Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

newbiie here


  • This topic is locked This topic is locked
10 replies to this topic

#1 chrickt67

chrickt67

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 11 November 2009 - 04:43 PM

Hi i am new at this so plz be patient with me i think i may have some malware/spyware on my pc . it takes my pc almost 2 min to boot and the i always get web pages that won't load and pc runs really slow .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:55 PM, on 11/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCure\RegCure.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [lxdmmon.exe] "C:\Program Files\Lexmark 5000 Series\lxdmmon.exe"
O4 - HKLM\..\Run: [lxdmamon] "C:\Program Files\Lexmark 5000 Series\lxdmamon.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: lxdmCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdmserv.exe
O23 - Service: lxdm_device - - C:\Windows\system32\lxdmcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8194 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:14 AM

Posted 20 November 2009 - 05:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 chrickt67

chrickt67
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 20 November 2009 - 08:41 PM

here are the OTL RESULTS


OTL logfile created on: 11/20/2009 8:33:35 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Users\ace\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.83 Gb Total Space | 158.09 Gb Free Space | 67.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACE-PC
Current User Name: ace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/20 20:33:17 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\ace\Downloads\OTL(2).exe
PRC - [2009/11/06 21:13:37 | 00,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/11/06 12:07:18 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/10/20 15:58:16 | 00,659,376 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/09/10 14:54:02 | 00,269,648 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/07/30 10:29:42 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009/05/26 20:06:32 | 04,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/11 01:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/10 23:44:57 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/08/29 13:20:18 | 06,296,192 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
PRC - [2008/02/15 17:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\stacsv.exe
PRC - [2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/18 22:33:10 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/18 22:33:10 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/07/06 03:53:08 | 00,455,344 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
PRC - [2007/06/07 20:05:52 | 00,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdmcoms.exe
PRC - [2007/06/01 07:06:10 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
PRC - [2006/11/05 10:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2006/08/04 15:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2009/11/20 20:33:17 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Users\ace\Downloads\OTL(2).exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/06 21:13:37 | 00,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/10/20 20:39:28 | 00,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/10/20 15:58:16 | 00,659,376 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/10/20 15:58:16 | 00,659,376 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/10 14:54:02 | 00,269,648 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/07/30 10:29:42 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009/03/29 23:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 13:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 13:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 13:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 23:44:57 | 00,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/08/29 13:20:18 | 06,296,192 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe -- (MySQL)
SRV - [2008/02/15 17:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\stacsv.exe -- (STacSV)
SRV - [2008/01/18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/06 17:28:44 | 00,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007/06/07 20:05:52 | 00,598,960 | ---- | M] ( ) -- C:\Windows\System32\lxdmcoms.exe -- (lxdm_device)
SRV - [2007/06/07 20:05:44 | 00,099,248 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe -- (lxdmCATSCustConnectService)
SRV - [2006/11/05 10:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/11/05 10:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006/08/04 15:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/16 12:42:39 | 00,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/06 21:13:37 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/10/25 22:11:18 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/14 21:18:34 | 00,036,880 | ---- | M] (Kaspersky Lab) -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:36 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:46:36 | 00,021,520 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/09/01 15:29:50 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/08/17 20:04:04 | 00,040,576 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\System32\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV - [2009/04/10 23:42:54 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio)
DRV - [2008/09/17 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/18 13:04:44 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2008/04/07 18:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/02/15 17:27:02 | 00,330,752 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 13:12:34 | 00,012,800 | ---- | M] (EldoS Corporation) -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2007/08/09 17:12:30 | 00,110,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/02/21 14:49:47 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 14:49:47 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 14:49:47 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/09 11:34:16 | 00,051,768 | ---- | M] (Roxio) -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 19:05:30 | 00,028,120 | ---- | M] (Roxio) -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 00,012,856 | ---- | M] (Roxio) -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/06 00:59:42 | 00,035,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/06 00:59:34 | 00,086,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/21 04:25:44 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:53 | 00,251,904 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 02:41:50 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/26 15:22:02 | 00,009,400 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 00,094,648 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 00,035,096 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 00,097,848 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 00,026,296 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 00,032,472 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 00,014,520 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 00,104,536 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/10/18 09:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 09:08:18 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 09:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 15:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/21 10:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/06/19 12:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/04/16 01:20:14 | 00,090,700 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2002/10/01 15:43:32 | 00,119,798 | ---- | M] (SP) -- C:\Windows\System32\drivers\SPCA561.SYS -- (CA561)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15153&l=dis
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\..\URLSearchHook: {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\S-1-5-21-892561943-1508116293-3273268530-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "infernalrockradio Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {82b2e8e1-404d-48d6-9599-c6bb1f1bbe3f}:2.3.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 09:29:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/20 18:55:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/14 10:23:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/13 19:38:27 | 00,000,000 | ---D | M]

[2009/05/04 22:34:12 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Extensions
[2008/06/18 10:11:03 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 15:34:51 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
[2009/05/04 22:34:12 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/20 18:56:31 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\extensions
[2009/06/26 13:21:32 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/15 18:18:01 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\extensions\{82b2e8e1-404d-48d6-9599-c6bb1f1bbe3f}
[2009/10/19 08:39:23 | 00,000,000 | ---D | M] -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/02 14:52:02 | 00,002,257 | ---- | M] () -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\searchplugins\askcom.xml
[2008/10/21 01:11:52 | 00,000,896 | ---- | M] () -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\searchplugins\conduit.xml
[2008/06/18 11:55:11 | 00,001,620 | ---- | M] () -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\searchplugins\mozilla-add-ons.xml
[2008/10/17 08:50:17 | 00,000,276 | ---- | M] () -- C:\Users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\searchplugins\search.xml
[2009/11/20 18:56:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 12:07:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/20 23:34:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/15 20:14:48 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/13 20:34:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/11/13 19:39:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/11/06 12:07:17 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 12:07:17 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 12:07:20 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/11/20 19:04:50 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/09/23 15:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/08/14 17:58:00 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/14 17:58:00 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2007/07/26 11:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009/08/14 17:58:00 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/14 17:58:00 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/14 17:58:00 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/14 17:58:00 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/14 17:58:00 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (354673 bytes) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 11801 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\..\Toolbar\WebBrowser: (no name) - {D84741B3-22E1-4C15-BBD4-6B2ACE2F57DF} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-892561943-1508116293-3273268530-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-892561943-1508116293-3273268530-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-892561943-1508116293-3273268530-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab (Reg Error: Value error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP9\mzvkbd3.dll) - C:\ProgramData\AVP9\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP9\kloehk.dll) - C:\ProgramData\AVP9\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (""") - File not found
O34 - HKLM BootExecute: (utocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*""") - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/20 17:12:02 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\QuickScan
[2009/11/19 22:08:22 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/11/18 23:24:26 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/11/18 23:24:26 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/11/17 16:45:13 | 00,000,000 | ---D | C] -- C:\Program Files\InCode Solutions
[2009/11/17 10:34:06 | 00,000,000 | ---D | C] -- C:\Users\ace\Documents\ConvertXToDVD
[2009/11/16 20:08:21 | 01,613,824 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2009/11/16 20:08:21 | 00,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2009/11/16 20:06:05 | 00,527,872 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2009/11/16 20:06:05 | 00,330,752 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2009/11/16 20:06:05 | 00,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2009/11/16 20:06:04 | 00,312,320 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2009/11/16 20:06:04 | 00,150,016 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st325866.dll
[2009/11/16 19:50:51 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverScanner
[2009/11/16 19:50:51 | 00,000,000 | ---D | C] -- C:\ProgramData\DriverScanner
[2009/11/16 19:46:45 | 00,000,000 | -H-D | C] -- C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/11/16 19:46:45 | 00,000,000 | -H-D | C] -- C:\ProgramData\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/11/15 20:12:47 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\vlc
[2009/11/15 11:30:50 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2009/11/15 00:02:56 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Local\Axialis
[2009/11/14 22:40:15 | 00,000,000 | ---D | C] -- C:\Users\ace\Documents\Kaspersky Skins
[2009/11/13 20:34:53 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/13 20:34:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/13 20:34:53 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/13 19:38:59 | 00,000,000 | -H-D | C] -- C:\ProgramData\AVP9
[2009/11/13 19:38:59 | 00,000,000 | -H-D | C] -- C:\ProgramData\AVP9
[2009/11/13 19:37:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/11/13 19:37:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/11/13 19:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/11/13 19:37:31 | 00,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2009/11/13 19:36:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/13 19:36:26 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/11/11 18:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\Uninstall Tool
[2009/11/10 13:56:14 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/10 13:56:10 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/09 21:48:35 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Local\Adobe
[2009/11/08 15:21:01 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Local\Apple
[2009/11/08 13:08:41 | 00,000,000 | R--D | C] -- C:\Users\ace\Documents\Notes
[2009/11/08 12:52:15 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\Notepad++
[2009/11/08 12:52:15 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/11/08 00:02:52 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009/11/08 00:02:52 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009/11/08 00:02:51 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/11/07 22:48:05 | 00,000,000 | ---D | C] -- C:\Program Files\Free 3D Castle Screensaver
[2009/11/07 14:52:47 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\CleanMyPC Software
[2009/11/06 21:13:36 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\Spyware Terminator
[2009/11/06 21:13:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2009/11/06 21:13:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2009/11/06 21:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/11/06 20:59:07 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\PC Tools
[2009/11/03 09:50:21 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/03 09:50:19 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/03 00:58:35 | 00,000,000 | ---D | C] -- C:\Windows\FreeFireplace
[2009/11/03 00:58:21 | 00,000,000 | ---D | C] -- C:\ProgramData\OurScreensavers
[2009/11/03 00:58:21 | 00,000,000 | ---D | C] -- C:\ProgramData\OurScreensavers
[2009/11/02 23:39:54 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\TERMINAL Studio
[2009/11/02 23:39:48 | 00,092,216 | ---- | C] (Un4seen Developments) -- C:\Windows\System32\bass.dll
[2009/11/02 15:48:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/02 15:48:04 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/02 15:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 22:24:27 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/29 22:24:26 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/29 22:24:26 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/29 22:24:26 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/29 22:24:13 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/29 22:24:13 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/29 22:24:13 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/29 22:24:07 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/29 22:24:07 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/28 07:57:20 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/28 00:03:00 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/10/27 23:51:00 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/10/27 23:51:00 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/10/27 23:50:59 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/10/27 23:50:38 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/27 23:50:38 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/27 23:50:38 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/27 23:50:38 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/27 23:50:37 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/27 23:50:37 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/10/27 23:50:37 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/10/27 23:50:37 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/27 23:50:37 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/10/27 23:50:37 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/27 23:50:37 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/10/27 23:50:37 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/10/27 23:50:37 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/10/27 23:50:37 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/27 23:50:37 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/10/27 23:50:37 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/27 23:50:36 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/10/27 23:50:36 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/10/27 23:50:36 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/10/27 23:50:36 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/10/27 23:50:36 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/10/27 23:50:36 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/10/27 23:50:36 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/10/27 23:50:36 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/10/27 23:50:36 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/10/27 23:50:36 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/10/27 23:50:36 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/10/27 23:50:16 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/10/27 23:50:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/10/27 23:50:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/10/27 23:50:15 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/10/27 23:50:14 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/10/27 23:50:14 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/10/27 23:50:14 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/10/27 23:50:13 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/10/27 23:50:13 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/10/27 23:50:13 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/27 23:50:13 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/10/27 23:50:13 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/27 23:50:13 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/10/27 23:50:12 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/10/27 23:50:12 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/10/27 23:50:12 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/27 23:49:30 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/10/27 23:49:29 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/10/27 23:49:29 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/10/27 23:47:44 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/27 23:47:39 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/27 23:47:36 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/26 17:02:35 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/10/26 17:02:35 | 00,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2009/10/26 16:54:33 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2009/10/25 10:14:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/25 10:14:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/25 10:14:34 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/25 09:58:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/25 09:55:01 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/10/25 09:54:56 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/10/25 09:54:56 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/10/25 09:54:49 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/10/25 09:54:49 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/10/25 09:54:46 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/10/25 09:54:42 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/10/25 09:54:40 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/10/25 09:54:38 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/10/25 09:54:35 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/10/25 09:54:35 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/10/25 09:54:34 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/10/25 09:54:33 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/10/25 09:54:33 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/10/25 09:54:31 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/10/25 09:54:30 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/10/25 09:54:29 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/10/25 09:54:29 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/10/25 09:54:29 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/10/25 09:54:29 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/10/25 09:54:26 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/10/25 09:54:24 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/10/25 09:54:24 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/10/25 09:54:22 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/10/25 09:54:22 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/10/25 09:54:21 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/10/25 09:54:20 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/10/25 09:54:20 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/10/25 09:54:19 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/10/25 09:54:18 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/10/25 09:54:17 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/10/25 09:54:16 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/10/25 09:54:15 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/10/25 09:54:14 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/10/25 09:54:14 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/10/25 09:54:13 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/10/25 09:54:13 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/10/25 09:54:13 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/10/25 09:54:12 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/10/25 09:54:10 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/10/25 09:54:10 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/10/25 09:54:09 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/10/25 09:54:09 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/10/25 09:54:08 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/10/25 09:54:08 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/10/25 09:54:08 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/10/25 09:54:08 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/10/25 09:54:07 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/10/25 09:54:07 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/10/25 09:54:07 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/10/25 09:54:07 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/10/25 09:54:04 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/10/25 09:54:04 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/10/25 09:54:03 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/10/25 09:54:02 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/10/25 09:54:01 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/10/25 09:54:01 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/10/25 09:54:00 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/10/25 09:54:00 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/10/25 09:54:00 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/10/25 09:53:59 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/10/25 09:53:59 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/10/25 09:53:59 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/10/25 09:53:58 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/10/25 09:53:58 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/10/25 09:53:58 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/10/25 09:53:57 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/25 09:53:57 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/10/25 09:53:56 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/10/25 09:53:56 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/10/25 09:53:56 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/10/25 09:53:55 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/10/25 09:53:55 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/10/25 09:53:54 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/10/25 09:53:53 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/10/25 09:53:53 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/10/25 09:53:53 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/10/25 09:53:52 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/10/25 09:53:52 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/10/25 09:53:52 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/10/25 09:53:52 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/10/25 09:53:52 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/10/25 09:53:51 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/10/25 09:53:50 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/10/25 09:53:50 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/10/25 09:53:50 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/10/25 09:53:49 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/10/25 09:53:49 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/10/25 09:53:47 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/10/25 09:53:47 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/10/25 09:53:47 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/10/25 09:53:46 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/10/25 09:53:46 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/10/25 09:53:46 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/10/25 09:53:39 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/10/25 09:53:39 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/10/25 09:53:37 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/10/25 09:53:36 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/10/25 09:53:36 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/10/25 09:53:36 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/10/25 09:53:36 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/25 09:53:36 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/10/25 09:53:35 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/10/25 09:53:35 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/10/25 09:53:34 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/10/25 09:53:33 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/10/25 09:53:33 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/10/25 09:53:32 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/10/25 09:53:32 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/10/25 09:53:32 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/10/25 09:53:32 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/10/25 09:53:31 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/10/25 09:53:31 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/10/25 09:53:31 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/10/25 09:53:31 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/10/25 09:53:31 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/10/25 09:53:30 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/25 09:53:30 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/10/25 09:53:28 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/10/25 09:53:28 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/10/25 09:53:27 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/10/25 09:53:26 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/10/25 09:53:26 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/10/25 09:53:25 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/10/25 09:53:25 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/10/25 09:53:25 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/10/25 09:53:25 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/10/25 09:53:24 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/10/25 09:53:24 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/10/25 09:53:24 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/10/25 09:53:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/10/25 09:53:23 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/10/25 09:53:21 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/10/25 09:53:21 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/10/25 09:53:20 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/10/25 09:53:20 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/10/25 09:53:20 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/10/25 09:53:19 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/10/25 09:53:19 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/10/25 09:53:19 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/10/25 09:53:18 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/10/25 09:53:18 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/10/25 09:53:18 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/10/25 09:53:18 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/10/25 09:53:18 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/10/25 09:53:17 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/10/25 09:53:17 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/10/25 09:53:17 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/10/25 09:53:16 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/10/25 09:53:16 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/10/25 09:53:16 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/10/25 09:53:16 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/10/25 09:53:15 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/10/25 09:53:15 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/10/25 09:53:15 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/10/25 09:53:15 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/10/25 09:53:14 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/10/25 09:53:14 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/10/25 09:53:14 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/10/25 09:53:13 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/10/25 09:53:13 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/10/25 09:53:13 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/10/25 09:53:13 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/10/25 09:53:12 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/10/25 09:53:11 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/10/25 09:53:11 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/10/25 09:53:11 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/10/25 09:53:10 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/10/25 09:53:09 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/10/25 09:53:08 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/10/25 09:53:08 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/10/25 09:53:08 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/10/25 09:53:06 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/10/25 09:53:06 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/10/25 09:53:05 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/10/25 09:53:05 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/10/25 09:53:04 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/10/25 09:53:03 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/10/25 09:53:03 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/10/25 09:53:03 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/10/25 09:53:03 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/10/25 09:53:03 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/10/25 09:53:03 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/10/25 09:53:03 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/10/25 09:53:03 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/10/25 09:53:03 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/10/25 09:53:02 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/10/25 09:53:01 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/10/25 09:53:01 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/10/25 09:53:01 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/10/25 09:53:00 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/10/25 09:53:00 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/10/25 09:53:00 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/10/25 09:53:00 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/10/25 09:53:00 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/10/25 09:53:00 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/10/25 09:52:59 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/10/25 09:52:59 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/10/25 09:52:59 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/10/25 09:52:59 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/10/25 09:52:58 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/10/25 09:52:58 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/10/25 09:52:58 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/10/25 09:52:58 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/10/25 09:52:57 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/10/25 09:52:57 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/10/25 09:52:57 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/10/25 09:52:57 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/10/25 09:52:57 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/10/25 09:52:57 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/10/25 09:52:57 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/10/25 09:52:57 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/10/25 09:52:57 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/10/25 09:52:56 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/10/25 09:52:56 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/10/25 09:52:56 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/10/25 09:52:55 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/10/25 09:52:55 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/10/25 09:52:55 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/10/25 09:52:55 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/10/25 09:52:55 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/10/25 09:52:55 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/10/25 09:52:55 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/10/25 09:52:55 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/10/25 09:52:54 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/10/25 09:52:54 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/10/25 09:52:54 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/10/25 09:52:53 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/10/25 09:52:53 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/10/25 09:52:53 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/10/25 09:52:53 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/10/25 09:52:52 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/10/25 09:52:52 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/10/25 09:52:52 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/10/25 09:52:52 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/10/25 09:52:51 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/10/25 09:52:51 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/10/25 09:52:51 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/10/25 09:52:51 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/10/25 09:52:51 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/10/25 09:52:50 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/10/25 09:52:50 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/10/25 09:52:50 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/10/25 09:52:50 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/10/25 09:52:49 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/10/25 09:52:49 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/10/25 09:52:48 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/10/25 09:52:48 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/10/25 09:52:48 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/10/25 09:52:48 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/10/25 09:52:48 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/10/25 09:52:47 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/10/25 09:52:47 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/10/25 09:52:47 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/10/25 09:52:47 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/10/25 09:52:47 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/10/25 09:52:46 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/10/25 09:52:46 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/10/25 09:52:46 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/10/25 09:52:46 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/10/25 09:52:46 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/10/25 09:52:46 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/10/25 09:52:46 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/10/25 09:52:45 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/10/25 09:52:45 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/10/25 09:52:45 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/10/25 09:52:45 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/10/25 09:52:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/10/25 09:52:45 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/10/25 09:52:45 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/10/25 09:52:44 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/10/25 09:52:44 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/10/25 09:52:44 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/10/25 09:52:44 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/10/25 09:52:38 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/10/25 09:52:38 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/10/25 09:52:38 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/10/25 09:52:37 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/10/25 09:52:36 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/10/25 09:52:36 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/10/25 09:52:36 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/10/25 09:52:35 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/10/25 09:52:35 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/10/25 09:52:35 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/10/25 09:52:35 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/10/25 09:52:35 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/10/25 09:52:35 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/10/25 09:52:34 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/10/25 09:52:34 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/10/25 09:52:34 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/10/25 09:52:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/10/25 09:52:34 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/10/25 09:52:34 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/10/25 09:52:34 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/10/25 09:52:33 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/10/25 09:52:33 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/10/25 09:52:33 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/10/25 09:52:33 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/10/25 09:52:32 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/10/25 09:52:32 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/10/25 09:52:32 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/10/25 09:52:32 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/10/25 09:52:32 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/10/25 09:52:32 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/10/25 09:52:31 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/10/25 09:52:31 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/10/25 09:52:31 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/10/25 09:52:31 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/10/25 09:52:30 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/10/25 09:52:30 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/10/25 09:52:30 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/10/25 09:52:30 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/10/25 09:52:30 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/10/25 09:52:30 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/10/25 09:52:29 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/10/25 09:52:29 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/10/25 09:52:28 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/10/25 09:52:28 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/10/25 09:52:28 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/10/25 09:52:28 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/10/25 09:52:28 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/10/25 09:52:28 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/10/25 09:52:27 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/10/25 09:52:27 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/10/25 09:52:27 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/10/25 09:52:27 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/10/25 09:52:27 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/10/25 09:52:25 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/10/25 09:52:25 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/10/25 09:52:25 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/10/25 09:52:24 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/10/25 09:52:24 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/10/25 09:52:24 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/10/25 09:52:24 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/10/25 09:52:24 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/10/25 09:52:24 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/10/25 09:52:24 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/10/25 09:52:23 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/10/25 09:52:23 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/10/25 09:52:23 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/10/25 09:52:23 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/10/25 09:52:23 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/10/25 09:52:23 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/10/25 09:52:23 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/10/25 09:52:23 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/10/25 09:52:22 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/10/25 09:52:22 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/10/25 09:52:22 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/10/25 09:52:22 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/10/25 09:52:22 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/10/25 09:52:22 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/10/25 09:52:21 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/10/25 09:52:21 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/10/25 09:52:21 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/10/25 09:52:20 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/10/25 09:52:20 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/10/25 09:52:20 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/10/25 09:52:20 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/10/25 09:52:20 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/10/25 09:52:19 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/10/25 09:52:19 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/10/25 09:52:19 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/10/25 09:52:19 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/10/25 09:52:19 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/10/25 09:52:19 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/10/25 09:52:19 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/10/25 09:52:19 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/10/25 09:52:18 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/10/25 09:52:18 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/10/25 09:52:18 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/10/25 09:52:18 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/10/25 09:52:18 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/10/25 09:52:18 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/10/25 09:52:17 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/10/25 09:52:17 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/10/25 09:52:17 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/10/25 09:52:17 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/10/25 09:52:17 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/10/25 09:52:17 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/10/25 09:52:16 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/10/25 09:52:16 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/10/25 09:52:15 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/10/25 09:52:15 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/10/25 09:52:15 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/10/25 09:52:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/10/25 09:52:14 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/10/25 09:52:14 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/10/25 09:52:13 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/10/25 09:52:13 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/10/25 09:52:13 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/10/25 09:52:13 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/10/25 09:52:13 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/10/25 09:52:12 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/10/25 09:52:12 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/10/25 09:52:12 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/10/25 09:52:12 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/10/25 09:52:12 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/10/25 09:52:12 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/10/25 09:52:12 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/10/25 09:52:12 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/10/25 09:52:11 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/10/25 09:52:11 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/10/25 09:52:11 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/10/25 09:52:11 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/10/25 09:52:10 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/10/25 09:52:10 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/10/25 09:52:10 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/10/25 09:52:09 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/10/25 09:52:09 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/10/25 09:52:08 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/10/25 09:52:08 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/10/25 09:52:08 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/10/25 09:52:07 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/10/25 09:52:07 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/10/25 09:52:07 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/10/25 09:52:07 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/10/25 09:52:06 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/10/25 09:52:06 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/10/25 09:52:06 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/10/25 09:52:05 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/10/25 09:52:05 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/10/25 09:52:05 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/10/25 09:52:04 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/10/25 09:52:04 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/10/25 09:52:04 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/10/25 09:52:00 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/10/25 09:52:00 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/10/25 09:51:59 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/10/25 09:51:59 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/10/25 09:51:59 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/10/25 09:51:59 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/10/25 09:51:59 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/10/25 09:51:58 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/10/25 09:51:58 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/25 09:51:58 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/10/25 09:51:58 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/10/25 09:51:58 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/10/25 09:51:58 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/10/25 09:51:58 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/10/25 09:51:58 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/10/25 09:51:58 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/10/25 09:51:57 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/10/25 09:51:57 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/10/25 09:51:57 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/10/25 09:51:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/10/25 09:51:57 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/10/25 09:51:57 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/10/25 09:51:56 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/10/25 09:51:56 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/10/25 09:51:56 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/10/25 09:51:56 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/10/25 09:51:56 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/10/25 09:51:55 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/10/25 09:51:55 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/10/25 09:51:55 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/10/25 09:51:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/10/25 09:51:55 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/10/25 09:51:55 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/10/25 09:51:54 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/10/25 09:51:54 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/10/25 09:51:54 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2009/10/25 09:51:54 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/10/25 09:51:54 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/10/25 09:51:53 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/10/25 09:51:53 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/10/25 09:51:53 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/10/25 09:51:53 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/10/25 09:51:53 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/10/25 09:51:53 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/10/25 09:51:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/10/25 09:51:52 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/10/25 09:51:52 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/10/25 09:51:52 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/10/25 09:51:52 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/10/25 09:51:52 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/10/25 09:51:51 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/10/25 09:51:51 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/10/25 09:51:51 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/10/25 09:51:51 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/10/25 09:51:51 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/10/25 09:51:51 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/10/25 09:51:50 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/10/25 09:51:50 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/10/25 09:51:50 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/10/25 09:51:50 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/10/25 09:51:50 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/10/25 09:51:50 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/10/25 09:51:49 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/10/25 09:51:49 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/10/25 09:51:49 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/10/25 09:51:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/10/25 09:51:48 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/10/25 09:51:48 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/10/25 09:51:48 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/10/25 09:51:47 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/10/25 09:51:47 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/10/25 09:51:47 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/10/25 09:51:46 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/10/25 09:51:46 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/10/25 09:51:45 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/10/25 09:51:45 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/10/25 09:51:45 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/10/25 09:51:44 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/10/25 09:51:44 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/10/25 09:51:44 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/10/25 09:51:44 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/10/25 09:51:43 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/10/25 09:51:43 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/10/25 09:51:43 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/10/25 09:51:43 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/10/25 09:51:43 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/10/25 09:51:42 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/10/25 09:51:42 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/10/25 09:51:41 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/10/25 09:51:41 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/10/25 09:51:41 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/10/25 09:51:41 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/10/25 09:51:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/10/25 09:51:41 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/10/25 09:51:41 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/10/25 09:51:40 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/10/25 09:51:40 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/10/25 09:51:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/10/25 09:51:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/10/25 09:51:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/10/25 09:51:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/10/25 09:51:39 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/10/25 09:51:38 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/10/25 09:51:38 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/10/25 09:51:38 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/10/25 09:51:38 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/10/25 09:51:38 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/10/25 09:51:38 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/10/25 09:51:37 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/10/25 09:51:37 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/10/25 09:51:37 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/25 09:51:37 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/10/25 09:51:36 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/10/25 09:51:36 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/10/25 09:51:36 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/10/25 09:51:36 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/10/25 09:51:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/10/25 09:51:36 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/10/25 09:51:36 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/10/25 09:51:35 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/10/25 09:51:34 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/10/25 09:51:34 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/10/25 09:51:34 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/25 09:51:34 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/10/25 09:51:34 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/10/25 09:51:33 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/10/25 09:51:33 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/10/25 09:51:33 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/10/25 09:51:33 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/10/25 09:51:33 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/10/25 09:51:33 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/10/25 09:51:33 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/10/25 09:51:33 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/10/25 09:51:32 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/10/25 09:51:32 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/10/25 09:51:32 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/10/25 09:51:31 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/10/25 09:51:31 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/10/25 09:51:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/10/25 09:51:31 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/10/25 09:51:31 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/10/25 09:51:31 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/10/25 09:51:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/10/25 09:51:30 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/10/25 09:51:30 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/10/25 09:51:30 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/10/25 09:51:30 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/10/25 09:51:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/10/25 09:51:30 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/10/25 09:51:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/10/25 09:51:29 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/10/25 09:51:29 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/10/25 09:51:29 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/10/25 09:51:29 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/10/25 09:51:28 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/10/25 09:51:28 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/10/25 09:51:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/10/25 09:51:27 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/10/25 09:51:27 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/10/25 09:51:27 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/10/25 09:51:27 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/10/25 09:51:27 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/10/25 09:51:26 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/10/25 09:51:25 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/10/25 09:51:25 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/10/25 09:51:25 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/10/25 09:51:25 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/10/25 09:51:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/10/25 09:51:23 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/10/25 09:51:23 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/10/25 09:51:23 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/10/25 09:51:23 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/10/25 09:51:23 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/10/25 09:51:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/10/25 09:51:23 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/10/25 09:51:22 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/10/25 09:51:20 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/10/25 09:51:20 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/10/25 09:51:19 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/10/25 09:51:19 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/10/25 09:51:18 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/10/25 09:51:18 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/10/25 09:51:17 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/10/25 09:51:16 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/10/25 09:50:57 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/10/25 09:50:56 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/10/25 09:50:56 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/10/25 09:50:53 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/10/25 00:07:49 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\MP3SkypeRecorder
[2009/10/25 00:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\MP3 Skype Recorder
[2009/10/24 23:32:15 | 00,000,000 | ---D | C] -- C:\PerfLogs
[2009/10/24 23:01:39 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2009/10/24 23:01:37 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2009/10/24 23:01:10 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2009/10/24 23:00:37 | 00,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2009/10/24 23:00:37 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2009/10/24 23:00:36 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll
[2009/10/24 23:00:36 | 00,031,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mssmbios.sys
[2009/10/24 23:00:36 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mstee.sys
[2009/10/24 23:00:36 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspclock.sys
[2009/10/24 23:00:36 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mspqm.sys
[2009/10/24 23:00:35 | 01,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2009/10/24 23:00:35 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2009/10/24 23:00:35 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2009/10/24 23:00:35 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2009/10/24 23:00:35 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mydocs.dll
[2009/10/24 23:00:35 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2009/10/24 23:00:35 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll
[2009/10/24 23:00:35 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2009/10/24 23:00:35 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2009/10/24 23:00:35 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
[2009/10/24 23:00:35 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2009/10/24 23:00:35 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2009/10/24 23:00:35 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2009/10/24 23:00:35 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2009/10/24 23:00:34 | 00,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2009/10/24 23:00:34 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2009/10/24 23:00:34 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msfs.sys
[2009/10/24 23:00:34 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2009/10/24 23:00:33 | 00,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtckrm.dll
[2009/10/24 23:00:33 | 00,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2009/10/24 23:00:33 | 00,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2009/10/24 23:00:33 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2009/10/24 23:00:33 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2009/10/24 23:00:33 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2009/10/24 23:00:32 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2009/10/24 23:00:32 | 00,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2009/10/24 23:00:32 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL
[2009/10/24 23:00:32 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2009/10/24 23:00:32 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2009/10/24 23:00:32 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2009/10/24 23:00:32 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtc.exe
[2009/10/24 23:00:32 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2009/10/24 23:00:32 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll
[2009/10/24 23:00:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2009/10/24 23:00:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2009/10/24 23:00:32 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mskssrv.sys
[2009/10/24 23:00:31 | 00,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2009/10/24 23:00:31 | 00,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2009/10/24 23:00:31 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msieftp.dll
[2009/10/24 23:00:31 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2009/10/24 23:00:31 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2009/10/24 23:00:31 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll
[2009/10/24 23:00:30 | 00,016,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys
[2009/10/24 23:00:29 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2009/10/24 23:00:29 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2009/10/24 23:00:28 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2009/10/24 23:00:28 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2009/10/24 23:00:27 | 00,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2009/10/24 23:00:27 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll
[2009/10/24 23:00:26 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2009/10/24 23:00:26 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2009/10/24 23:00:26 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
[2009/10/24 23:00:26 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2009/10/24 23:00:26 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2009/10/24 23:00:25 | 00,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2009/10/24 23:00:25 | 00,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2009/10/24 23:00:25 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
[2009/10/24 23:00:25 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/10/24 23:00:25 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nsisvc.dll
[2009/10/24 23:00:25 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys
[2009/10/24 23:00:25 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
[2009/10/24 23:00:24 | 00,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2009/10/24 23:00:24 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2009/10/24 23:00:24 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2009/10/24 23:00:24 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2009/10/24 23:00:24 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2009/10/24 23:00:24 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2009/10/24 23:00:24 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\null.sys
[2009/10/24 23:00:23 | 00,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2009/10/24 23:00:23 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2009/10/24 23:00:23 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2009/10/24 23:00:23 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2009/10/24 23:00:23 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll
[2009/10/24 23:00:23 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbios.sys
[2009/10/24 23:00:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndisuio.sys
[2009/10/24 23:00:23 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2009/10/24 23:00:22 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2009/10/24 23:00:22 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2009/10/24 23:00:22 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2009/10/24 23:00:22 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2009/10/24 23:00:21 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlasvc.dll
[2009/10/24 23:00:21 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
[2009/10/24 23:00:20 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2009/10/24 23:00:20 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2009/10/24 23:00:20 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2009/10/24 23:00:19 | 00,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2009/10/24 23:00:19 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2009/10/24 23:00:19 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys
[2009/10/24 23:00:19 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2009/10/24 23:00:19 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2009/10/24 23:00:17 | 00,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2009/10/24 23:00:17 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2009/10/24 23:00:17 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll
[2009/10/24 23:00:17 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LogonUI.exe
[2009/10/24 23:00:16 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2009/10/24 23:00:15 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2009/10/24 23:00:15 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mcx2Svc.dll
[2009/10/24 23:00:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\irenum.sys
[2009/10/24 23:00:14 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2009/10/24 23:00:14 | 00,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itss.dll
[2009/10/24 23:00:14 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiexe.dll
[2009/10/24 23:00:14 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\irda.sys
[2009/10/24 23:00:14 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPBusEnum.dll
[2009/10/24 23:00:14 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2009/10/24 23:00:14 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2009/10/24 23:00:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2009/10/24 23:00:13 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2009/10/24 23:00:13 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ipnat.sys
[2009/10/24 23:00:13 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2009/10/24 23:00:12 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2009/10/24 23:00:12 | 00,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2009/10/24 23:00:12 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdsvc.dll
[2009/10/24 23:00:12 | 00,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2009/10/24 23:00:12 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2009/10/24 23:00:12 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2009/10/24 23:00:12 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KMSVC.DLL
[2009/10/24 23:00:12 | 00,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2009/10/24 23:00:12 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys
[2009/10/24 23:00:12 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2009/10/24 23:00:12 | 00,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdclass.sys
[2009/10/24 23:00:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2009/10/24 23:00:12 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2009/10/24 23:00:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2009/10/24 23:00:11 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprdim.dll
[2009/10/24 23:00:11 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys
[2009/10/24 23:00:11 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2009/10/24 23:00:11 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2009/10/24 23:00:10 | 00,057,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mountmgr.sys
[2009/10/24 23:00:10 | 00,034,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2009/10/24 23:00:10 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouhid.sys
[2009/10/24 23:00:10 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2009/10/24 23:00:09 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2009/10/24 23:00:09 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2009/10/24 23:00:09 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2009/10/24 23:00:09 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2009/10/24 23:00:09 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2009/10/24 23:00:08 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2009/10/24 23:00:08 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2009/10/24 23:00:03 | 00,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2009/10/24 23:00:02 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
[2009/10/24 23:00:02 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcshext.dll
[2009/10/24 23:00:02 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2009/10/24 23:00:01 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcss.dll
[2009/10/24 23:00:00 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2009/10/24 23:00:00 | 00,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2009/10/24 22:59:58 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2009/10/24 22:59:54 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2009/10/24 22:59:52 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2009/10/24 22:59:52 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SessEnv.dll
[2009/10/24 22:59:52 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2009/10/24 22:59:52 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys
[2009/10/24 22:59:52 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2009/10/24 22:59:52 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2009/10/24 22:59:50 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
[2009/10/24 22:59:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2009/10/24 22:59:49 | 00,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2009/10/24 22:59:49 | 00,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2009/10/24 22:59:49 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2009/10/24 22:59:49 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2009/10/24 22:59:49 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2009/10/24 22:59:49 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2009/10/24 22:59:48 | 00,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2009/10/24 22:59:48 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2009/10/24 22:59:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2009/10/24 22:59:46 | 01,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2009/10/24 22:59:46 | 00,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2009/10/24 22:59:46 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2009/10/24 22:59:46 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2009/10/24 22:59:46 | 00,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2009/10/24 22:59:46 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
[2009/10/24 22:59:46 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2009/10/24 22:59:46 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2009/10/24 22:59:46 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2009/10/24 22:59:45 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2009/10/24 22:59:45 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2009/10/24 22:59:44 | 01,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pla.dll
[2009/10/24 22:59:44 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2009/10/24 22:59:44 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2009/10/24 22:59:43 | 00,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2009/10/24 22:59:43 | 00,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2009/10/24 22:59:43 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2009/10/24 22:59:43 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2009/10/24 22:59:43 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys
[2009/10/24 22:59:43 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rshx32.dll
[2009/10/24 22:59:43 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2009/10/24 22:59:43 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2009/10/24 22:59:43 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2009/10/24 22:59:42 | 00,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2009/10/24 22:59:42 | 00,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2009/10/24 22:59:42 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2009/10/24 22:59:42 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2009/10/24 22:59:42 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2009/10/24 22:59:42 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2009/10/24 22:59:41 | 00,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2009/10/24 22:59:40 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2009/10/24 22:59:38 | 00,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2009/10/24 22:59:38 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009/10/24 22:59:37 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2009/10/24 22:59:37 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2009/10/24 22:59:37 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2009/10/24 22:59:37 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2009/10/24 22:59:37 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2009/10/24 22:59:36 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2009/10/24 22:59:36 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2009/10/24 22:59:36 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2009/10/24 22:59:36 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys
[2009/10/24 22:59:35 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\regedit.exe
[2009/10/24 22:59:35 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\remotepg.dll
[2009/10/24 22:59:35 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2009/10/24 22:59:35 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2009/10/24 22:59:34 | 00,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2009/10/24 22:59:34 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2009/10/24 22:59:34 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpdd.dll
[2009/10/24 22:59:34 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2009/10/24 22:59:34 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPCDD.sys
[2009/10/24 22:59:33 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2009/10/24 22:59:33 | 00,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2009/10/24 22:59:33 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2009/10/24 22:59:33 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2009/10/24 22:59:33 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll
[2009/10/24 22:59:30 | 00,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2009/10/24 22:59:30 | 00,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2009/10/24 22:59:30 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
[2009/10/24 22:59:30 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
[2009/10/24 22:59:29 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2009/10/24 22:59:29 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2009/10/24 22:59:29 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2009/10/24 22:59:29 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2009/10/24 22:59:29 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2009/10/24 22:59:29 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
[2009/10/24 22:59:28 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2009/10/24 22:59:28 | 00,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2009/10/24 22:59:28 | 00,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2009/10/24 22:59:28 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2009/10/24 22:59:28 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2009/10/24 22:59:28 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2009/10/24 22:59:28 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2009/10/24 22:59:27 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2009/10/24 22:59:27 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2009/10/24 22:59:27 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2009/10/24 22:59:27 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2009/10/24 22:59:27 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2009/10/24 22:59:27 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2009/10/24 22:59:27 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DfsShlEx.dll
[2009/10/24 22:59:26 | 01,291,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comres.dll
[2009/10/24 22:59:26 | 00,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
[2009/10/24 22:59:26 | 00,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2009/10/24 22:59:26 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2009/10/24 22:59:26 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2009/10/24 22:59:26 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2009/10/24 22:59:26 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2009/10/24 22:59:25 | 00,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2009/10/24 22:59:25 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2009/10/24 22:59:25 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2009/10/24 22:59:25 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2009/10/24 22:59:25 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2009/10/24 22:59:25 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2009/10/24 22:59:25 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll
[2009/10/24 22:59:25 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2009/10/24 22:59:25 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2009/10/24 22:59:24 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2009/10/24 22:59:23 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2009/10/24 22:59:23 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2009/10/24 22:59:23 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2009/10/24 22:59:23 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2009/10/24 22:59:23 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapsvc.dll
[2009/10/24 22:59:23 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
[2009/10/24 22:59:23 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2009/10/24 22:59:22 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2009/10/24 22:59:22 | 00,058,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys
[2009/10/24 22:59:22 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys
[2009/10/24 22:59:22 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fdc.sys
[2009/10/24 22:59:22 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2009/10/24 22:59:22 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\flpydisk.sys
[2009/10/24 22:59:22 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdPHost.dll
[2009/10/24 22:59:21 | 02,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2009/10/24 22:59:21 | 02,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2009/10/24 22:59:21 | 00,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2009/10/24 22:59:21 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2009/10/24 22:59:20 | 00,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2009/10/24 22:59:20 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2009/10/24 22:59:19 | 00,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2009/10/24 22:59:19 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2009/10/24 22:59:19 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2009/10/24 22:59:19 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2009/10/24 22:59:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2009/10/24 22:59:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll
[2009/10/24 22:59:19 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2009/10/24 22:59:19 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2009/10/24 22:59:18 | 00,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2009/10/24 22:59:18 | 00,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2009/10/24 22:59:18 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2009/10/24 22:59:18 | 00,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2009/10/24 22:59:18 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2009/10/24 22:59:18 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dps.dll
[2009/10/24 22:59:18 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2009/10/24 22:59:18 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2009/10/24 22:59:18 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2009/10/24 22:59:18 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2009/10/24 22:59:18 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2009/10/24 22:59:18 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2009/10/24 22:59:18 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2009/10/24 22:59:18 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2009/10/24 22:59:18 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2009/10/24 22:59:18 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2009/10/24 22:59:17 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2009/10/24 22:59:17 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
[2009/10/24 22:59:17 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2009/10/24 22:59:16 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsuiext.dll
[2009/10/24 22:59:16 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2009/10/24 22:59:16 | 00,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsquery.dll
[2009/10/24 22:59:16 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquoui.dll
[2009/10/24 22:59:16 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
[2009/10/24 22:59:16 | 00,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2009/10/24 22:59:16 | 00,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
[2009/10/24 22:59:16 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2009/10/24 22:59:16 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2009/10/24 22:59:16 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssec.dll
[2009/10/24 22:59:16 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2009/10/24 22:59:15 | 04,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2009/10/24 22:59:15 | 01,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2009/10/24 22:59:15 | 00,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2009/10/24 22:59:15 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2009/10/24 22:59:15 | 00,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2009/10/24 22:59:15 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2009/10/24 22:59:15 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2009/10/24 22:59:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2009/10/24 22:59:13 | 00,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2009/10/24 22:59:13 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2009/10/24 22:59:13 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2009/10/24 22:59:13 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2009/10/24 22:59:13 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2009/10/24 22:59:13 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2009/10/24 22:59:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\beep.sys
[2009/10/24 22:59:12 | 01,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2009/10/24 22:59:12 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
[2009/10/24 22:59:12 | 00,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2009/10/24 22:59:12 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2009/10/24 22:59:12 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2009/10/24 22:59:12 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2009/10/24 22:59:12 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2009/10/24 22:59:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2009/10/24 22:59:10 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2009/10/24 22:59:09 | 00,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2009/10/24 22:59:09 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2009/10/24 22:59:09 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2009/10/24 22:59:09 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys
[2009/10/24 22:59:09 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/10/24 22:59:09 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/10/24 22:59:08 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2009/10/24 22:59:08 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2009/10/24 22:59:08 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\alg.exe
[2009/10/24 22:59:08 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appinfo.dll
[2009/10/24 22:59:07 | 00,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2009/10/24 22:59:07 | 00,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll
[2009/10/24 22:59:07 | 00,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll
[2009/10/24 22:59:07 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabview.dll
[2009/10/24 22:59:07 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2009/10/24 22:59:07 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2009/10/24 22:59:07 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2009/10/24 22:59:06 | 00,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2009/10/24 22:59:06 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2009/10/24 22:59:06 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2009/10/24 22:59:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys
[2009/10/24 22:59:05 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2009/10/24 22:59:04 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browser.dll
[2009/10/24 22:59:04 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2009/10/24 22:59:03 | 00,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2009/10/24 22:59:03 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2009/10/24 22:59:03 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2009/10/24 22:59:02 | 00,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2009/10/24 22:59:02 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdfs.sys
[2009/10/24 22:59:00 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2009/10/24 22:58:53 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2009/10/24 22:58:53 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
[2009/10/24 22:58:51 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2009/10/24 22:58:49 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\i8042prt.sys
[2009/10/24 22:58:49 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2009/10/24 22:58:49 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/10/24 22:58:48 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2009/10/24 22:58:47 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2009/10/24 22:58:47 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/10/24 22:58:46 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2009/10/24 22:58:46 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2009/10/24 22:58:45 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2009/10/24 22:58:45 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2009/10/24 22:58:44 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2009/10/24 22:58:43 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll
[2009/10/24 22:58:43 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2009/10/24 22:58:41 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2009/10/24 22:58:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fs_rec.sys
[2009/10/24 22:58:41 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2009/10/24 22:58:37 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2009/10/24 22:58:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2009/10/24 22:58:36 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2009/10/24 22:58:36 | 00,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2009/10/24 22:58:36 | 00,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2009/10/24 22:58:35 | 00,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx
[2009/10/24 22:58:35 | 00,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2009/10/24 22:58:35 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2009/10/24 22:58:34 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2009/10/24 22:58:34 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2009/10/24 22:58:34 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2009/10/24 22:58:33 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2009/10/24 22:58:25 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2009/10/24 22:58:25 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2009/10/24 22:58:24 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2009/10/24 22:58:24 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2009/10/24 22:58:24 | 00,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
[2009/10/24 22:58:24 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2009/10/24 22:58:24 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2009/10/24 22:58:24 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2009/10/24 22:58:22 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2009/10/24 22:58:22 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2009/10/24 22:58:22 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2009/10/24 22:58:21 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2009/10/24 22:58:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2009/10/24 22:58:21 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2009/10/24 22:58:20 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2009/10/24 22:58:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2009/10/24 22:58:19 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
[2009/10/24 22:58:18 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2009/10/24 22:58:18 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2009/10/24 22:58:18 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2009/10/24 22:58:17 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2009/10/24 22:58:17 | 00,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecsvc.dll
[2009/10/24 22:58:17 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercplsupport.dll
[2009/10/24 22:58:17 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2009/10/24 22:58:16 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdi.dll
[2009/10/24 22:58:15 | 01,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2009/10/24 22:58:15 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2009/10/24 22:58:15 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2009/10/24 22:58:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2009/10/24 22:58:14 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2009/10/24 22:58:14 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2009/10/24 22:58:14 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2009/10/24 22:58:13 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XPSSHHDR.dll
[2009/10/24 22:58:13 | 00,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2009/10/24 22:58:13 | 00,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2009/10/24 22:58:13 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2009/10/24 22:58:13 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
[2009/10/24 22:58:13 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2009/10/24 22:58:13 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2009/10/24 22:58:13 | 00,083,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFRd.sys
[2009/10/24 22:58:13 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2009/10/24 22:58:13 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFSvc.dll
[2009/10/24 22:58:13 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WUDFPf.sys
[2009/10/24 22:58:13 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/10/24 22:58:13 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2009/10/24 22:58:13 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
[2009/10/24 22:58:13 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2009/10/24 22:58:12 | 01,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2009/10/24 22:58:12 | 00,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2009/10/24 22:58:12 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2009/10/24 22:58:12 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2009/10/24 22:58:12 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2009/10/24 22:58:12 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2009/10/24 22:58:12 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2009/10/24 22:58:12 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2009/10/24 22:58:12 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2009/10/24 22:58:12 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2009/10/24 22:58:12 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
[2009/10/24 22:58:12 | 00,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2009/10/24 22:58:11 | 00,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2009/10/24 22:58:11 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanext.exe
[2009/10/24 22:58:11 | 00,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2009/10/24 22:58:11 | 00,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2009/10/24 22:58:10 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2009/10/24 22:58:10 | 00,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2009/10/24 22:58:10 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2009/10/24 22:58:10 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2009/10/24 22:58:10 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2009/10/24 22:58:10 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpshell.dll
[2009/10/24 22:58:09 | 01,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2009/10/24 22:58:09 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2009/10/24 22:58:08 | 00,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2009/10/24 22:58:07 | 01,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2009/10/24 22:58:07 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2009/10/24 22:58:07 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2009/10/24 22:58:07 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2009/10/24 22:58:06 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2009/10/24 22:58:06 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2009/10/24 22:58:05 | 00,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2009/10/24 22:58:05 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
[2009/10/24 22:58:05 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2009/10/24 22:58:05 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2009/10/24 22:58:05 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdtcp.sys
[2009/10/24 22:58:04 | 00,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2009/10/24 22:58:04 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2009/10/24 22:58:04 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2009/10/24 22:58:04 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdpipe.sys
[2009/10/24 22:58:01 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2009/10/24 22:58:01 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2009/10/24 22:58:01 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2009/10/24 22:58:01 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2009/10/24 22:58:01 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
[2009/10/24 22:58:00 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2009/10/24 22:58:00 | 00,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2009/10/24 22:58:00 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2009/10/24 22:58:00 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2009/10/24 22:58:00 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2009/10/24 22:58:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2009/10/24 22:57:59 | 08,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2009/10/24 22:57:58 | 08,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2009/10/24 22:57:58 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2009/10/24 22:57:58 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2009/10/24 22:57:58 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysdm.cpl
[2009/10/24 22:57:58 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syncui.dll
[2009/10/24 22:57:58 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2009/10/24 22:57:58 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2009/10/24 22:57:58 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2009/10/24 22:57:58 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2009/10/24 22:57:58 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2009/10/24 22:57:58 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2009/10/24 22:57:58 | 00,021,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys
[2009/10/24 22:57:58 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2009/10/24 22:57:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2009/10/24 22:57:57 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2009/10/24 22:57:57 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2009/10/24 22:57:57 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbprint.sys
[2009/10/24 22:57:57 | 00,015,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\swenum.sys
[2009/10/24 22:57:56 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll
[2009/10/24 22:57:56 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2009/10/24 22:57:56 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2009/10/24 22:57:55 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2009/10/24 22:57:55 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2009/10/24 22:57:55 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2009/10/24 22:57:54 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbccgp.sys
[2009/10/24 22:57:54 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2009/10/24 22:57:54 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vga.sys
[2009/10/24 22:57:54 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2009/10/24 22:57:54 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2009/10/24 22:57:53 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2009/10/24 22:57:52 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2009/10/24 22:57:52 | 00,240,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
[2009/10/24 22:57:52 | 00,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2009/10/24 22:57:52 | 00,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2009/10/24 22:57:52 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2009/10/24 22:57:52 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2009/10/24 22:57:52 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2009/10/24 22:57:52 | 00,052,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys
[2009/10/24 22:57:52 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2009/10/24 22:57:52 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2009/10/24 22:57:51 | 01,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2009/10/24 22:57:51 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2009/10/24 22:57:51 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2009/10/24 22:57:51 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2009/10/24 22:57:51 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2009/10/24 22:57:51 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2009/10/24 22:57:51 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2009/10/24 22:57:50 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys
[2009/10/24 22:57:50 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2009/10/24 22:57:49 | 02,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2009/10/24 22:57:49 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2009/10/24 22:57:49 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys
[2009/10/24 22:57:49 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2009/10/24 22:57:49 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2009/10/24 22:57:48 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2009/10/24 22:57:48 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2009/10/24 22:57:48 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2009/10/24 22:57:48 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2009/10/24 22:57:48 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys
[2009/10/24 22:57:48 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS
[2009/10/24 22:57:48 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2009/10/24 22:26:12 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Local\Microsoft Corporation
[2009/10/22 19:39:48 | 00,000,000 | ---D | C] -- C:\Users\ace\AppData\Roaming\nod32 updater
[2009/10/19 10:14:33 | 00,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdmhcp.dll
[2009/10/19 10:14:33 | 00,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdminpa.dll
[2009/10/19 10:14:32 | 00,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdmusb1.dll
[2009/10/19 10:14:32 | 00,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdmiesc.dll
[2009/10/19 10:14:31 | 01,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdmserv.dll
[2009/10/19 10:14:31 | 00,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdmprox.dll
[2009/10/19 10:14:30 | 00,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdmpmui.dll
[2009/10/19 10:14:30 | 00,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdmlmpm.dll
[2009/10/19 10:14:28 | 00,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdmhbn3.dll
[2009/10/19 10:14:27 | 00,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdmcomc.dll
[2009/10/19 10:14:27 | 00,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdmcomm.dll
[2008/06/18 13:04:44 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\ace\AppData\Roaming\pcouffin.sys
[2007/08/09 14:50:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\ace\AppData\Local\stdole.dll
[2007/07/13 14:36:22 | 00,220,184 | ---- | C] ( ) -- C:\Users\ace\AppData\Local\Interop.Microsoft.Office.Core.dll
[2004/01/27 23:59:00 | 00,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2003/12/09 20:17:00 | 00,057,344 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/20 20:33:41 | 05,107,712 | ---- | M] () -- C:\Users\ace\ntuser.dat
[2009/11/20 19:26:20 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/20 19:26:20 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/20 19:26:20 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/20 19:21:22 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2009/11/20 19:20:51 | 00,000,434 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/11/20 19:20:40 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{bb9033cb-d632-11de-9925-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/11/20 19:20:40 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{bb9033cb-d632-11de-9925-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 19:20:40 | 00,065,536 | -HS- | M] () -- C:\Users\ace\ntuser.dat{bb9033cb-d632-11de-9925-806e6f6e6963}.TM.blf
[2009/11/20 19:19:22 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 19:19:22 | 00,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/20 19:19:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/20 19:19:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/20 19:17:36 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{e630857c-d5e5-11de-b115-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 19:17:36 | 00,065,536 | -HS- | M] () -- C:\Users\ace\ntuser.dat{e630857c-d5e5-11de-b115-806e6f6e6963}.TM.blf
[2009/11/20 19:13:19 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{e630857c-d5e5-11de-b115-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/11/20 19:13:09 | 03,459,760 | -H-- | M] () -- C:\Users\ace\AppData\Local\IconCache.db
[2009/11/20 12:00:00 | 00,000,430 | ---- | M] () -- C:\Windows\tasks\10-19-2009_021529.job
[2009/11/20 10:07:34 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{ed9f4ac3-d191-11de-814e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 10:07:34 | 00,065,536 | -HS- | M] () -- C:\Users\ace\ntuser.dat{ed9f4ac3-d191-11de-814e-806e6f6e6963}.TM.blf
[2009/11/19 15:37:47 | 00,000,368 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/11/19 15:11:00 | 00,001,041 | ---- | M] () -- C:\Users\ace\AppData\Roaming\vso_ts_preview.xml
[2009/11/18 21:25:51 | 00,110,080 | ---- | M] () -- C:\Users\ace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 18:11:26 | 00,087,608 | ---- | M] () -- C:\Users\ace\AppData\Roaming\inst.exe
[2009/11/17 18:11:26 | 00,047,360 | ---- | M] (VSO Software) -- C:\Users\ace\AppData\Roaming\pcouffin.sys
[2009/11/17 18:11:26 | 00,007,887 | ---- | M] () -- C:\Users\ace\AppData\Roaming\pcouffin.cat
[2009/11/17 18:11:26 | 00,001,144 | ---- | M] () -- C:\Users\ace\AppData\Roaming\pcouffin.inf
[2009/11/17 16:45:17 | 00,001,895 | ---- | M] () -- C:\Users\ace\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/11/17 10:57:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/11/16 12:42:39 | 00,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2009/11/16 00:47:14 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{ed9f4ac3-d191-11de-814e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/11/15 03:43:00 | 00,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2009/11/15 02:33:00 | 00,000,410 | ---- | M] () -- C:\Windows\tasks\DriverRobot.job
[2009/11/14 21:56:21 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{41bbd62e-c3c5-11de-9311-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/14 21:56:21 | 00,065,536 | -HS- | M] () -- C:\Users\ace\ntuser.dat{41bbd62e-c3c5-11de-9311-806e6f6e6963}.TM.blf
[2009/11/14 12:00:00 | 00,000,390 | ---- | M] () -- C:\Windows\tasks\Week of Registry Easy.job
[2009/11/13 19:38:50 | 00,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2009/11/13 19:38:50 | 00,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2009/11/13 17:06:56 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/11/13 17:06:56 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/11/10 14:02:22 | 00,268,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/08 00:58:41 | 00,349,156 | ---- | M] () -- C:\Windows\uninstall Deathwin.exe
[2009/11/08 00:02:53 | 00,000,784 | ---- | M] () -- C:\Users\ace\Desktop\RegCure.lnk
[2009/11/07 17:40:23 | 00,000,042 | ---- | M] () -- C:\Windows\System32\RegistryEasy.lie
[2009/11/06 21:13:37 | 00,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/11/06 16:13:38 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/11/05 12:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/11/02 23:40:10 | 00,004,438 | ---- | M] () -- C:\lma_log.html
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/02 15:48:09 | 00,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 20:22:42 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{41bbd62e-c3c5-11de-9311-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/10/28 08:28:05 | 00,524,288 | -HS- | M] () -- C:\Users\ace\ntuser.dat{71875904-bc69-11de-a282-00188b64d5d5}.TMContainer00000000000000000001.regtrans-ms
[2009/10/28 08:28:05 | 00,065,536 | -HS- | M] () -- C:\Users\ace\ntuser.dat{71875904-bc69-11de-a282-00188b64d5d5}.TM.blf
[2009/10/28 08:07:10 | 00,001,670 | ---- | M] () -- C:\Users\ace\Desktop\CCleaner.lnk
[2009/10/28 00:02:53 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 00:02:50 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/25 22:11:18 | 00,717,296 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/25 10:13:08 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/25 00:07:48 | 00,002,509 | ---- | M] () -- C:\Users\ace\Desktop\MP3 Skype Recorder.lnk
[2009/10/24 23:42:44 | 00,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2009/10/24 23:36:22 | 00,081,920 | ---- | M] () -- C:\Windows\SPInstall.etl
[2009/10/24 23:20:39 | 00,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2009/10/24 23:20:36 | 00,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2009/10/22 16:46:04 | 00,093,096 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/10/22 16:45:56 | 02,115,496 | ---- | M] () -- C:\Windows\System32\Incinerator.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/20 19:20:40 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{bb9033cb-d632-11de-9925-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/11/20 19:20:40 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{bb9033cb-d632-11de-9925-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 19:20:40 | 00,065,536 | -HS- | C] () -- C:\Users\ace\ntuser.dat{bb9033cb-d632-11de-9925-806e6f6e6963}.TM.blf
[2009/11/20 10:09:17 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{e630857c-d5e5-11de-b115-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/11/20 10:09:17 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{e630857c-d5e5-11de-b115-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/20 10:09:16 | 00,065,536 | -HS- | C] () -- C:\Users\ace\ntuser.dat{e630857c-d5e5-11de-b115-806e6f6e6963}.TM.blf
[2009/11/17 18:11:25 | 00,000,055 | ---- | C] () -- C:\Users\ace\AppData\Roaming\pcouffin.log
[2009/11/17 16:45:17 | 00,001,895 | ---- | C] () -- C:\Users\ace\Desktop\RemoveIT Pro v4 - SE.lnk
[2009/11/17 16:32:28 | 03,459,760 | -H-- | C] () -- C:\Users\ace\AppData\Local\IconCache.db
[2009/11/14 21:58:20 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{ed9f4ac3-d191-11de-814e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/11/14 21:58:20 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{ed9f4ac3-d191-11de-814e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/11/14 21:58:20 | 00,065,536 | -HS- | C] () -- C:\Users\ace\ntuser.dat{ed9f4ac3-d191-11de-814e-806e6f6e6963}.TM.blf
[2009/11/13 19:38:50 | 00,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009/11/13 19:38:50 | 00,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009/11/13 17:00:09 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/11/13 17:00:09 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/11/08 00:58:41 | 00,349,156 | ---- | C] () -- C:\Windows\uninstall Deathwin.exe
[2009/11/08 00:02:56 | 00,000,434 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/11/08 00:02:56 | 00,000,374 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009/11/08 00:02:56 | 00,000,368 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009/11/08 00:02:53 | 00,000,784 | ---- | C] () -- C:\Users\ace\Desktop\RegCure.lnk
[2009/11/07 17:35:29 | 00,000,042 | ---- | C] () -- C:\Windows\System32\RegistryEasy.lie
[2009/11/07 17:34:18 | 00,000,390 | ---- | C] () -- C:\Windows\tasks\Week of Registry Easy.job
[2009/11/06 21:13:37 | 00,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/11/06 16:13:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/02 18:34:58 | 00,004,438 | ---- | C] () -- C:\lma_log.html
[2009/11/02 15:48:09 | 00,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/28 08:29:29 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{41bbd62e-c3c5-11de-9311-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2009/10/28 08:29:29 | 00,524,288 | -HS- | C] () -- C:\Users\ace\ntuser.dat{41bbd62e-c3c5-11de-9311-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2009/10/28 08:29:29 | 00,065,536 | -HS- | C] () -- C:\Users\ace\ntuser.dat{41bbd62e-c3c5-11de-9311-806e6f6e6963}.TM.blf
[2009/10/28 00:02:53 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/10/28 00:02:50 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/10/25 22:11:17 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/10/25 10:13:08 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/10/25 09:54:59 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/10/25 09:53:55 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/10/25 09:53:52 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/10/25 09:53:31 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/10/25 09:53:26 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/25 09:53:25 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/25 09:53:21 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/10/25 09:53:20 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/10/25 09:53:13 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/10/25 09:52:49 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/10/25 09:52:45 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/10/25 09:52:07 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/10/25 09:51:22 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/10/25 09:51:08 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/10/25 00:06:47 | 00,002,509 | ---- | C] () -- C:\Users\ace\Desktop\MP3 Skype Recorder.lnk
[2009/10/24 22:59:43 | 00,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2009/10/24 22:58:34 | 00,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2009/10/24 22:58:22 | 00,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2009/10/19 10:14:33 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdminst.dll
[2009/10/19 10:14:28 | 00,208,896 | ---- | C] () -- C:\Windows\System32\lxdmgrd.dll
[2009/10/18 23:20:07 | 00,034,705 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/18 23:20:07 | 00,034,705 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/11 07:11:11 | 02,115,496 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/05 14:51:29 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/26 17:15:02 | 00,001,154 | ---- | C] () -- C:\ProgramData\lxdm
[2008/12/24 07:55:09 | 00,000,021 | ---- | C] () -- C:\Windows\PI5_SETUP.ini
[2008/12/24 07:54:24 | 00,000,021 | ---- | C] () -- C:\Windows\ME_setup.ini
[2008/12/22 19:15:21 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/09/26 22:54:19 | 00,001,356 | ---- | C] () -- C:\Users\ace\AppData\Local\d3d9caps.dat
[2008/06/19 16:24:59 | 00,110,080 | ---- | C] () -- C:\Users\ace\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 10:54:29 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/06/18 13:05:41 | 00,001,041 | ---- | C] () -- C:\Users\ace\AppData\Roaming\vso_ts_preview.xml
[2008/06/18 13:04:44 | 00,087,608 | ---- | C] () -- C:\Users\ace\AppData\Roaming\inst.exe
[2008/06/18 13:04:44 | 00,007,887 | ---- | C] () -- C:\Users\ace\AppData\Roaming\pcouffin.cat
[2008/06/18 13:04:44 | 00,001,144 | ---- | C] () -- C:\Users\ace\AppData\Roaming\pcouffin.inf
[2008/06/18 11:27:50 | 00,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/06/18 09:29:06 | 00,000,936 | ---- | C] () -- C:\Windows\wininit.ini
[2008/06/18 09:17:46 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdmoem.dll
[2008/06/18 09:04:03 | 00,064,048 | ---- | C] () -- C:\Users\ace\AppData\Local\GDIPFONTCACHEV1.DAT
[2007/05/22 17:59:38 | 00,692,224 | ---- | C] () -- C:\Windows\System32\lxdmdrs.dll
[2007/05/22 09:10:12 | 00,065,536 | ---- | C] () -- C:\Windows\System32\lxdmcaps.dll
[2007/05/03 14:50:10 | 00,348,160 | ---- | C] () -- C:\Windows\System32\lxdmcoin.dll
[2007/04/17 09:17:06 | 00,069,632 | ---- | C] () -- C:\Windows\System32\lxdmcnv4.dll
[2006/11/29 14:08:27 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 07:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,264 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,191 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/01 00:53:18 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxdmvs.dll
[2003/10/21 15:40:00 | 00,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:ECF54A0E
< End of report >

#4 chrickt67

chrickt67
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 20 November 2009 - 08:43 PM

OTL Extras logfile created on: 11/20/2009 8:33:35 PM - Run 1
OTL by OldTimer - Version 3.1.6.1 Folder = C:\Users\ace\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.83 Gb Total Space | 158.09 Gb Free Space | 67.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACE-PC
Current User Name: ace
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2630FFD4-5C67-477D-A219-C96B4E9000A1}" = lport=56770 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{3BCD0503-B89D-4B09-B097-CD90C590F3CE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{41345E80-221A-4BB8-9EAB-A1D04BBEA2D5}" = lport=58532 | protocol=6 | dir=in | name=pando p2p tcp listening port |
"{6E84985D-2297-4312-8ACB-1E5F06EA9194}" = lport=58711 | protocol=6 | dir=in | name=pando p2p tcp listening port |
"{75A7C928-EE6D-4ECB-873B-04C9061FD219}" = lport=1701 | protocol=17 | dir=in | app=system |
"{7F6CD7EB-44A1-42C8-906B-EC1293E1C212}" = lport=58532 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{90F001B1-1DA6-41ED-AEA6-6D7D17A4D283}" = lport=58711 | protocol=17 | dir=in | name=pando p2p udp listening port |
"{95DD6D81-C084-4626-B7E9-7828915D209F}" = lport=56770 | protocol=6 | dir=in | name=pando p2p tcp listening port |
"{9630582C-C856-4CED-B29F-C060ACE6B2A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99ED936C-2A17-4324-8021-DB92B79773F4}" = rport=1701 | protocol=17 | dir=out | app=system |
"{A02F56F2-BBFF-4880-8CE1-156A5F43E913}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C58E8AD8-D862-482F-927C-163E39281D32}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{C6440DEA-50BB-49A7-A877-2656BD820F10}" = lport=1723 | protocol=6 | dir=in | app=system |
"{D2408830-1381-4CA7-8C3D-10F62DC46E2F}" = rport=1723 | protocol=6 | dir=out | app=system |
"{E19DC59C-F4F1-4673-8520-3C4C2EA79541}" = lport=80 | protocol=6 | dir=in | app=system |
"{E4630816-CBDB-45F0-B7F5-83EE7420387E}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC2FB760-53D2-47C5-872D-B7010425DF78}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013D1FD6-DA2B-48D2-965E-8F3D331AB4C4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{01ADD97B-5162-423E-9072-AB18A5C84B1D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{02DA965F-3C8E-43B4-827C-9E19A0934B4F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{0AFF37B6-BD1B-43E3-B039-100E01CC5C85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0DDF269E-49DF-4FC5-BFB4-945227DB8BF6}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{130E776C-AFE5-45B5-9B0A-AF28CFBA8445}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{142DD84F-673A-4254-81EC-7602DF8D044A}" = protocol=17 | dir=in | app=c:\windows\system32\lxdmcoms.exe |
"{16D59FB5-8C7B-4932-AC90-76005E61CB38}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdmpswx.exe |
"{1D62E8F9-0AD3-4E5C-AFB1-8B017CD49AE8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1D7273D8-41B2-4688-8E12-06C0AF8ED4B3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdmpswx.exe |
"{23E0B62C-6133-41BA-B23A-16056646CAF0}" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{263897BF-DB35-454C-B9C0-57B6DED922E6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{26CED89A-C4FF-4BD4-867B-0E91A26074AE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{3D4E2EC3-F12B-4CE7-BDE5-2DC804F3F585}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{471CF11D-F3B8-4B42-AFD8-8FC510B3125F}" = protocol=6 | dir=in | app=c:\windows\system32\lxdmcoms.exe |
"{4DD164CF-F312-474D-9690-CFF8D61314D2}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{4E42257A-073C-48F9-A1E1-57745F22C7B9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4FF2A9DE-DF74-4CB8-8FA8-CD2480A722D2}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{54D0DF04-D87F-46C7-B942-34D4D9A09DBC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"{5F946D5E-66DB-40D0-9740-A8082A8BD668}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{6875C2E3-8911-43A5-B73E-484D4A7EEF1A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{74C52430-C8C1-4431-93E1-B3FC3B2429D0}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{798B7959-F331-4BC8-96C1-F7FD096467DA}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdmtime.exe |
"{79B595DC-F69F-443B-86BC-1B85DD9225E1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{864142E8-7E19-43BA-A71E-9A37A6419C78}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8D190394-3CE3-47BD-8076-DB179EDD4C57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{963B43DC-078C-451E-8767-B0030C7FA897}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{965FCDD7-696C-4C6C-86C9-D38165E0A546}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"{97ED8FCC-E8A3-4DD9-B4CF-0D709299AE0E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A1B2438B-0899-4EF1-9A60-527AA47449B4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{ABAC9A7D-8AEB-4760-97F9-8FFE90525C5C}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\frun.exe |
"{ACB5F066-5156-4F5A-B4A6-DC8A233BD808}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmfax.exe |
"{B06B1D55-6767-4EEE-899A-D358D439B0F2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{C52426CE-4F4C-4FB2-8B5F-A137D8B39F6D}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmfax.exe |
"{CC28AC0A-30F5-49B0-B2A4-C3EFE43A7423}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdmtime.exe |
"{D8FF6B6C-CA95-408A-82C6-1E04003F8CAF}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\frun.exe |
"{D9FF9450-0A7D-4AA3-8917-47A4B8104341}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DB528BFD-671B-4A1A-B26B-4D59EAF48441}" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"{E2EBD527-817D-4D99-8448-F89E7CD20B76}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"{ED561241-3AF0-482B-8602-42A0F5919C99}" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmamon.exe |
"{EF45B85C-141B-4324-A1B0-7DBA0C6DD3EC}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{F9D514DA-A70A-483D-8B9E-FCB6A8CB18A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmamon.exe |
"TCP Query User{43CB51BF-FE65-4EBA-84EF-594CAAC950AB}C:\program files\lexmark 5000 series\lxdmmon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"TCP Query User{5019F4C7-9BDD-4E2D-BE0F-DE98EED20462}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{50419A65-4AE2-4407-96B1-A3074ACB9F69}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{5FBC5792-2C07-4A3E-9D75-0B7371E9D14A}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"TCP Query User{6015A498-8381-4026-9892-F2C335A7C164}C:\program files\spacialaudio\sambc\samreporter\samreporter.exe" = protocol=6 | dir=in | app=c:\program files\spacialaudio\sambc\samreporter\samreporter.exe |
"TCP Query User{7082873D-AE2F-4552-A2FD-380EAD978CE8}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{745BABCA-3ECB-48F5-8095-DB7D75FFB792}C:\program files\bullguard ltd\bullguard\bullguard.exe" = protocol=6 | dir=in | app=c:\program files\bullguard ltd\bullguard\bullguard.exe |
"TCP Query User{78458E6A-E0F5-4E56-A712-2AB478881D6A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{7E192189-474D-4D86-9E32-D240792A732C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{857F678C-DA4D-462D-B859-420299503F61}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{9D8D01E7-B22D-4F8C-9361-E496F98C397D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B81D9551-3103-474D-800A-9223406ABCB9}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{C63AB49F-5901-46CE-93CB-3A34EA8C9BAD}C:\program files\incode solutions\removeit pro v4 - se\removeit.exe" = protocol=6 | dir=in | app=c:\program files\incode solutions\removeit pro v4 - se\removeit.exe |
"TCP Query User{CFEFC313-9E57-4E8E-9816-1793DE5DD27C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{D090EB81-C79A-4582-A06E-0A0BC7DED21D}C:\program files\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files\call graph\callgraph.exe |
"TCP Query User{DA76043E-13A3-4435-81B9-345E41A5A35C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{DC233B36-C26A-4B31-91F2-995A5B84260A}C:\program files\reallusion\crazytalk for skype\ct4skype.exe" = protocol=6 | dir=in | app=c:\program files\reallusion\crazytalk for skype\ct4skype.exe |
"TCP Query User{E07F9932-74D1-4D42-8A4D-DEBB99552EE2}C:\program files\skypecallrecorder\skypecallrecorder.exe" = protocol=6 | dir=in | app=c:\program files\skypecallrecorder\skypecallrecorder.exe |
"TCP Query User{F0F06C4C-AC61-4B5C-B761-6F1295EFA4A2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1A4CDE1B-527F-4672-AC95-ADFDB4A37DD8}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{21D866EB-482D-4585-B4E3-9E7230657401}C:\program files\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files\call graph\callgraph.exe |
"UDP Query User{26B0A8CA-F65F-492C-95FA-30DACAE3EF8C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{2F26E8D8-94B1-4E30-8131-80E88F5CBB04}C:\program files\spacialaudio\sambc\samreporter\samreporter.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\samreporter\samreporter.exe |
"UDP Query User{421E470E-4A94-4C9D-B281-2E0BA2C11AF6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{4941D578-064A-442B-91C6-4296B2F6C600}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4B93EDDC-5AC1-435F-9D73-1336E5D331E1}C:\program files\spacialaudio\sambc\sambc.exe" = protocol=17 | dir=in | app=c:\program files\spacialaudio\sambc\sambc.exe |
"UDP Query User{6475FF6C-9652-4D8E-8095-43522A96BC9C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{664940F1-A793-45FD-9AB5-B65AC715D6E7}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"UDP Query User{76E7860B-2CB3-4B88-B284-568ACBC60389}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{8FCD1FF1-8D18-49A8-8101-C1BEEB0D591A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9B0164EE-2474-4A62-83FC-BFB5F1B1DA2B}C:\program files\skypecallrecorder\skypecallrecorder.exe" = protocol=17 | dir=in | app=c:\program files\skypecallrecorder\skypecallrecorder.exe |
"UDP Query User{A3826792-2D22-4F9B-A1D0-C50A8BEE2596}C:\program files\bullguard ltd\bullguard\bullguard.exe" = protocol=17 | dir=in | app=c:\program files\bullguard ltd\bullguard\bullguard.exe |
"UDP Query User{C15A5558-656B-4642-8998-369F84837532}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C334CE95-CADF-46F7-BB01-E181DB6CA3C4}C:\program files\lexmark 5000 series\lxdmmon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 5000 series\lxdmmon.exe |
"UDP Query User{E7361893-E405-49B0-B342-73985F430203}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F05AACD6-0EE3-4AE9-9812-A0FAB784C616}C:\program files\incode solutions\removeit pro v4 - se\removeit.exe" = protocol=17 | dir=in | app=c:\program files\incode solutions\removeit pro v4 - se\removeit.exe |
"UDP Query User{F0BD7384-91F8-4760-B5E3-1B329BD32948}C:\program files\reallusion\crazytalk for skype\ct4skype.exe" = protocol=17 | dir=in | app=c:\program files\reallusion\crazytalk for skype\ct4skype.exe |
"UDP Query User{F66927E1-6AD6-445B-A5D0-A10783AEF431}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java™ SE Development Kit 6 Update 17
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.7
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}" = HiYo
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972C1C85-E18C-4DC0-8CB7-5007DF98DE3A}" = MySQL Server 5.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.5.314
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Creative PD0620" = Creative WebCam Instant Driver (1.00.08.0416)
"Creative WebCam Center" = Creative WebCam Center
"HijackThis" = HijackThis 2.0.2
"HiYo" = HiYo
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Lexmark 5000 Series" = Lexmark 5000 Series
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"RegCure" = RegCure 2.0.0.0
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"SAM3" = SAM Broadcaster (remove only)
"Shuangs Audio Joiner_is1" = Shuangs Audio Joiner 1.1
"Spyware Terminator_is1" = Spyware Terminator
"TeamViewer 4" = TeamViewer 4
"UninstallTool" = Uninstall Tool
"uTorrent" = µTorrent
"Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-892561943-1508116293-3273268530-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"InstallShield_{6BCEB97B-F315-455D-BC2D-565A1A6781E8}" = Memeo AutoBackup
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2009 8:59:44 AM | Computer Name = ace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2009 8:59:44 AM | Computer Name = ace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2009 6:37:53 PM | Computer Name = ace-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Registry
Easy\RE.exe".Error in manifest or policy file "C:\Program Files\Registry Easy\RE.exe"
on line 0. Invalid Xml syntax.

Error - 11/7/2009 6:37:54 PM | Computer Name = ace-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Registry
Easy\RE.exe".Error in manifest or policy file "C:\Program Files\Registry Easy\RE.exe"
on line 0. Invalid Xml syntax.

Error - 11/7/2009 6:38:03 PM | Computer Name = ace-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Registry
Easy\RE.exe".Error in manifest or policy file "C:\Program Files\Registry Easy\RE.exe"
on line 0. Invalid Xml syntax.

Error - 11/7/2009 6:38:05 PM | Computer Name = ace-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Registry
Easy\RE.exe".Error in manifest or policy file "C:\Program Files\Registry Easy\RE.exe"
on line 0. Invalid Xml syntax.

Error - 11/7/2009 6:38:51 PM | Computer Name = ace-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Program Files\Registry
Easy\RE.exe".Error in manifest or policy file "C:\Program Files\Registry Easy\RE.exe"
on line 0. Invalid Xml syntax.

Error - 11/7/2009 7:33:01 PM | Computer Name = ace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2009 7:33:01 PM | Computer Name = ace-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/7/2009 7:33:01 PM | Computer Name = ace-PC | Source = Windows Search Service | ID = 3013
Description =

[ Media Center Events ]
Error - 11/2/2008 10:41:36 PM | Computer Name = ace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/25/2009 7:31:42 PM | Computer Name = ace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/30/2009 10:59:27 AM | Computer Name = ace-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/28/2009 7:31:54 PM | Computer Name = ace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/3/2009 10:03:21 PM | Computer Name = ace-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/20/2009 11:08:31 AM | Computer Name = ace-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/20/2009 11:10:19 AM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2009 11:10:19 AM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2009 11:10:19 AM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/20/2009 8:02:40 PM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2009 8:13:48 PM | Computer Name = ace-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/20/2009 8:18:48 PM | Computer Name = ace-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 11/20/2009 8:20:18 PM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/20/2009 8:20:18 PM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/20/2009 8:20:18 PM | Computer Name = ace-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:14 AM

Posted 22 November 2009 - 02:02 PM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Registry Cleaners

I notice the presence of Easy Registry here Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

Please run a scan with Malwarebytes and gmer to check further for malware:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

These are the instructions for gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Please post back the logs from malwarebytes and gmer in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 chrickt67

chrickt67
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 22 November 2009 - 03:49 PM

Hi i tried 3 times to run Gmer but i would not finish only stopped working was disconnected from the internet as per instructions, but here is the other logs you requested.


Malwarebytes' Anti-Malware 1.41
Database version: 3215
Windows 6.0.6002 Service Pack 2

11/22/2009 3:48:51 PM
mbam-log-2009-11-22 (15-48-51).txt

Scan type: Quick Scan
Objects scanned: 91568
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 chrickt67

chrickt67
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 22 November 2009 - 04:10 PM

I got the Gmr to work here is the log file sorry i am not pc savvy at all

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-22 16:07:27
Windows 6.0.6002 Service Pack 2
Running: xqet450p.exe; Driver: C:\Users\ace\AppData\Local\Temp\uwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9582DBD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9582F52C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9582F782]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9582F9FC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9582E450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9582EB32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9582EF3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x9582E5F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9582EE14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9582D7D6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9582ECD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9582D992]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9582F06E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x95830CB0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9582E0EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9582ED72]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x958306A2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x95831672]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9582E752]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x95830734]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x95830D64]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9582EFDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x9582E4D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9582EEAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9582DDD6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x95830CDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9582F110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9582DCFA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9582FC3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9583107C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x958309CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9582F49A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9582F360]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x95830442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x95831554]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9582E86C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9582E30C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x9582FCF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x9583082E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x958311BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x958312A0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x958313C8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x958305CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9582DF4E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9582DEA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x95830F32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9582E02E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9582E1EE]

INT 0x51 ? 85C31BF8
INT 0x92 ? 86B0BF00
INT 0xA2 ? 85C31BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 822E685C 4 Bytes [D0, DB, 82, 95]
.text ntkrnlpa.exe!KeSetEvent + 13D 822E6880 8 Bytes [2C, F5, 82, 95, 82, F7, 82, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 822E68C4 4 Bytes [FC, F9, 82, 95]
.text ntkrnlpa.exe!KeSetEvent + 1A9 822E68EC 4 Bytes [50, E4, 82, 95] {PUSH EAX; IN AL, 0x82; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1C1 822E6904 4 Bytes [32, EB, 82, 95]
.text ...
? System32\Drivers\spkv.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x92E0A320, 0x3DE2A7, 0xE8000020]
.text USBPORT.SYS!DllUnload 8BB4641B 5 Bytes JMP 86B0B4E0

---- User code sections - GMER 1.0.15 ----

? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] USER32.dll!SetScrollInfo + 7A8 76CE7980 4 Bytes [70, 11, 33, 6D]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] C:\Windows\system32\ntdll.dll time/date stamp mismatch;
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] USER32.dll!SetScrollInfo + 7A8 76CE7980 4 Bytes [70, 11, 33, 6D]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00170240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00170320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00170390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00170550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001705C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D30860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00D308D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00D30940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00D309B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00D30A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00D30A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 001706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00170710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 001707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00170860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 001708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00170940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00D30B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00D30B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 001709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00D30BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00D30C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00D30CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00D30D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00170B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00170BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D30DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00D30E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00170C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00170CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00170D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00170DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00D30E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00170E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00D30EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00D30F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 77180550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 77180630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 771806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 77180710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77180780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00170E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00170EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77180860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 771808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77180940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 771809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77180A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 77180F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00D40010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00D40080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00D400F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00D40160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00D401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 77340780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 773407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 77340860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 77340940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00D40240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00D402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D40320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 00D40390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 77340A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 77340BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 77340C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D404E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00D40550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 77340CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 77340D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00D405C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA] 00D40630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00D406A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00D40710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00D40780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00D407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00D40860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 77340DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00D408D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77340EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00D40940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00D409B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77340F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00180080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00D40A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D40A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00D40B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00D40B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00D40BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00D40C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00D40CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 00180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 001802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00D40D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 00180320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00D40DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D40E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00D40E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00D40EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00D40F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00D90010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00D90080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA] 00D900F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00180470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 001804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77340010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00DA01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00DA0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 00DA02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00DA0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00DA0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00DA0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00DA0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00DA0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00DA0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00DA0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00DA0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 77340010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 77180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 77180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 77340240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 771801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 77180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!VirtualAlloc] 77340320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 77180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 771801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] 77340010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SAMLIB.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77340010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 77180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 77180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 77180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 77180470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 77180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 77180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[1992] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 771801D0
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74087817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [740DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7408BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7407F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7407E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7408DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7407FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7407FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7410CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7407D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74076853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7407687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2708] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74082AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00170240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 001702B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00170320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00170390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00170550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 001705C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CD0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00CD08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00CD0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00CD09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00CD0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00CD0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 001706A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00170710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!HeapFree] 001707F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 00170860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 001708D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00170940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00CD0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00CD0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!HeapFree] 001709B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00CD0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00CD0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00CD0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00CD0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00170B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00170BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CD0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00CD0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] 00170C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] 00170CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00170D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00170DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00CD0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] 00170E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00CD0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00CD0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 77180550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771805C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 77180630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 771806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 77180710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 77180780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00170E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00170EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 77180860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 771808D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 77180940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 771809B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 77180A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 77180F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00CE0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00CE0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00CE00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00CE0160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00CE01D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 77340780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 773407F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!HeapFree] 77340860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 77340940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00CE0240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00CE02B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CE0320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] 00CE0390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 77340A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 77340BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 77340C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CE04E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00CE0550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 77340CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 77340D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00CE05C0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameA] 00CE0630
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00CE06A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00CE0710
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00CE0780
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00CE07F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00CE0860
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!HeapFree] 77340DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00CE08D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 77340EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00CE0940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00CE09B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!HeapFree] 77340F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00180080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00CE0A20
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CE0A90
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00CE0B00
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00CE0B70
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00CE0BE0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00CE0C50
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00CE0CC0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapFree] 00180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 001802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00CE0D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!HeapDestroy] 00180320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00CE0DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00CE0E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00CE0E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00CE0EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00CE0F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00CF0010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00CF0080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameA] 00CF00F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] 00180470
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] 001804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 77340010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D00160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00D001D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00D00240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 00D002B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00D00320
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00D00390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00D009B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00D00DA0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00D00E10
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00D00E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00D00EF0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00D00F60
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00D10010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 77340010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 77340080
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 77180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 77180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!HeapFree] 773402B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 77180160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 771804E0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 771800F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 773401D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 77180240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 771802B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 77180390
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 77340240
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameW] 771801D0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] 77180400
IAT C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe[3336] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!HeapFree] 773402B0

---- Devices - GMER 1.0.15 ----

Device 85C371F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 85C331F8
Device \Driver\usbohci \Device\USBPDO-0 86B8B500
Device \Driver\usbehci \Device\USBPDO-1 86B551F8

AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\volmgr \Device\HarddiskVolume1 85C331F8
Device \Driver\volmgr \Device\HarddiskVolume2 85C331F8
Device \Driver\cdrom \Device\CdRom0 86B86500
Device \Driver\netbt \Device\NetBt_Wins_Export 871F9500
Device \Driver\Smb \Device\NetbiosSmb 8619A1F8
Device \Driver\nvstor32 \Device\0000005b 85C361F8
Device \Driver\nvstor32 \Device\0000005c 85C361F8
Device \Driver\nvstor32 \Device\RaidPort0 85C361F8

AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\nvstor32 \Device\RaidPort1 85C361F8

AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

Device \Driver\iScsiPrt \Device\RaidPort2 86C7B500
Device \Driver\USBSTOR \Device\0000006b 872AC1F8
Device \Driver\usbohci \Device\USBFDO-0 86B8B500
Device \Driver\USBSTOR \Device\0000006d 872AC1F8
Device \Driver\usbehci \Device\USBFDO-1 86B551F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2D478241-F0B5-4C66-A95D-92486BAF670C} 871F9500
Device \FileSystem\cdfs \Cdfs 877A2500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:14 AM

Posted 22 November 2009 - 09:07 PM

Hi,

please run Combofix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 chrickt67

chrickt67
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:14 AM

Posted 23 November 2009 - 01:37 AM

Ok here is the ComboFix log


ComboFix 09-11-22.04 - ace 11/23/2009 0:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3518.2677 [GMT -5:00]
Running from: c:\users\ace\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ace\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-23 06:12 . 2009-11-23 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-23 04:46 . 2009-11-23 04:46 -------- d-----w- c:\program files\VS Revo Group
2009-11-23 04:36 . 2009-11-23 04:36 -------- d-----w- c:\users\ace\AppData\Local\Adobe
2009-11-22 20:21 . 2009-11-22 20:21 -------- d-----w- c:\users\ace\AppData\Local\Apple
2009-11-22 02:33 . 2009-11-22 02:46 4096 d-----w- c:\program files\TweakVI
2009-11-21 23:26 . 2009-11-21 23:26 -------- d-----w- c:\program files\Secunia
2009-11-21 22:44 . 2009-11-21 22:44 -------- d-----w- c:\program files\Sophos
2009-11-20 22:12 . 2009-11-20 23:53 -------- d-----w- c:\users\ace\AppData\Roaming\QuickScan
2009-11-20 03:08 . 2009-11-20 03:08 -------- d-----w- c:\program files\Auslogics
2009-11-19 04:24 . 2009-11-19 04:24 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2009-11-17 21:45 . 2009-11-17 21:45 -------- d-----w- c:\program files\InCode Solutions
2009-11-17 01:08 . 2008-02-15 22:25 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-11-17 01:08 . 2008-02-15 22:22 1613824 ----a-w- c:\windows\system32\stlang.dll
2009-11-17 01:06 . 2008-02-15 22:27 330752 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-11-17 01:06 . 2008-02-15 22:26 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-11-17 01:06 . 2008-02-15 22:25 527872 ----a-w- c:\windows\system32\stapo.dll
2009-11-17 01:06 . 2008-02-15 22:24 150016 ----a-w- c:\windows\system32\st325866.dll
2009-11-17 01:06 . 2008-02-15 22:23 312320 ----a-w- c:\windows\system32\stapi32.dll
2009-11-17 00:49 . 2006-12-01 20:54 626688 -c--a-w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}\Windows\winsxs\b2rg91xw.1p4\msvcr80.dll
2009-11-17 00:46 . 2009-11-17 00:50 4096 dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-11-16 17:42 . 2009-11-16 17:42 397328 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2009-11-16 17:42 . 2009-11-16 17:42 17936 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2009-11-16 17:42 . 2009-11-16 17:42 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2009-11-16 17:42 . 2009-11-16 17:42 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
2009-11-16 01:12 . 2009-11-23 05:16 4096 d-----w- c:\users\ace\AppData\Roaming\vlc
2009-11-15 05:02 . 2009-11-15 23:47 -------- d-----w- c:\users\ace\AppData\Local\Axialis
2009-11-14 00:43 . 2009-11-14 00:43 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-11-14 00:43 . 2009-11-14 00:43 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-11-14 00:43 . 2009-11-14 00:43 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-11-14 00:43 . 2009-11-14 00:43 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-11-14 00:43 . 2009-11-14 00:43 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-11-14 00:38 . 2009-11-14 00:38 -------- d--h--we c:\programdata\AVP9
2009-11-14 00:38 . 2009-11-14 00:38 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-14 00:38 . 2009-11-14 00:38 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-14 00:37 . 2009-11-23 06:26 -------- d-----w- c:\programdata\Kaspersky Lab
2009-11-14 00:37 . 2009-11-14 00:37 -------- d-----w- c:\program files\Kaspersky Lab
2009-11-14 00:36 . 2009-11-14 00:36 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-11-13 00:36 . 2009-11-13 00:36 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-11-11 23:46 . 2009-11-11 23:46 -------- d-----w- c:\program files\Uninstall Tool
2009-11-10 18:56 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 18:56 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 17:52 . 2009-11-08 17:52 -------- d-----w- c:\users\ace\AppData\Roaming\Notepad++
2009-11-08 17:52 . 2009-11-08 17:52 4096 d-----w- c:\program files\Notepad++
2009-11-08 05:58 . 2009-11-08 05:58 349156 ----a-w- c:\windows\uninstall Deathwin.exe
2009-11-08 05:02 . 2009-11-08 05:02 -------- d-----w- c:\programdata\RegCure
2009-11-08 05:02 . 2009-11-08 05:07 12288 d-----w- c:\program files\RegCure
2009-11-08 03:48 . 2009-11-17 23:17 4096 d-----w- c:\program files\Free 3D Castle Screensaver
2009-11-07 19:52 . 2009-11-07 19:52 -------- d-----w- c:\users\ace\AppData\Roaming\CleanMyPC Software
2009-11-07 02:13 . 2009-11-07 02:13 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-11-07 02:13 . 2009-11-07 02:13 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-11-07 02:13 . 2009-11-19 19:13 4096 d-----w- c:\users\ace\AppData\Roaming\Spyware Terminator
2009-11-07 02:13 . 2009-11-19 19:13 4096 d-----w- c:\programdata\Spyware Terminator
2009-11-07 02:13 . 2009-11-17 01:30 4096 d-----w- c:\program files\Spyware Terminator
2009-11-07 01:59 . 2009-11-07 01:59 -------- d-----w- c:\users\ace\AppData\Roaming\PC Tools
2009-11-06 07:19 . 2009-11-06 07:19 -------- d-----w- c:\users\Default\AppData\Roaming\iolo
2009-11-03 05:58 . 2009-11-03 05:58 -------- d-----w- c:\windows\FreeFireplace
2009-11-03 05:58 . 2009-11-11 23:49 -------- d-----w- c:\programdata\OurScreensavers
2009-11-03 04:39 . 2009-11-03 04:39 -------- d-----w- c:\users\ace\AppData\Roaming\TERMINAL Studio
2009-11-03 04:39 . 2006-02-15 21:26 92216 ----a-w- c:\windows\system32\bass.dll
2009-11-02 20:48 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 20:48 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 20:48 . 2009-11-02 20:48 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-30 03:24 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 03:24 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 03:24 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 03:24 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 03:24 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 03:24 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 03:24 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 03:24 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 03:24 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 05:03 . 2009-10-28 05:03 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-28 04:51 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-28 04:51 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-28 04:49 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-28 04:49 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-28 04:49 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-28 04:47 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 04:47 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 22:02 . 2009-10-26 22:02 -------- d-----w- c:\programdata\XoftSpySE
2009-10-26 21:54 . 2009-10-26 22:02 4096 d-----w- c:\windows\BDOSCAN8
2009-10-26 03:11 . 2009-10-26 03:11 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-25 15:14 . 2009-10-25 15:16 -------- d-----w- c:\windows\system32\ca-ES
2009-10-25 15:14 . 2009-10-25 15:15 -------- d-----w- c:\windows\system32\eu-ES
2009-10-25 15:14 . 2009-10-25 15:15 -------- d-----w- c:\windows\system32\vi-VN
2009-10-25 14:58 . 2009-10-25 14:58 -------- d-----w- c:\windows\system32\EventProviders
2009-10-25 14:55 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-10-25 14:53 . 2009-04-11 06:28 301568 ----a-w- c:\windows\system32\srchadmin.dll
2009-10-25 14:52 . 2009-04-11 06:28 347648 ----a-w- c:\windows\system32\wbem\wbemess.dll
2009-10-25 14:51 . 2009-04-11 06:28 532992 ----a-w- c:\windows\system32\wpcao.dll
2009-10-25 14:50 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-25 14:50 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-25 14:50 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-25 14:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-25 14:50 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-25 14:50 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-25 14:50 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-25 14:50 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-25 14:50 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-25 14:50 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-25 14:50 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-25 05:07 . 2009-10-25 05:07 -------- d-----w- c:\users\ace\AppData\Roaming\MP3SkypeRecorder
2009-10-25 05:06 . 2009-10-25 05:06 375162 ----a-r- c:\users\ace\AppData\Roaming\Microsoft\Installer\{1F1C4668-7767-4109-9B5E-19AD056F2CA0}\_62C7126616B954B0A3B534.exe
2009-10-25 05:06 . 2009-10-25 05:06 375162 ----a-r- c:\users\ace\AppData\Roaming\Microsoft\Installer\{1F1C4668-7767-4109-9B5E-19AD056F2CA0}\_0F7A346F42AC9EA04D958A.exe
2009-10-25 05:06 . 2009-10-25 05:06 4096 d-----w- c:\program files\MP3 Skype Recorder
2009-10-25 04:32 . 2009-11-12 05:28 -------- d-----w- C:\PerfLogs
2009-10-25 04:01 . 2008-01-19 03:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2009-10-25 04:01 . 2008-01-19 03:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2009-10-25 04:01 . 2008-01-19 03:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2009-10-25 03:59 . 2008-01-19 03:36 105984 ----a-w- c:\windows\system32\shrink.dll
2009-10-25 03:58 . 2008-01-19 03:34 153088 ----a-w- c:\windows\system32\imagehlp.dll
2009-10-25 03:57 . 2008-01-19 03:33 8139264 ----a-w- c:\windows\system32\ssBranded.scr
2009-10-25 03:26 . 2009-10-25 03:26 -------- d-----w- c:\users\ace\AppData\Local\Microsoft Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 05:21 . 2008-06-18 15:29 4096 d-----w- c:\users\ace\AppData\Roaming\uTorrent
2009-11-22 20:21 . 2008-06-18 18:04 4096 d-----w- c:\users\ace\AppData\Roaming\Vso
2009-11-22 19:24 . 2008-06-18 16:27 4096 d-----w- c:\programdata\iolo
2009-11-22 01:13 . 2009-10-16 01:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 01:02 . 2008-06-18 14:39 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-22 01:01 . 2008-10-03 17:54 -------- d-s---w- c:\programdata\Memeo
2009-11-22 01:00 . 2008-06-18 14:42 4096 d-----w- c:\program files\Java
2009-11-21 22:34 . 2008-12-22 20:12 4096 d-----w- c:\users\ace\AppData\Roaming\Skype
2009-11-21 04:35 . 2008-06-18 16:32 518 ----a-w- c:\users\ace\AppData\Roaming\iolo\Registry\Last\restore.bat
2009-11-21 04:01 . 2008-06-18 14:25 4096 d-----w- c:\program files\Roxio
2009-11-21 03:05 . 2008-07-25 16:43 4096 d-----w- c:\users\ace\AppData\Roaming\LimeWire
2009-11-21 02:16 . 2008-06-19 21:27 16384 d-----w- c:\users\ace\AppData\Roaming\dvdcss
2009-11-17 23:11 . 2008-06-18 18:04 -------- d-----w- c:\program files\VSO
2009-11-17 23:11 . 2008-06-18 18:04 47360 ----a-w- c:\users\ace\AppData\Roaming\pcouffin.sys
2009-11-17 23:11 . 2008-06-18 18:04 47360 ----a-w- c:\users\ace\AppData\Roaming\pcouffin.sys
2009-11-17 20:32 . 2008-06-18 16:32 1295 ----a-w- c:\users\ace\AppData\Roaming\iolo\restore.bat
2009-11-17 02:56 . 2009-11-17 00:50 -------- d-----w- c:\programdata\DriverScanner
2009-11-16 17:42 . 2009-10-21 01:35 397328 ----a-w- c:\programdata\AVP9\oeas.dll
2009-11-16 17:42 . 2009-10-21 01:35 109072 ----a-w- c:\programdata\AVP9\mzvkbd3.dll
2009-11-16 17:42 . 2009-10-21 01:34 17936 ----a-w- c:\programdata\AVP9\kloehk.dll
2009-11-13 23:15 . 2008-06-18 16:27 4096 d-----w- c:\users\ace\AppData\Roaming\iolo
2009-11-10 18:59 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-07 01:59 . 2009-04-23 00:51 -------- d-----w- c:\programdata\PC Tools
2009-11-03 01:42 . 2009-10-02 15:46 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 20:48 . 2009-05-30 04:41 -------- d-----w- c:\users\ace\AppData\Roaming\Malwarebytes
2009-11-02 20:48 . 2009-05-30 04:41 -------- d-----w- c:\programdata\Malwarebytes
2009-10-30 17:57 . 2009-10-16 01:22 -------- d-----w- c:\programdata\NOS
2009-10-29 04:52 . 2008-06-18 21:53 4096 d-----w- c:\program files\Common Files\Adobe
2009-10-28 05:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-28 05:02 . 2009-10-28 05:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-28 05:02 . 2009-10-28 05:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-25 15:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-25 15:16 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-25 15:16 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-25 15:16 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-25 15:16 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-25 15:16 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-25 15:13 . 2009-10-25 15:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-25 05:07 . 2009-04-06 00:57 4096 d-----w- c:\program files\SkypeCallRecorder
2009-10-25 04:20 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-10-25 04:20 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-10-23 01:23 . 2009-03-31 00:02 -------- d-----r- c:\program files\Skype
2009-10-23 01:23 . 2008-09-13 00:23 4096 d-----w- c:\programdata\Skype
2009-10-23 00:39 . 2009-10-23 00:39 -------- d-----w- c:\users\ace\AppData\Roaming\nod32 updater
2009-10-22 22:54 . 2008-09-13 00:26 -------- d-----w- c:\users\ace\AppData\Roaming\skypePM
2009-10-22 21:46 . 2009-10-11 12:11 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-22 21:45 . 2009-10-11 12:11 2115496 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-21 01:51 . 2009-10-21 01:51 23624 ----a-w- c:\programdata\AVP9\wmifw.exe
2009-10-21 01:51 . 2009-10-21 01:51 23624 ----a-w- c:\programdata\AVP9\wmias.exe
2009-10-21 01:51 . 2009-10-21 01:51 23624 ----a-w- c:\programdata\AVP9\wmiav.exe
2009-10-21 01:39 . 2009-10-21 01:39 17616 ----a-w- c:\programdata\AVP9\kldw.exe
2009-10-21 01:39 . 2009-10-21 01:39 340456 ----a-w- c:\programdata\AVP9\avp.exe
2009-10-21 01:39 . 2009-10-21 01:39 19472 ----a-w- c:\programdata\AVP9\avp.com
2009-10-21 01:36 . 2009-10-21 01:36 150032 ----a-w- c:\programdata\AVP9\ckahstat.dll
2009-10-21 01:34 . 2009-10-21 01:34 248336 ----a-w- c:\programdata\AVP9\klwtblc.dll
2009-10-21 01:22 . 2009-10-21 01:22 626688 ----a-w- c:\programdata\AVP9\msvcr80.dll
2009-10-21 01:22 . 2009-10-21 01:22 548864 ----a-w- c:\programdata\AVP9\msvcp80.dll
2009-10-21 01:22 . 2009-10-21 01:22 479232 ----a-w- c:\programdata\AVP9\msvcm80.dll
2009-10-21 01:22 . 2009-10-21 01:22 401462 ----a-w- c:\programdata\AVP9\msvcp60.dll
2009-10-21 01:22 . 2009-10-21 01:22 1080656 ----a-w- c:\programdata\AVP9\dbghelp.dll
2009-10-21 01:22 . 2009-10-21 01:22 1019959 ----a-w- c:\programdata\AVP9\mfc42.dll
2009-10-21 01:22 . 2009-10-21 01:22 247312 ----a-w- c:\programdata\AVP9\Load46St.dll
2009-10-20 16:54 . 2009-10-20 16:54 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-10-19 21:08 . 2009-10-19 21:08 -------- d-----w- c:\program files\MSSOAP
2009-10-19 15:20 . 2008-06-19 11:55 -------- d-----w- c:\users\ace\AppData\Roaming\Lexmark Productivity Studio
2009-10-19 15:15 . 2009-10-19 15:14 69632 d-----w- c:\program files\Lexmark 5000 Series
2009-10-19 13:54 . 2008-06-18 14:21 4096 d-----w- c:\programdata\Lx_cats
2009-10-19 13:39 . 2009-10-19 13:39 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-19 13:39 . 2009-10-19 13:39 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-10-19 06:32 . 2009-10-19 06:32 -------- d-----w- c:\program files\uTorrent
2009-10-19 05:59 . 2009-05-06 15:04 4096 d-----w- c:\users\ace\AppData\Roaming\Winamp
2009-10-19 05:59 . 2009-07-22 01:55 4096 d-----w- c:\programdata\Yahoo! Companion
2009-10-19 05:15 . 2009-10-19 04:20 34705 ----a-w- c:\programdata\nvModes.dat
2009-10-19 04:23 . 2008-06-18 20:48 -------- d-----w- c:\programdata\NVIDIA
2009-10-19 04:03 . 2008-09-27 03:54 1356 ----a-w- c:\users\ace\AppData\Local\d3d9caps.dat
2009-10-17 17:52 . 2009-10-17 17:52 4096 d-----w- c:\program files\Desktop Architect
2009-10-15 02:18 . 2009-10-15 02:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-15 02:18 . 2009-10-15 02:18 36880 ----a-w- c:\programdata\AVP9\KLIFX86\klbg.sys
2009-10-14 16:12 . 2009-10-14 16:12 311312 ----a-w- c:\programdata\AVP9\KLIFX86\klif.sys
2009-10-12 00:22 . 2009-10-12 00:22 -------- d-----w- c:\program files\Microsoft ATS
2009-10-11 18:35 . 2009-10-11 18:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-11 18:21 . 2008-06-18 15:42 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-11 12:11 . 2009-10-11 12:11 -------- d-----w- c:\program files\iolo
2009-10-07 13:16 . 2009-10-07 13:16 -------- d-----w- c:\program files\Lexmark Toolbar
2009-10-06 01:00 . 2009-10-06 01:00 -------- d-----w- c:\program files\CCleaner
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-03 00:39 . 2009-10-03 00:39 19472 ----a-w- c:\programdata\AVP9\KLIFX86\klmouflt.sys
2009-10-01 01:02 . 2009-10-28 04:50 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-28 04:50 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-28 04:50 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-28 04:50 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-28 04:50 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-28 04:50 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-28 04:50 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-28 04:50 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-28 04:50 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-28 04:50 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-28 04:50 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-28 04:50 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-28 04:50 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-19 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-10-21 313784]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-07-06 455344]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-06-01 20480]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\AVP9\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ """autocheck autochk *"""\0autocheck smrgdf c:\users\ace\AppData\Roaming\iolo\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^ace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Call Graph.lnk]
backup=c:\windows\pss\Call Graph.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^ace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoBackup Launcher.lnk]
backup=c:\windows\pss\Memeo AutoBackup Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^ace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Memeo AutoSync Launcher.lnk]
backup=c:\windows\pss\Memeo AutoSync Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallGraph
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype Call Recorder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:2a,c2,0f,e8,86,55,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [6/18/2008 11:30 AM 12800]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [9/14/2009 2:46 PM 21520]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [11/6/2009 9:13 PM 142592]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 7:11 AM 659376]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/11/2009 7:11 AM 659376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/2/2009 3:48 PM 269648]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/30/2009 10:29 AM 185640]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\System32\drivers\vrtaucbl.sys [8/17/2009 8:04 PM 40576]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [11/2/2009 3:48 PM 19160]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [6/20/2008 2:30 PM 21504]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [11/2/2006 5:25 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [11/2/2006 5:25 AM 251904]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 5:28 PM 31768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-23 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-11-08 23:58]

2009-11-23 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-11-08 23:58]

2009-11-19 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-11-08 23:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15153&l=dis
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
FF - ProfilePath - c:\users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\ace\AppData\Roaming\Mozilla\Firefox\Profiles\mqwrmi6i.default\extensions\{82b2e8e1-404d-48d6-9599-c6bb1f1bbe3f}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - (no file)
Toolbar-{d84741b3-22e1-4c15-bbd4-6b2ace2f57df} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{D84741B3-22E1-4C15-BBD4-6B2ACE2F57DF} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 01:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85C321F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8bbacd24
\Driver\ACPI -> acpi.sys @ 0x8073fd68
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D61.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(628)
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\lxdmcoms.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_6fa9efce\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
.
**************************************************************************
.
Completion time: 2009-11-23 01:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-23 06:34

Pre-Run: 170,612,772,864 bytes free
Post-Run: 169,997,959,168 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=6 Sets=1,2,5,6
- - End Of File - - AC0D39BD201FD574C9C4546FF1B07F63

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:14 AM

Posted 24 November 2009 - 02:32 PM

Hi,

the PC looks clean to me.

Just to be safe I would like you to run an online scan with Eset:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please try the following tool to disable unneeded startup item to speed up your PC:
Download and Run StartupLite
This program will identify and give you the option to remove uneeded startup items to free memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click the icon to start the program. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of uneeded startup entries will be compiled. Leave all the items as Disabled and click Continue.
  • Restart your computer.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:14 AM

Posted 29 November 2009 - 03:28 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users