----a-w-	c:\windows\system32\wscsvc.dll
2009-10-19 01:47 . 2009-01-30 20:29	15656	----a-w-	c:\windows\system32\drivers\wacmoumonitor.sys
2009-10-19 01:41 . 2009-10-19 01:41	320	----a-w-	c:\windows\system32\wacom.dat
2009-10-19 01:35 . 2009-11-04 02:13	8192	d-----w-	c:\users\Kris\.gimp-2.6
2009-10-19 01:35 . 2009-10-19 01:35	--------	d-----w-	c:\program files\GIMP-2.0
2009-10-18 08:58 . 2009-10-18 08:58	--------	d-----w-	c:\users\Kris\AppData\Roaming\NeopleLauncherDFO
2009-10-18 05:47 . 2009-10-27 01:14	90112	----a-w-	c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-10-18 05:47 . 2009-10-27 01:14	118784	----a-w-	c:\programdata\NexonUS\NGM\nxgameus.dll
2009-10-18 05:47 . 2009-10-27 01:14	561152	----a-w-	c:\programdata\NexonUS\NGM\NGMDll.dll
2009-10-18 05:47 . 2009-10-27 01:14	393216	----a-w-	c:\programdata\NexonUS\NGM\NGMResource.dll
2009-10-18 05:47 . 2009-10-27 01:14	258352	----a-w-	c:\programdata\NexonUS\NGM\unicows.dll
2009-10-18 05:47 . 2009-10-27 01:14	167936	----a-w-	c:\programdata\NexonUS\NGM\NGM.exe
2009-10-18 05:47 . 2009-10-18 06:04	--------	d-----w-	c:\programdata\NexonUS
2009-10-18 05:08 . 2009-10-27 05:55	4096	d-----w-	c:\users\Kris\AppData\Local\PMB Files
2009-10-18 05:08 . 2009-10-27 01:14	--------	d-----w-	c:\programdata\PMB Files
2009-10-18 05:08 . 2009-10-18 05:08	--------	d-----w-	c:\program files\Pando Networks
2009-10-18 04:36 . 2009-10-18 04:36	495616	----a-w-	c:\programdata\YoYoGames\d3dx8.dll
2009-10-18 04:36 . 2009-10-18 04:36	1509696	----a-w-	c:\programdata\YoYoGames\yoyo53.exe
2009-10-18 04:36 . 2009-10-18 04:36	--------	d-----w-	c:\programdata\YoYoGames
2009-10-18 04:35 . 2007-09-25 23:13	774144	----a-w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
2009-10-17 11:23 . 2009-10-17 11:23	--------	d-----w-	c:\windows\Sun
2009-10-17 03:02 . 2009-10-17 03:02	--------	d-----w-	c:\program files\EA Games
2009-10-17 03:01 . 2009-09-15 00:58	1291640	----a-w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-10-17 03:01 . 2009-09-15 00:58	729088	----a-w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-10-16 23:59 . 2009-10-17 00:43	--------	d-----w-	c:\users\Kris\AbiSuite
2009-10-16 23:58 . 2009-10-16 23:58	4096	d-----w-	c:\program files\AbiSuite2
2009-10-16 23:24 . 2009-10-16 23:24	4096	d-----w-	c:\program files\Game_Maker7
2009-10-16 08:41 . 2009-10-16 08:41	--------	d-----w-	c:\program files\Java
2009-10-16 08:23 . 2009-10-16 08:41	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-10-16 07:51 . 2007-04-05 01:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2009-10-16 07:51 . 2006-09-28 23:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2009-10-16 05:27 . 2009-06-22 10:09	2048	----a-w-	c:\windows\system32\tzres.dll
2009-10-16 05:20 . 2009-10-01 17:29	195440	------w-	c:\windows\system32\MpSigStub.exe
2009-10-16 05:01 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32\netfxperf.dll
2009-10-16 05:00 . 2009-09-10 16:48	218624	----a-w-	c:\windows\system32\msv1_0.dll
2009-10-16 05:00 . 2009-07-11 19:01	513536	----a-w-	c:\windows\system32\wlansvc.dll
2009-10-16 05:00 . 2009-04-11 06:28	68096	----a-w-	c:\windows\system32\wlanhlp.dll
2009-10-16 05:00 . 2009-07-11 19:01	302592	----a-w-	c:\windows\system32\wlansec.dll
2009-10-16 05:00 . 2009-07-11 19:01	293376	----a-w-	c:\windows\system32\wlanmsm.dll
2009-10-16 05:00 . 2009-07-11 19:01	65024	----a-w-	c:\windows\system32\wlanapi.dll
2009-10-16 05:00 . 2009-07-11 17:03	127488	----a-w-	c:\windows\system32\L2SecHC.dll
2009-10-16 05:00 . 2009-08-14 16:27	904776	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-10-16 05:00 . 2009-08-14 13:48	30720	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2009-10-16 05:00 . 2009-08-14 13:48	105984	----a-w-	c:\windows\system32\netiohlp.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 19:10 . 2009-10-15 23:36	31776	----a-w-	c:\programdata\nvModes.dat
2009-11-04 19:00 . 2008-04-14 03:50	12	----a-w-	c:\windows\bthservsdp.dat
2009-11-04 18:34 . 2009-10-27 01:34	0	----a-r-	c:\windows\win32k.sys
2009-11-04 05:01 . 2009-10-15 23:18	8192	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-31 03:36 . 2009-10-31 04:01	809496	----a-r-	c:\windows\system32\tmp5D48.tmp
2009-10-31 03:36 . 2009-10-31 03:36	809496	----a-r-	c:\windows\system32\tmp5D27.tmp
2009-10-27 23:07 . 2009-10-27 06:02	28424	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-10-27 06:02 . 2009-10-27 06:02	333192	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-10-27 06:02 . 2009-10-25 07:50	4096	d-----w-	c:\programdata\avg9
2009-10-27 02:35 . 2009-10-27 02:34	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2009-10-27 01:49 . 2009-10-27 01:49	--------	d-----w-	c:\users\Kris\AppData\Roaming\InstallShield Installation Information
2009-10-27 01:46 . 2009-10-27 02:00	147456	----a-w-	c:\users\Kris\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll
2009-10-25 20:31 . 2009-10-25 20:31	97792	----a-w-	c:\windows\system32\drivers\ACEDRV05.sys
2009-10-25 07:50 . 2009-10-25 07:50	--------	d-----w-	c:\program files\AVG
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Sidebar
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Journal
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Collaboration
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Calendar
2009-10-21 07:17 . 2006-11-02 11:18	4096	d-----w-	c:\program files\Windows Mail
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Photo Gallery
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Defender
2009-10-21 07:16 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-10-19 01:41 . 2009-10-15 23:18	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-10-15 23:29 . 2009-10-15 23:18	--------	d-----w-	c:\program files\Realtek
2009-10-15 23:19 . 2009-10-15 23:18	--------	d--h--w-	c:\program files\Temp
2009-10-15 23:18 . 2009-10-15 23:18	319456	----a-w-	c:\windows\DIFxAPI.dll
2009-10-15 20:20 . 2009-10-15 20:19	680	----a-w-	c:\users\Kris\AppData\Local\d3d9caps.dat
2009-09-25 16:41 . 2009-09-25 16:41	90112	----a-w-	c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41	696320	----a-w-	c:\windows\system32\DivX.dll
2009-08-27 13:29 . 2009-10-16 04:59	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-16 04:59	834048	----a-w-	c:\windows\system32\wininet.dll
2009-08-14 15:53 . 2009-10-16 04:59	17920	----a-w-	c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-16 04:59	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-16 04:59	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-16 04:59	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-16 04:59	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-16 04:59	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-16 04:59	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-16 04:59	10240	----a-w-	c:\windows\system32\finger.exe
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-10-27 18:45	2325528	----a-w-	c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13736480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-16 149280]
"AVG9_TRAY"="d:\progra~1\AVG\avgtray.exe" [2009-10-27 2010904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,22,9a,36,1f,52,ca,01

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-10-27 6213072]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-09-24 3022158]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-10-27 161800]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2009-10-27 30280]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-27 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-27 360584]
S2 avg9wd;AVG WatchDog;d:\program files\AVG\avgwdsvc.exe [2009-10-27 285392]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-10-27 51656]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-10-27 24368]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Emote-Launcher - c:\program files\Emote\emote\launcher\Emote-Launcher-uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 12:10
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x854A91F8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x854a71f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK 
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\nvvsvc.exe
d:\program files\AVG\avgam.exe
d:\program files\AVG\avgnsx.exe
d:\program files\AVG\avgrsx.exe
d:\program files\AVG\avgchsvx.exe
d:\program files\AVG\avgcsrvx.exe
d:\program files\AVG\avgcsrvx.exe
c:\program files\P4G\BatteryLife.exe
d:\program files\AVG\avgtray.exe
c:\program files\Vidalia Bundle\Privoxy\privoxy.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2009-11-04 12:13 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-04 19:13

Pre-Run: 39,098,175,488 bytes free
Post-Run: 39,599,943,680 bytes free

Thanks again! :D

#6 AmDot

AmDot
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 04 November 2009 - 02:28 PM

Seems that I am now virus free :D

Ran Malwarebytes and actually completed a scan... one more virus was found but it got rid of it no problem.

Thanks again man, you rock.

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:37 PM

Posted 04 November 2009 - 03:39 PM

Almost done but not quite.

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

MBR::


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
=============
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 AmDot

AmDot
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 04 November 2009 - 07:20 PM

Alrighty then, here is the newest log file.

ComboFix 09-11-04.02 - Kris 11/04/2009 17:04.2.2 - NTFSx86
Running from: c:\users\Kris\Desktop\kahda.exe
Command switches used :: c:\users\Kris\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kris\AppData\Local\Temp\~F706.tmp

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


(((((((((((((((((((((((((   Files Created from 2009-10-05 to 2009-11-05  )))))))))))))))))))))))))))))))
.

2009-11-05 00:10 . 2009-11-05 00:13	--------	d-----w-	c:\users\Kris\AppData\Local\temp
2009-11-05 00:10 . 2009-11-05 00:10	--------	d-----w-	c:\users\Public\AppData\Local\temp
2009-11-05 00:10 . 2009-11-05 00:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2009-11-04 20:59 . 2009-11-04 20:59	21840	----a-w-	c:\windows\system32\SIntfNT.dll
2009-11-04 20:59 . 2009-11-04 20:59	17212	----a-w-	c:\windows\system32\SIntf32.dll
2009-11-04 20:59 . 2009-11-04 20:59	12067	----a-w-	c:\windows\system32\SIntf16.dll
2009-11-04 20:44 . 2009-11-04 21:00	36066	----a-w-	c:\windows\DIIUnin.dat
2009-11-04 20:44 . 2009-11-04 20:44	94208	----a-w-	c:\windows\DIIUnin.exe
2009-11-04 20:44 . 2009-11-04 20:44	2829	----a-w-	c:\windows\DIIUnin.pif
2009-11-04 18:46 . 2009-11-04 19:14	--------	d-----w-	C:\kahda
2009-11-04 04:23 . 2009-11-04 04:23	--------	d-----w-	c:\program files\Bethesda Softworks
2009-11-04 04:22 . 2009-11-04 04:22	--------	d-----w-	c:\users\Kris\AppData\Local\Oblivion
2009-11-03 10:18 . 2009-11-03 10:18	--------	d-----w-	C:\Malwarebytes' Anti-Malware
2009-11-03 10:06 . 2009-11-03 10:10	--------	d-----w-	c:\program files\mbam
2009-11-02 02:43 . 2009-11-02 02:43	--------	d-----w-	c:\users\Kris\AppData\Roaming\DivX
2009-10-31 06:12 . 2009-10-31 06:13	4096	d-----w-	C:\MinGW
2009-10-31 04:01 . 2009-10-31 04:01	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2009-10-31 04:01 . 2009-10-31 04:01	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2009-10-31 04:01 . 2009-10-31 04:01	--------	d-----w-	c:\program files\OpenAL
2009-10-31 03:48 . 2009-10-31 03:48	--------	d-----w-	c:\users\Kris\AppData\Roaming\runic games
2009-10-31 03:44 . 2009-10-31 03:44	--------	d-----w-	c:\program files\Runic Games
2009-10-31 03:32 . 2009-10-31 03:32	--------	d-----w-	c:\programdata\Estsoft
2009-10-31 01:18 . 2009-10-31 03:32	--------	d-----w-	c:\users\Kris\AppData\Roaming\ESTsoft
2009-10-31 01:18 . 2009-10-31 01:18	--------	d-----w-	c:\program files\ESTsoft
2009-10-31 00:27 . 2009-10-31 00:27	--------	d-----w-	c:\program files\Conduit
2009-10-31 00:27 . 2009-10-31 00:27	--------	d-----w-	c:\program files\XfireXO
2009-10-31 00:27 . 2009-10-07 00:10	52224	------w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
2009-10-31 00:27 . 2009-10-07 00:10	114688	------w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\npmozax.dll
2009-10-31 00:27 . 2009-10-31 23:43	--------	d-----w-	c:\users\Kris\AppData\Roaming\Xfire
2009-10-31 00:27 . 2009-10-31 00:29	--------	d-----w-	c:\programdata\Xfire
2009-10-31 00:27 . 2009-10-31 00:27	8192	d-----w-	c:\program files\Xfire
2009-10-29 21:02 . 2009-10-29 21:02	--------	d-----w-	c:\windows\FOOK2
2009-10-27 23:07 . 2009-10-27 06:02	161672	----a-w-	c:\programdata\avg9\update\backup\avgrkx86.sys
2009-10-27 23:07 . 2009-10-27 06:02	356616	----a-w-	c:\programdata\avg9\update\backup\avgtdix.sys
2009-10-27 23:07 . 2009-10-27 06:02	28424	----a-w-	c:\programdata\avg9\update\backup\avgmfx86.sys
2009-10-27 23:06 . 2009-10-27 06:02	875288	----a-w-	c:\programdata\avg9\update\backup\avgupd.exe
2009-10-27 23:06 . 2009-10-27 06:02	1656088	----a-w-	c:\programdata\avg9\update\backup\avgupd.dll
2009-10-27 10:49 . 2009-10-27 06:02	927000	----a-w-	c:\programdata\avg9\update\backup\avglvex.dll
2009-10-27 10:17 . 2009-11-04 19:31	4096	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-10-27 10:16 . 2009-11-04 18:59	--------	d--h--w-	c:\windows\PIF
2009-10-27 09:58 . 2009-10-27 09:58	--------	d-----w-	c:\program files\Trend Micro
2009-10-27 09:44 . 2009-10-27 09:44	52624	----a-w-	c:\windows\system32\PxSecure.dll
2009-10-27 09:44 . 2009-10-27 09:44	51656	----a-w-	c:\windows\system32\drivers\pxrts.sys
2009-10-27 09:44 . 2009-10-27 09:44	30280	----a-w-	c:\windows\system32\drivers\pxscan.sys
2009-10-27 09:44 . 2009-10-27 09:44	24368	----a-w-	c:\windows\system32\drivers\pxkbf.sys
2009-10-27 09:44 . 2009-10-27 09:44	--------	d-----w-	c:\program files\Prevx
2009-10-27 09:44 . 2009-10-27 09:49	--------	d-----w-	c:\programdata\PrevxCSI
2009-10-27 09:35 . 2009-10-27 09:35	--------	d-----w-	c:\users\Kris\AppData\Roaming\Malwarebytes
2009-10-27 09:35 . 2009-10-27 09:35	--------	d-----w-	c:\programdata\Malwarebytes
2009-10-27 06:02 . 2009-10-27 06:22	--------	d-----w-	C:\$AVG
2009-10-27 06:02 . 2009-10-27 06:02	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2009-10-27 06:02 . 2009-10-27 23:07	161800	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2009-10-25 07:34 . 2009-10-25 07:34	--------	d-----w-	c:\program files\ReflexiveArcade
2009-10-25 05:54 . 2009-10-25 05:54	138056	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-10-25 05:54 . 2009-10-25 05:54	138056	----a-w-	c:\users\Kris\AppData\Roaming\PnkBstrK.sys
2009-10-25 05:53 . 2009-10-25 05:54	189248	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-10-25 05:53 . 2009-10-25 05:53	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-10-25 05:53 . 2009-10-25 05:53	2395944	----a-w-	c:\windows\system32\pbsvc_heroes.exe
2009-10-25 04:46 . 2009-10-25 04:46	--------	d-----w-	c:\users\Kris\AppData\Local\ArmA 2 Demo
2009-10-24 01:29 . 2009-10-24 01:36	4096	d-----w-	c:\program files\MagicISO
2009-10-24 01:26 . 2009-10-24 01:26	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2009-10-24 01:26 . 2009-10-24 01:26	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2009-10-24 01:25 . 2009-10-24 01:26	4096	d-----w-	c:\program files\DAEMON Tools Lite
2009-10-24 01:05 . 2005-06-24 23:24	438272	----a-r-	c:\windows\system32\vp6vfw.dll
2009-10-23 21:09 . 2009-10-09 02:27	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-10-23 21:09 . 2009-10-23 21:09	8192	d-----w-	c:\program files\ffdshow
2009-10-23 21:08 . 2009-10-23 21:08	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2009-10-23 21:08 . 2009-10-23 21:08	8192	d-----w-	c:\program files\DivX
2009-10-23 21:08 . 2009-10-23 21:08	4096	d-----w-	c:\program files\Common Files\DivX Shared
2009-10-23 20:59 . 2009-10-23 21:07	4096	d-----w-	c:\program files\Xvid
2009-10-23 20:59 . 2009-06-07 23:24	180224	----a-w-	c:\windows\system32\xvidvfw.dll
2009-10-23 20:59 . 2009-06-07 23:16	819200	----a-w-	c:\windows\system32\xvidcore.dll
2009-10-23 10:40 . 1999-12-17 15:13	86016	----a-w-	c:\windows\unvise32.exe
2009-10-22 19:41 . 2009-10-22 19:41	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-10-22 19:40 . 2009-10-24 01:50	--------	d-----w-	c:\users\Kris\AppData\Roaming\DAEMON Tools Lite
2009-10-21 11:11 . 2009-10-21 11:35	--------	d-----w-	c:\users\Kris\AppData\Roaming\Tor
2009-10-21 11:11 . 2009-10-21 11:15	--------	d-----w-	c:\users\Kris\AppData\Roaming\Vidalia
2009-10-21 11:11 . 2009-10-21 11:12	4096	d-----w-	c:\program files\Vidalia Bundle
2009-10-21 07:16 . 2009-10-21 07:17	--------	d-----w-	c:\windows\system32\ca-ES
2009-10-21 07:16 . 2009-10-21 07:17	--------	d-----w-	c:\windows\system32\eu-ES
2009-10-21 07:16 . 2009-10-21 07:17	--------	d-----w-	c:\windows\system32\vi-VN
2009-10-21 06:36 . 2009-10-21 06:36	--------	d-----w-	c:\windows\system32\EventProviders
2009-10-21 02:30 . 2009-11-04 01:36	--------	d-----w-	c:\users\Kris\AppData\Roaming\gtk-2.0
2009-10-21 02:30 . 2009-10-21 02:30	--------	d-----w-	c:\users\Kris\.thumbnails
2009-10-21 00:36 . 2005-01-02 21:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2009-10-21 00:36 . 2009-10-21 00:36	--------	d-----w-	c:\program files\Common Files\INCA Shared
2009-10-20 19:13 . 2009-10-20 19:13	--------	d-----w-	c:\programdata\Nexon
2009-10-19 19:02 . 2009-04-11 06:28	1336320	----a-w-	c:\windows\system32\msxml6.dll
2009-10-19 19:01 . 2009-04-11 06:28	61440	----a-w-	c:\windows\system32\wscsvc.dll
2009-10-19 01:47 . 2009-01-30 20:29	15656	----a-w-	c:\windows\system32\drivers\wacmoumonitor.sys
2009-10-19 01:41 . 2009-10-19 01:41	320	----a-w-	c:\windows\system32\wacom.dat
2009-10-19 01:35 . 2009-11-04 02:13	--------	d-----w-	c:\users\Kris\.gimp-2.6
2009-10-19 01:35 . 2009-10-19 01:35	--------	d-----w-	c:\program files\GIMP-2.0
2009-10-18 08:58 . 2009-10-18 08:58	--------	d-----w-	c:\users\Kris\AppData\Roaming\NeopleLauncherDFO
2009-10-18 05:47 . 2009-10-27 01:14	90112	----a-w-	c:\programdata\NexonUS\NGM\npNxGameUS.dll
2009-10-18 05:47 . 2009-10-27 01:14	118784	----a-w-	c:\programdata\NexonUS\NGM\nxgameus.dll
2009-10-18 05:47 . 2009-10-27 01:14	561152	----a-w-	c:\programdata\NexonUS\NGM\NGMDll.dll
2009-10-18 05:47 . 2009-10-27 01:14	393216	----a-w-	c:\programdata\NexonUS\NGM\NGMResource.dll
2009-10-18 05:47 . 2009-10-27 01:14	258352	----a-w-	c:\programdata\NexonUS\NGM\unicows.dll
2009-10-18 05:47 . 2009-10-27 01:14	167936	----a-w-	c:\programdata\NexonUS\NGM\NGM.exe
2009-10-18 05:47 . 2009-10-18 06:04	--------	d-----w-	c:\programdata\NexonUS
2009-10-18 05:08 . 2009-10-27 05:55	--------	d-----w-	c:\users\Kris\AppData\Local\PMB Files
2009-10-18 05:08 . 2009-10-27 01:14	--------	d-----w-	c:\programdata\PMB Files
2009-10-18 05:08 . 2009-10-18 05:08	--------	d-----w-	c:\program files\Pando Networks
2009-10-18 04:36 . 2009-10-18 04:36	495616	----a-w-	c:\programdata\YoYoGames\d3dx8.dll
2009-10-18 04:36 . 2009-10-18 04:36	1509696	----a-w-	c:\programdata\YoYoGames\yoyo53.exe
2009-10-18 04:36 . 2009-10-18 04:36	--------	d-----w-	c:\programdata\YoYoGames
2009-10-18 04:35 . 2007-09-25 23:13	774144	----a-w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
2009-10-17 11:23 . 2009-10-17 11:23	--------	d-----w-	c:\windows\Sun
2009-10-17 03:02 . 2009-10-17 03:02	--------	d-----w-	c:\program files\EA Games
2009-10-17 03:01 . 2009-09-15 00:58	1291640	----a-w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-10-17 03:01 . 2009-09-15 00:58	729088	----a-w-	c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-10-16 23:59 . 2009-10-17 00:43	--------	d-----w-	c:\users\Kris\AbiSuite
2009-10-16 23:58 . 2009-10-16 23:58	4096	d-----w-	c:\program files\AbiSuite2
2009-10-16 23:24 . 2009-10-16 23:24	4096	d-----w-	c:\program files\Game_Maker7
2009-10-16 08:41 . 2009-10-16 08:41	--------	d-----w-	c:\program files\Java
2009-10-16 08:23 . 2009-10-16 08:41	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-10-16 07:51 . 2007-04-05 01:53	81768	----a-w-	c:\windows\system32\xinput1_3.dll
2009-10-16 07:51 . 2006-09-28 23:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2009-10-16 05:27 . 2009-06-22 10:09	2048	----a-w-	c:\windows\system32\tzres.dll
2009-10-16 05:20 . 2009-10-01 17:29	195440	------w-	c:\windows\system32\MpSigStub.exe
2009-10-16 05:01 . 2008-07-27 18:03	41984	----a-w-	c:\windows\system32\netfxperf.dll
2009-10-16 05:00 . 2009-09-10 16:48	218624	----a-w-	c:\windows\system32\msv1_0.dll
2009-10-16 05:00 . 2009-07-11 19:01	513536	----a-w-	c:\windows\system32\wlansvc.dll
2009-10-16 05:00 . 2009-04-11 06:28	68096	----a-w-	c:\windows\system32\wlanhlp.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 00:13 . 2009-10-15 23:36	31776	----a-w-	c:\programdata\nvModes.dat
2009-11-05 00:11 . 2008-04-14 03:50	12	----a-w-	c:\windows\bthservsdp.dat
2009-11-04 05:01 . 2009-10-15 23:18	8192	d--h--w-	c:\program files\InstallShield Installation Information
2009-10-31 03:36 . 2009-10-31 04:01	809496	----a-r-	c:\windows\system32\tmp5D48.tmp
2009-10-31 03:36 . 2009-10-31 03:36	809496	----a-r-	c:\windows\system32\tmp5D27.tmp
2009-10-27 23:07 . 2009-10-27 06:02	360584	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-10-27 23:07 . 2009-10-27 06:02	28424	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-10-27 06:02 . 2009-10-27 06:02	333192	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-10-27 06:02 . 2009-10-25 07:50	4096	d-----w-	c:\programdata\avg9
2009-10-27 02:35 . 2009-10-27 02:34	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2009-10-27 01:49 . 2009-10-27 01:49	--------	d-----w-	c:\users\Kris\AppData\Roaming\InstallShield Installation Information
2009-10-27 01:46 . 2009-10-27 02:00	147456	----a-w-	c:\users\Kris\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\_setup.dll
2009-10-25 20:31 . 2009-10-25 20:31	97792	----a-w-	c:\windows\system32\drivers\ACEDRV05.sys
2009-10-25 07:50 . 2009-10-25 07:50	--------	d-----w-	c:\program files\AVG
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Sidebar
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Journal
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Collaboration
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Calendar
2009-10-21 07:17 . 2006-11-02 11:18	4096	d-----w-	c:\program files\Windows Mail
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Photo Gallery
2009-10-21 07:17 . 2006-11-02 12:37	4096	d-----w-	c:\program files\Windows Defender
2009-10-21 07:16 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-10-19 01:41 . 2009-10-15 23:18	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-10-15 23:29 . 2009-10-15 23:18	--------	d-----w-	c:\program files\Realtek
2009-10-15 23:19 . 2009-10-15 23:18	--------	d--h--w-	c:\program files\Temp
2009-10-15 23:18 . 2009-10-15 23:18	319456	----a-w-	c:\windows\DIFxAPI.dll
2009-10-15 20:20 . 2009-10-15 20:19	680	----a-w-	c:\users\Kris\AppData\Local\d3d9caps.dat
2009-09-25 16:41 . 2009-09-25 16:41	90112	----a-w-	c:\windows\system32\dpl100.dll
2009-09-25 16:41 . 2009-09-25 16:41	856064	----a-w-	c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41	856064	----a-w-	c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41	847872	----a-w-	c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41	843776	----a-w-	c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41	839680	----a-w-	c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41	696320	----a-w-	c:\windows\system32\DivX.dll
2009-08-27 13:29 . 2009-10-16 04:59	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-08-27 12:40 . 2009-10-16 04:59	834048	----a-w-	c:\windows\system32\wininet.dll
2009-08-14 15:53 . 2009-10-16 04:59	17920	----a-w-	c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-16 04:59	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-16 04:59	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-16 04:59	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-16 04:59	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-16 04:59	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-16 04:59	19968	----a-w-	c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-16 04:59	10240	----a-w-	c:\windows\system32\finger.exe
2009-09-25 16:41 . 2009-09-25 16:41	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-10-27 18:45	2325528	----a-w-	c:\program files\XfireXO\tbXfir.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-10-27 2325528]

[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-15 13736480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-16 149280]
"AVG9_TRAY"="d:\progra~1\AVG\avgtray.exe" [2009-10-27 2010904]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c8,22,9a,36,1f,52,ca,01

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-10-27 6213072]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-09-24 3022158]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-10-27 161800]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2009-10-27 30280]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-27 333192]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-27 360584]
S2 avg9wd;AVG WatchDog;d:\program files\AVG\avgwdsvc.exe [2009-10-27 285392]
S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-10-27 51656]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-10-27 24368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.asus.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - component: c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: d:\program files\AVG\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\mpy9ynam.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************
scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
d:\program files\AVG\avgam.exe
d:\program files\AVG\avgnsx.exe
c:\windows\servicing\TrustedInstaller.exe
d:\program files\AVG\avgrsx.exe
d:\program files\AVG\avgchsvx.exe
d:\program files\AVG\avgcsrvx.exe
c:\program files\P4G\BatteryLife.exe
d:\program files\AVG\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-11-05 17:18 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-05 00:18
ComboFix2.txt  2009-11-04 19:13

Pre-Run: 42,400,751,616 bytes free
Post-Run: 41,775,366,144 bytes free

:D

Thanks again man, you rock :(

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:37 PM

Posted 04 November 2009 - 09:03 PM

There you go now that's a clean log.
You will need to install an antivirus to help keep this from happening again.
The first thing I will need you to do is to download only ONE of these anti-virus programs and install it.
These are free.

This is antivirus and antispyware.
Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.
AVG free 8.5


This is just antivirus protection.
Antivir
=============
=======Cleanup=======
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
======Next======
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
===============Update Java===============

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================Clear out infected System Restore points======================


Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================
After that your all set. :(


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

Edited by kahdah, 04 November 2009 - 09:03 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 AmDot

AmDot
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 05 November 2009 - 07:00 PM

Aaaah that fresh computer scent. Thanks a million man. Kinda nice to have someone out there willing to help out without requiring a million dollar bill ;)

Next time I get a paycheck I'll donate, but don't expect to horribly much, as I am broke as hell lol.

Thanks one last time man

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:37 PM

Posted 06 November 2009 - 07:11 AM

You are welcome :(


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :(

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users