Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Security Tool


  • This topic is locked This topic is locked
24 replies to this topic

#1 jjphcross

jjphcross

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 15 November 2009 - 07:33 PM

My pc was infected with Security tool, followed the guide here on how to remove it, things went well for all intents, that is untill i noticed that while surfing the web, i would get redirected to ad sites.
I also noticed that programs that launched using the .Net framework all would not launch when clicked, they would error with a "program stoped responding" error.

attached are the dds logs and hijack this logs.

i would post a root repel log, but that program blue screens vista.

any help would be great.

Thank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 16 November 2009 - 08:22 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 16 November 2009 - 09:52 PM

I have to appologize,

When I ran ComboFix it got up there in the scan aways, and then blue screened my system.

I was able to get rootrepeal to run if your intrested in those logs.

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 17 November 2009 - 09:21 AM

I'm afraid that doesn't help us.

Delete combofix.exe from your desktop.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
It's vital that you disable your antivirus before running Combofix.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 November 2009 - 07:44 AM

Renamed it combo-fix.exe ran it again, tried running it as administrator as well, it still blue screens well into its process.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 18 November 2009 - 08:57 AM

We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.


Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 November 2009 - 07:15 PM

OTL log:
OTL logfile created on: 11/18/2009 5:11:57 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Users\John\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.65% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596.17 Gb Total Space | 81.07 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive D: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 111.79 Gb Total Space | 24.58 Gb Free Space | 21.98% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 30.50 Gb Free Space | 13.10% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 34.69 Gb Total Space | 9.74 Gb Free Space | 28.09% Space Free | Partition Type: NTFS
Drive I: | 21.20 Gb Total Space | 7.08 Gb Free Space | 33.40% Space Free | Partition Type: NTFS
Drive J: | 3.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive M: | 959.72 Mb Total Space | 959.72 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Unable to calculate disk information.

Computer Name: RAVENHOME
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/18 17:11:37 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
PRC - [2009/11/15 18:25:16 | 00,189,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/11/11 19:04:33 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2009/11/09 22:17:45 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/07 00:02:06 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 08:11:57 | 01,217,808 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2009/10/08 16:25:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/05 10:36:42 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/05 10:36:42 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/05 10:36:40 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/10/05 10:36:40 | 01,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/10/05 10:36:40 | 01,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/09/04 12:16:16 | 00,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/09/03 14:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/08/17 22:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/07/20 18:21:50 | 07,625,248 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/07 16:46:26 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/07/07 16:46:26 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/04/16 18:54:30 | 00,087,336 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/04/10 23:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 23:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/10 23:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/12 08:54:02 | 00,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/01/29 11:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 11:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2007/11/06 11:08:10 | 00,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
PRC - [2007/07/17 11:03:38 | 00,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe


========== Modules (SafeList) ==========

MOD - [2009/11/18 17:11:37 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\John\Downloads\OTL.exe
MOD - [2009/04/10 23:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/15 18:25:16 | 00,189,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/11/11 19:04:33 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/10/31 08:12:36 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/05 10:36:42 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/05 10:36:42 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/05 10:36:40 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/10/05 10:36:40 | 01,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/05 10:36:40 | 00,341,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/10/04 09:32:15 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 18:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/27 11:54:18 | 01,089,536 | ---- | M] (SageTV, LLC) -- C:\Program Files\SageTV\SageTV\SageTVService.exe -- (SageTV)
SRV - [2009/07/13 11:06:15 | 03,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/07 16:46:26 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/04/10 23:28:20 | 00,373,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/10 23:28:20 | 00,373,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/10 23:28:17 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/29 11:25:10 | 00,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 11:24:46 | 00,163,840 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/20 19:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/20 19:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/19 17:23:20 | 00,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)


========== Driver Services (SafeList) ==========

DRV - [2009/10/05 16:28:54 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/05 10:36:44 | 00,320,560 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/10/05 10:36:44 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/10/05 10:36:42 | 00,281,648 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/10/05 10:36:36 | 00,421,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/10/05 10:36:36 | 00,188,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/10/05 10:36:36 | 00,026,416 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/09/17 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091117.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20091117.034\NAVENG.SYS -- (NAVENG)
DRV - [2009/09/04 12:16:14 | 00,087,536 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009/07/20 18:15:28 | 02,664,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/08 04:29:00 | 09,899,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/19 20:50:50 | 00,391,168 | ---- | M] (Hauppauge Computer Works, Inc) -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2008/01/29 12:55:00 | 01,042,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 19:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2008/01/20 19:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/12 15:53:10 | 00,013,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB B4 46 E9 A8 61 CA 01 [binary data]
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\S-1-5-21-2833064837-1408311257-3751490624-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\S-1-5-21-2833064837-1408311257-3751490624-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/18 03:01:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 22:18:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 22:18:33 | 00,000,000 | ---D | M]

[2009/10/03 07:48:45 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2009/10/03 07:48:45 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/17 17:20:35 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1grdynev.default\extensions
[2009/10/05 04:06:26 | 00,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1grdynev.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/17 17:20:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 00:02:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/08 16:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/11/07 00:02:05 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 00:02:05 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/08 16:25:40 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/11/07 00:02:07 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/09 22:18:18 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/11/09 22:18:33 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
[2009/11/09 22:18:12 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/08/24 11:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/08/24 11:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/08/24 11:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/08/24 11:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/08/24 11:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/08/24 11:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/08/24 11:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (352008 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12067 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [Epson Stylus NX510(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\..Trusted Domains: l-3com.com ([remoteaccess.csw] https in Trusted sites)
O15 - HKU\S-1-5-21-2833064837-1408311257-3751490624-1000\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://remoteaccess.csw.l-3com.com/dana-ca...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 17:53:55 | 00,000,142 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/02/02 21:46:27 | 00,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/08/05 10:02:19 | 00,398,600 | R--- | M] (Electronic Arts Inc.) - J:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/08/05 09:23:19 | 00,000,043 | R--- | M] () - J:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008/08/05 09:52:02 | 00,000,000 | R--D | M] - J:\autorun -- [ UDF ]
O33 - MountPoints2\{bb155583-afec-11de-8e4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bb155583-afec-11de-8e4c-806e6f6e6963}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2008/08/05 10:02:19 | 00,398,600 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/18 05:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2009/11/17 19:16:29 | 00,000,000 | --SD | C] -- C:\Combo-Fixer
[2009/11/17 19:15:19 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/11/17 17:33:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009/11/17 03:00:49 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/11/16 19:25:43 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/16 19:12:51 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/16 19:12:51 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/16 19:12:51 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/16 19:12:51 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/16 19:12:36 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/16 19:10:19 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/15 17:43:09 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Activision
[2009/11/15 17:13:45 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\hijackthislogs
[2009/11/15 17:05:34 | 00,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2009/11/15 12:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/15 12:18:11 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/15 12:18:11 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/15 12:18:10 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/15 12:17:26 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/15 12:17:26 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/11/15 12:17:25 | 00,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/11/15 12:17:25 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/15 12:17:24 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/15 12:17:24 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/15 12:17:24 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/15 12:17:24 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/15 12:17:24 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/15 12:17:24 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/15 12:17:24 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/15 12:17:24 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/15 12:17:24 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/15 12:17:24 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/15 12:17:24 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/15 12:17:24 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/15 12:17:24 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/15 12:17:23 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/15 12:17:23 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/15 12:17:23 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/15 12:17:23 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/15 12:17:23 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/15 12:17:23 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/15 12:17:23 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/15 12:17:23 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/15 12:17:23 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/15 12:17:23 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/15 12:16:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdbusenum.dll
[2009/11/15 12:16:22 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/15 12:16:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/15 12:16:19 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/15 12:16:17 | 02,537,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdshext.dll
[2009/11/15 12:16:17 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/15 12:16:17 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/15 12:16:17 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/15 12:16:17 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/15 12:16:17 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/15 12:16:17 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/15 12:16:17 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/15 12:16:17 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
[2009/11/15 12:16:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/15 12:16:17 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WpdUsb.sys
[2009/11/15 12:16:17 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/15 12:15:19 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/15 12:15:19 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
[2009/11/15 12:15:19 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/15 10:59:03 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/15 10:29:35 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Local\WindowsUpdate
[2009/11/14 23:58:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/14 23:58:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/14 23:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/14 23:12:13 | 00,000,000 | ---D | C] -- C:\Program Files\Aion
[2009/11/13 09:11:12 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/13 09:08:53 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2009/11/13 09:08:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/11/13 09:08:45 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/11/13 09:08:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/13 09:08:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/13 09:08:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/13 09:04:38 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2009/11/11 15:44:58 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/11 15:44:52 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/09 22:18:18 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/11/09 22:18:08 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/11/09 22:18:08 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/11/09 22:18:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/11/09 22:17:48 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/11/09 22:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/11/09 22:17:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/11/09 22:17:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009/11/09 22:17:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/11/09 22:17:41 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
[2009/11/09 18:51:35 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Creative
[2009/11/09 18:49:56 | 00,000,000 | ---D | C] -- C:\zen
[2009/11/07 03:21:11 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/11/07 03:21:11 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/11/07 03:21:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/11/06 23:56:19 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/11/06 18:02:05 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\New Folder (3)
[2009/11/04 01:31:11 | 05,939,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/11/04 01:31:10 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/01 19:28:45 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\New Folder (2)
[2009/11/01 19:28:32 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\mc
[2009/11/01 18:41:23 | 00,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\.minecraft
[2009/11/01 18:41:01 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/10/30 14:00:31 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\Hallowindow
[2009/10/28 06:20:47 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 06:20:45 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 06:20:42 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/26 12:11:23 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/10/26 12:11:22 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/10/26 12:11:22 | 01,929,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/10/26 12:11:22 | 00,053,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/10/26 12:10:56 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/10/26 12:10:55 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/10/26 12:10:55 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/10/26 12:10:45 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/10/26 12:10:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/10/22 17:52:33 | 00,000,000 | ---D | C] -- C:\DPHDRBatch
[2009/10/21 16:56:16 | 00,000,000 | ---D | C] -- C:\Users\John\Desktop\121_1021
[2009/10/20 03:40:15 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/10/20 03:40:13 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/10/20 03:40:12 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/10/20 03:40:11 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/10/20 03:40:11 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/10/20 03:40:09 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/10/20 03:40:08 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/10/20 03:40:06 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/10/20 03:40:05 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/10/20 03:40:04 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/10/20 03:40:03 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/10/20 03:40:03 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/10/20 03:40:03 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/10/20 03:40:03 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/10/20 03:40:02 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/10/20 03:40:01 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/10/20 03:40:01 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/10/20 03:40:00 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/10/20 03:40:00 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/10/20 03:40:00 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/10/20 03:40:00 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/10/20 03:39:59 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/10/20 03:39:57 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/10/20 03:39:57 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/10/20 03:39:57 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/10/20 03:39:57 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/10/20 03:39:56 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/10/20 03:39:56 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/10/20 03:39:56 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/10/20 03:39:55 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/10/20 03:39:55 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/10/20 03:39:55 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/10/20 03:39:55 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/10/20 03:39:54 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/10/20 03:39:54 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/10/20 03:39:54 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/10/20 03:39:53 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/10/20 03:39:52 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/10/20 03:39:52 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/10/20 03:39:52 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/10/20 03:39:51 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/10/20 03:39:51 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/10/20 03:39:51 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/10/20 03:39:51 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/10/20 03:39:51 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/10/20 03:39:51 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/10/20 03:39:51 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/10/20 03:39:51 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/10/20 03:39:50 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/10/20 03:39:49 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/10/20 03:39:48 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/10/20 03:39:47 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/10/20 03:39:47 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/10/20 03:39:46 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/10/20 03:39:46 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/10/20 03:39:46 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/10/20 03:39:46 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/10/20 03:39:46 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/10/20 03:39:45 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/10/20 03:39:45 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/10/20 03:39:45 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/10/20 03:39:45 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/10/20 03:39:44 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/10/20 03:39:44 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/10/20 03:39:44 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/10/20 03:39:44 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/10/20 03:39:44 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/20 03:39:44 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/10/20 03:39:43 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/10/20 03:39:43 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/10/20 03:39:43 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/10/20 03:39:43 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/10/20 03:39:42 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/10/20 03:39:42 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/10/20 03:39:42 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/10/20 03:39:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/10/20 03:39:42 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/10/20 03:39:42 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/10/20 03:39:41 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/10/20 03:39:41 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/10/20 03:39:41 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/10/20 03:39:40 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/10/20 03:39:40 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/10/20 03:39:40 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/10/20 03:39:40 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/10/20 03:39:40 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/10/20 03:39:39 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/10/20 03:39:39 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/10/20 03:39:39 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/10/20 03:39:39 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/10/20 03:39:39 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/10/20 03:39:38 | 01,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/10/20 03:39:38 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/10/20 03:39:38 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/10/20 03:39:38 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/10/20 03:39:38 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/10/20 03:39:38 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/20 03:39:38 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/10/20 03:39:38 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/10/20 03:39:37 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/10/20 03:39:37 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/10/20 03:39:36 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/10/20 03:39:36 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/10/20 03:39:36 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/10/20 03:39:36 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/10/20 03:39:36 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/10/20 03:39:36 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/10/20 03:39:36 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/10/20 03:39:36 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/10/20 03:39:36 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/10/20 03:39:35 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/20 03:39:33 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/10/20 03:39:33 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/10/20 03:39:33 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/10/20 03:39:33 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/10/20 03:39:32 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/10/20 03:39:32 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/10/20 03:39:32 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/10/20 03:39:32 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/10/20 03:39:31 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/10/20 03:39:31 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/10/20 03:39:31 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/10/20 03:39:31 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/10/20 03:39:31 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/10/20 03:39:30 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/10/20 03:39:30 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/10/20 03:39:30 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/10/20 03:39:29 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/10/20 03:39:29 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/10/20 03:39:29 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/10/20 03:39:28 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/10/20 03:39:28 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/10/20 03:39:28 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/10/20 03:39:28 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/10/20 03:39:28 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/10/20 03:39:27 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/10/20 03:39:27 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/10/20 03:39:27 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/10/20 03:39:27 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/10/20 03:39:27 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/10/20 03:39:27 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/10/20 03:39:27 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/10/20 03:39:26 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/10/20 03:39:26 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/10/20 03:39:26 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/10/20 03:39:26 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/10/20 03:39:26 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/10/20 03:39:26 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/10/20 03:39:25 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/10/20 03:39:25 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/10/20 03:39:25 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/10/20 03:39:25 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/10/20 03:39:25 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/10/20 03:39:25 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/10/20 03:39:25 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/10/20 03:39:25 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/10/20 03:39:24 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/10/20 03:39:24 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/10/20 03:39:24 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/10/20 03:39:24 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/10/20 03:39:24 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/10/20 03:39:24 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/10/20 03:39:23 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/10/20 03:39:23 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/10/20 03:39:23 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/10/20 03:39:23 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/10/20 03:39:22 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/10/20 03:39:22 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/10/20 03:39:22 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/10/20 03:39:21 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/10/20 03:39:21 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/10/20 03:39:21 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/10/20 03:39:21 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/10/20 03:39:20 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/10/20 03:39:20 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/10/20 03:39:20 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/10/20 03:39:20 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/10/20 03:39:20 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/10/20 03:39:20 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/10/20 03:39:20 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/10/20 03:39:20 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/10/20 03:39:20 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/10/20 03:39:20 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/10/20 03:39:19 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/10/20 03:39:19 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/10/20 03:39:19 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/10/20 03:39:19 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/10/20 03:39:19 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/10/20 03:39:19 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/10/20 03:39:19 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/10/20 03:39:19 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/10/20 03:39:18 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/10/20 03:39:18 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/10/20 03:39:18 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/10/20 03:39:18 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/10/20 03:39:18 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/10/20 03:39:18 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/10/20 03:39:18 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/10/20 03:39:18 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/10/20 03:39:17 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/10/20 03:39:17 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/10/20 03:39:17 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/10/20 03:39:17 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/10/20 03:39:17 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/10/20 03:39:17 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/10/20 03:39:17 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/10/20 03:39:17 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/10/20 03:39:17 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/10/20 03:39:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/10/20 03:39:17 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/10/20 03:39:17 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/10/20 03:39:16 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/10/20 03:39:16 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/10/20 03:39:16 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/10/20 03:39:16 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/10/20 03:39:16 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/10/20 03:39:16 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/10/20 03:39:16 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/10/20 03:39:16 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/10/20 03:39:16 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/10/20 03:39:16 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/10/20 03:39:16 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/10/20 03:39:15 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/10/20 03:39:15 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/10/20 03:39:15 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/10/20 03:39:15 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/10/20 03:39:15 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/10/20 03:39:15 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/10/20 03:39:15 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/10/20 03:39:15 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/10/20 03:39:15 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/10/20 03:39:15 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/10/20 03:39:15 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/10/20 03:39:15 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/10/20 03:39:14 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/10/20 03:39:14 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/10/20 03:39:14 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/10/20 03:39:14 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/10/20 03:39:14 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/10/20 03:39:14 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/10/20 03:39:14 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/10/20 03:39:14 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/10/20 03:39:14 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/10/20 03:39:14 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/10/20 03:39:14 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/10/20 03:39:13 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/10/20 03:39:13 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/10/20 03:39:13 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/10/20 03:39:13 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/10/20 03:39:13 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/10/20 03:39:13 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/10/20 03:39:13 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/10/20 03:39:13 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/10/20 03:39:13 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/10/20 03:39:13 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/10/20 03:39:13 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/10/20 03:39:13 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/10/20 03:39:13 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/10/20 03:39:12 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/10/20 03:39:12 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/10/20 03:39:12 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/10/20 03:39:12 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/10/20 03:39:12 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/10/20 03:39:12 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/10/20 03:39:12 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/10/20 03:39:12 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/10/20 03:39:12 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/10/20 03:39:12 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/10/20 03:39:12 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/10/20 03:39:12 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/10/20 03:39:12 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/10/20 03:39:11 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/10/20 03:39:11 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/10/20 03:39:10 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/10/20 03:39:10 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/10/20 03:39:10 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/10/20 03:39:10 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/10/20 03:39:10 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/10/20 03:39:10 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/10/20 03:39:10 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/10/20 03:39:09 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/10/20 03:39:09 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/10/20 03:39:09 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/10/20 03:39:09 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/10/20 03:39:09 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/10/20 03:39:09 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/10/20 03:39:09 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/10/20 03:39:09 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/10/20 03:39:09 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/10/20 03:39:09 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/10/20 03:39:09 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/10/20 03:39:09 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/10/20 03:39:09 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/10/20 03:39:09 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/10/20 03:39:09 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/10/20 03:39:09 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/10/20 03:39:08 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/10/20 03:39:08 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/10/20 03:39:08 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/10/20 03:39:08 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/10/20 03:39:08 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/10/20 03:39:08 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/10/20 03:39:08 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/10/20 03:39:08 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/10/20 03:39:08 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/10/20 03:39:08 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/10/20 03:39:08 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/10/20 03:39:08 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/10/20 03:39:07 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/10/20 03:39:07 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/10/20 03:39:07 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/10/20 03:39:07 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/10/20 03:39:07 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/10/20 03:39:07 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/10/20 03:39:07 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/10/20 03:39:07 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/10/20 03:39:07 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/10/20 03:39:07 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/10/20 03:39:07 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/10/20 03:39:07 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/10/20 03:39:07 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/10/20 03:39:07 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/10/20 03:39:06 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/10/20 03:39:06 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/10/20 03:39:06 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/10/20 03:39:06 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/10/20 03:39:06 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/10/20 03:39:06 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/10/20 03:39:06 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/10/20 03:39:06 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/10/20 03:39:05 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/10/20 03:39:05 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/10/20 03:39:05 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/10/20 03:39:05 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/10/20 03:39:05 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/10/20 03:39:05 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/10/20 03:39:05 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/10/20 03:39:05 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/10/20 03:39:05 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/10/20 03:39:05 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/10/20 03:39:05 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/10/20 03:39:05 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/10/20 03:39:02 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/10/20 03:39:02 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/10/20 03:39:02 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/10/20 03:39:02 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/10/20 03:39:02 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/10/20 03:39:02 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/10/20 03:39:02 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/10/20 03:39:02 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/10/20 03:39:02 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/10/20 03:39:02 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/10/20 03:39:02 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/10/20 03:39:02 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/10/20 03:39:02 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/10/20 03:39:02 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/10/20 03:39:01 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/10/20 03:39:01 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/10/20 03:39:01 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/10/20 03:39:01 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/10/20 03:39:01 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/10/20 03:39:01 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/10/20 03:39:01 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/10/20 03:39:01 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/10/20 03:39:01 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/10/20 03:39:01 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/10/20 03:39:01 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/10/20 03:39:01 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/10/20 03:39:01 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/10/20 03:39:01 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/10/20 03:39:01 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/10/20 03:39:01 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/10/20 03:39:01 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/10/20 03:39:01 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/10/20 03:39:01 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/10/20 03:39:00 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/10/20 03:39:00 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/10/20 03:39:00 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/10/20 03:39:00 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/10/20 03:39:00 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/10/20 03:39:00 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/10/20 03:39:00 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/10/20 03:39:00 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/10/20 03:39:00 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/10/20 03:38:59 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/10/20 03:38:59 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/10/20 03:38:59 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/10/20 03:38:59 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/10/20 03:38:59 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/10/20 03:38:59 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/10/20 03:38:59 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/10/20 03:38:59 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/10/20 03:38:59 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/10/20 03:38:59 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/10/20 03:38:59 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/10/20 03:38:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/10/20 03:38:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/10/20 03:38:59 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/10/20 03:38:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/10/20 03:38:59 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/10/20 03:38:58 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/10/20 03:38:58 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/10/20 03:38:58 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/10/20 03:38:58 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/10/20 03:38:58 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/10/20 03:38:58 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/10/20 03:38:58 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/10/20 03:38:58 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/10/20 03:38:58 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/10/20 03:38:57 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/10/20 03:38:57 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/10/20 03:38:57 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/10/20 03:38:57 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/10/20 03:38:57 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/10/20 03:38:57 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/10/20 03:38:57 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/10/20 03:38:57 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/10/20 03:38:57 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/10/20 03:38:56 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/10/20 03:38:56 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/10/20 03:38:56 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/10/20 03:38:56 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/10/20 03:38:56 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/10/20 03:38:56 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/10/20 03:38:56 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/10/20 03:38:56 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/10/20 03:38:56 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/10/20 03:38:55 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/10/20 03:38:55 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/10/20 03:38:55 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/10/20 03:38:55 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/10/20 03:38:55 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/20 03:38:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/10/20 03:38:55 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/10/20 03:38:55 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/10/20 03:38:55 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/10/20 03:38:55 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/10/20 03:38:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/10/20 03:38:55 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/10/20 03:38:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/10/20 03:38:55 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/10/20 03:38:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/10/20 03:38:55 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/10/20 03:38:55 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/10/20 03:38:55 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/10/20 03:38:54 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/10/20 03:38:54 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/10/20 03:38:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/10/20 03:38:54 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/10/20 03:38:54 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/10/20 03:38:54 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/10/20 03:38:54 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/10/20 03:38:54 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/10/20 03:38:54 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/10/20 03:38:54 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/10/20 03:38:54 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/10/20 03:38:54 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/10/20 03:38:54 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/10/20 03:38:54 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/10/20 03:38:54 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/10/20 03:38:54 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/10/20 03:38:54 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/10/20 03:38:54 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/10/20 03:38:54 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/10/20 03:38:54 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/10/20 03:38:53 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/10/20 03:38:53 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/10/20 03:38:53 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/10/20 03:38:53 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/10/20 03:38:53 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/10/20 03:38:53 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/10/20 03:38:53 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/10/20 03:38:53 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/10/20 03:38:53 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/10/20 03:38:53 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/10/20 03:38:53 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/10/20 03:38:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/10/20 03:38:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/10/20 03:38:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/10/20 03:38:52 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/10/20 03:38:52 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/10/20 03:38:52 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/10/20 03:38:52 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/10/20 03:38:52 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/10/20 03:38:52 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/10/20 03:38:52 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/10/20 03:38:52 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/10/20 03:38:52 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/10/20 03:38:52 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/10/20 03:38:52 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/10/20 03:38:51 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/10/20 03:38:51 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/10/20 03:38:51 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/10/20 03:38:51 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/10/20 03:38:51 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/10/20 03:38:51 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/10/20 03:38:51 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/10/20 03:38:50 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/10/20 03:38:50 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/10/20 03:38:50 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/10/20 03:38:50 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/10/20 03:38:50 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/10/20 03:38:50 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/10/20 03:38:50 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/10/20 03:38:50 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/10/20 03:38:50 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/10/20 03:38:50 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/10/20 03:38:50 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/10/20 03:38:50 | 00,062,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ohci1394.sys
[2009/10/20 03:38:50 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/10/20 03:38:49 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/10/20 03:38:49 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/10/20 03:38:49 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/10/20 03:38:49 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/10/20 03:38:49 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/10/20 03:38:49 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/10/20 03:38:49 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/10/20 03:38:49 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/10/20 03:38:49 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/10/20 03:38:49 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/10/20 03:38:49 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/10/20 03:38:49 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/10/20 03:38:49 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/10/20 03:38:49 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/10/20 03:38:49 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/10/20 03:38:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/10/20 03:38:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/10/20 03:38:49 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/10/20 03:38:49 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/10/20 03:38:49 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/10/20 03:38:48 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/10/20 03:38:48 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/10/20 03:38:48 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/10/20 03:38:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/10/20 03:38:48 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/20 03:38:48 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/10/20 03:38:48 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/10/20 03:38:48 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/10/20 03:38:48 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/20 03:38:48 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/10/20 03:38:48 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/10/20 03:38:48 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/10/20 03:38:48 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/10/20 03:38:48 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/10/20 03:38:48 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/10/20 03:38:48 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/10/20 03:38:47 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/10/20 03:38:47 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/10/20 03:38:47 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/10/20 03:38:47 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/10/20 03:38:47 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/10/20 03:38:47 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/10/20 03:38:47 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/10/20 03:38:47 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/10/20 03:38:47 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/10/20 03:38:46 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/10/20 03:38:46 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/10/20 03:38:46 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/10/20 03:38:46 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/10/20 03:38:46 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/10/20 03:38:46 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/10/20 03:38:46 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/10/20 03:38:46 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/10/20 03:38:46 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/10/20 03:38:46 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/10/20 03:38:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/10/20 03:38:45 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/10/20 03:38:45 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/10/20 03:38:45 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/10/20 03:38:45 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/10/20 03:38:45 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/10/20 03:38:45 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/10/20 03:38:45 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/10/20 03:38:45 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/10/20 03:38:45 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/10/20 03:38:45 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/10/20 03:38:45 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/10/20 03:38:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/10/20 03:38:45 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/10/20 03:38:44 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/10/20 03:38:44 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/10/20 03:38:44 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/10/20 03:38:44 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/10/20 03:38:44 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/10/20 03:38:44 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/10/20 03:38:44 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/10/20 03:38:44 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/10/20 03:38:44 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/10/20 03:38:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/10/20 03:38:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/10/20 03:38:44 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/10/20 03:38:44 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/10/20 03:38:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/10/20 03:38:44 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/10/20 03:38:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/10/20 03:38:44 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/10/20 03:38:43 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/10/20 03:38:43 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/10/20 03:38:43 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/10/20 03:38:42 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/10/20 03:38:42 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/10/20 03:38:42 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/10/20 03:38:42 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/10/20 03:38:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/10/20 03:38:41 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/10/20 03:38:28 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/10/20 03:38:26 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/10/20 03:38:26 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/10/20 03:38:24 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll

========== Files - Modified Within 30 Days ==========

[2009/11/18 17:12:36 | 06,029,312 | -HS- | M] () -- C:\Users\John\NTUSER.DAT
[2009/11/18 16:57:29 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/18 16:57:29 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/18 13:04:47 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7AEC963B-B008-46A2-9BAD-F4C40B6FF6D7}.job
[2009/11/18 05:54:38 | 00,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2009/11/17 19:32:09 | 00,773,782 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/17 19:32:09 | 00,656,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/17 19:32:09 | 00,121,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/17 19:26:38 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/17 19:26:38 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/11/17 19:25:45 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/17 19:25:45 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/11/17 19:25:36 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/17 19:25:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/17 19:24:45 | 28,848,12800 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/17 19:24:38 | 41,473,3532 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/17 19:15:07 | 03,565,123 | R--- | M] () -- C:\Users\John\Desktop\Combo-Fixer.exe
[2009/11/17 17:17:49 | 00,028,908 | ---- | M] () -- C:\cc_20091117_171730.reg
[2009/11/17 17:17:08 | 00,000,082 | ---- | M] () -- C:\Users\John\Documents\cc_20091117_171701.reg
[2009/11/17 17:16:06 | 00,001,809 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2009/11/17 17:05:45 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{327160c4-d244-11de-9cff-0021851a8ee2}.TMContainer00000000000000000001.regtrans-ms
[2009/11/17 17:05:45 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{327160c4-d244-11de-9cff-0021851a8ee2}.TM.blf
[2009/11/17 17:04:57 | 02,948,484 | -H-- | M] () -- C:\Users\John\AppData\Local\IconCache.db
[2009/11/15 20:54:24 | 00,189,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/11/15 18:25:43 | 00,138,064 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/15 18:25:16 | 00,189,184 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/15 17:10:04 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{327160c4-d244-11de-9cff-0021851a8ee2}.TMContainer00000000000000000002.regtrans-ms
[2009/11/15 13:03:48 | 00,099,864 | ---- | M] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/15 13:02:47 | 00,524,288 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2009/11/15 13:02:47 | 00,065,536 | -HS- | M] () -- C:\Users\John\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2009/11/15 13:02:19 | 01,711,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/15 12:59:10 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/15 12:58:52 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/15 12:14:43 | 00,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[2009/11/15 12:09:09 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/11/15 11:58:17 | 00,001,670 | ---- | M] () -- C:\Users\John\Desktop\CCleaner.lnk
[2009/11/15 10:25:21 | 00,352,008 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/14 23:58:51 | 00,001,055 | ---- | M] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/13 09:11:13 | 00,001,874 | ---- | M] () -- C:\Users\John\Desktop\HijackThis.lnk
[2009/11/13 09:08:49 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/13 09:05:50 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\John\Desktop\mbam-setup.exe
[2009/11/11 19:04:33 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/11 18:44:55 | 02,253,965 | ---- | M] () -- C:\Users\John\Desktop\Call of Duty - World at War V 1.6 RANK HAX.exe
[2009/11/10 19:19:11 | 00,000,020 | ---- | M] () -- C:\Users\John\Documents\aionmemo_e0a0295a.dat
[2009/11/09 22:19:01 | 00,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/11/09 22:18:18 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/11/09 22:18:08 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/11/09 22:18:08 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/11/09 22:17:48 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2009/11/09 22:17:48 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/11/05 17:23:02 | 00,018,944 | ---- | M] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/05 10:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/11/01 15:31:21 | 00,262,188 | ---- | M] () -- C:\Users\John\Desktop\81136 copy.tga
[2009/11/01 15:17:54 | 00,794,876 | ---- | M] () -- C:\Users\John\Desktop\81136.psd
[2009/10/31 08:15:29 | 00,000,924 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/22 18:06:51 | 00,000,075 | ---- | M] () -- C:\Windows\s01on
[2009/10/21 03:40:08 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/21 01:19:16 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2009/11/17 17:33:01 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/11/17 17:33:01 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/17 17:33:01 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/11/17 17:33:00 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/11/17 17:17:45 | 00,028,908 | ---- | C] () -- C:\cc_20091117_171730.reg
[2009/11/17 17:17:08 | 00,000,082 | ---- | C] () -- C:\Users\John\Documents\cc_20091117_171701.reg
[2009/11/16 19:25:28 | 41,473,3532 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/16 19:12:51 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/16 19:12:51 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/16 19:12:51 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/16 19:12:51 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/16 19:12:51 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/15 17:10:04 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{327160c4-d244-11de-9cff-0021851a8ee2}.TMContainer00000000000000000002.regtrans-ms
[2009/11/15 17:10:04 | 00,524,288 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{327160c4-d244-11de-9cff-0021851a8ee2}.TMContainer00000000000000000001.regtrans-ms
[2009/11/15 17:10:04 | 00,065,536 | -HS- | C] () -- C:\Users\John\NTUSER.DAT{327160c4-d244-11de-9cff-0021851a8ee2}.TM.blf
[2009/11/15 17:05:35 | 00,001,809 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2009/11/15 16:53:11 | 03,565,123 | R--- | C] () -- C:\Users\John\Desktop\Combo-Fixer.exe
[2009/11/15 12:59:10 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/15 12:58:52 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/15 11:58:17 | 00,001,670 | ---- | C] () -- C:\Users\John\Desktop\CCleaner.lnk
[2009/11/14 23:58:51 | 00,001,055 | ---- | C] () -- C:\Users\John\Desktop\Spybot - Search & Destroy.lnk
[2009/11/13 09:11:13 | 00,001,874 | ---- | C] () -- C:\Users\John\Desktop\HijackThis.lnk
[2009/11/13 09:08:49 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/12 03:18:02 | 02,948,484 | -H-- | C] () -- C:\Users\John\AppData\Local\IconCache.db
[2009/11/11 19:04:51 | 00,189,184 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/11/09 22:19:01 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/09 19:15:16 | 00,000,124 | ---- | C] () -- C:\Users\Public\Desktop\ZEN Media Explorer.lnk
[2009/11/08 14:16:47 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/08 03:04:03 | 00,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/01 15:31:19 | 00,262,188 | ---- | C] () -- C:\Users\John\Desktop\81136 copy.tga
[2009/11/01 15:17:52 | 00,794,876 | ---- | C] () -- C:\Users\John\Desktop\81136.psd
[2009/10/21 17:11:25 | 00,000,075 | ---- | C] () -- C:\Windows\s01on
[2009/10/20 03:39:43 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/10/20 03:39:41 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/10/20 03:39:35 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/10/20 03:39:32 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 03:39:31 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 03:39:29 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/10/20 03:39:28 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/10/20 03:39:25 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/10/20 03:39:14 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/10/20 03:39:12 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/10/20 03:38:43 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/10/20 03:38:40 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/10/15 17:59:53 | 00,022,328 | ---- | C] () -- C:\Users\John\AppData\Roaming\PnkBstrK.sys
[2009/10/15 17:06:26 | 00,138,064 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/10/08 16:23:31 | 00,001,590 | ---- | C] () -- C:\Windows\irremote.ini
[2009/10/08 16:22:36 | 00,000,430 | ---- | C] () -- C:\Windows\{1F721BB3-3E11-469C-97A3-6B2BEC758F37}_WiseFW.ini
[2009/10/05 04:37:13 | 00,018,944 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/05 02:06:40 | 00,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/10/03 14:59:01 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/03 14:51:53 | 00,000,079 | ---- | C] () -- C:\Windows\EPNX510.ini
[2009/10/03 10:10:23 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/03 06:34:14 | 00,099,864 | ---- | C] () -- C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/03 06:33:35 | 00,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2009/08/07 18:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 05:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/21 18:50:34 | 00,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2002/10/11 16:21:46 | 00,024,576 | R--- | C] () -- C:\Windows\System32\FixP4.dll
[2002/08/26 21:05:44 | 00,045,056 | R--- | C] () -- C:\Windows\System32\ksProptyUtl.dll
[1999/05/26 19:13:14 | 00,160,256 | ---- | C] () -- C:\Windows\System32\Mase32.dll
[1999/05/26 19:12:28 | 00,060,928 | ---- | C] () -- C:\Windows\System32\Ma32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:6108D5DF
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 19 November 2009 - 08:26 AM

I also need to see the Gmer log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 19 November 2009 - 08:27 AM

Im working on that one. i left it to run last night as it seemed to have taken 2hrs+ and foun this morning that the pc had booted last night. I am currently running it as we speak.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 19 November 2009 - 08:45 AM

Ok, no problem. Just post when you have it. :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 19 November 2009 - 08:47 AM

will do, my fear is that it may be causing the pc to reboot before it completes the scan, similar to what combo fix was doing.

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 19 November 2009 - 07:17 PM

Were you able to get a log from Gmer?

Please download and run Win32kDiag:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 19 November 2009 - 10:49 PM

I did, it worked this time!

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-19 20:47:49
Windows 6.0.6002 Service Pack 2
Running: rsffywug.exe; Driver: C:\Users\John\AppData\Local\Temp\awlcapow.sys


---- System - GMER 1.0.15 ----

SSDT 87F38C68 ZwAlertResumeThread
SSDT 87F38D48 ZwAlertThread
SSDT 87F2BD58 ZwAllocateVirtualMemory
SSDT 87E9A4D8 ZwConnectPort
SSDT 87F389B8 ZwCreateMutant
SSDT 87F2BF28 ZwCreateThread
SSDT 87F2BB78 ZwFreeVirtualMemory
SSDT 87F38AA8 ZwImpersonateAnonymousToken
SSDT 87F38B88 ZwImpersonateThread
SSDT 87F2B680 ZwMapViewOfSection
SSDT 87F388D8 ZwOpenEvent
SSDT 87F2BE48 ZwOpenProcessToken
SSDT 87F2B3C0 ZwOpenThreadToken
SSDT 87F47150 ZwResumeThread
SSDT 87F2B2E0 ZwSetContextThread
SSDT 87F2B4B0 ZwSetInformationProcess
SSDT 87F2B1F0 ZwSetInformationThread
SSDT 87F387F8 ZwSuspendProcess
SSDT 87F38E90 ZwSuspendThread
SSDT 87F39BE8 ZwTerminateProcess
SSDT 87F38F70 ZwTerminateThread
SSDT 87F2B5A0 ZwUnmapViewOfSection
SSDT 87F2BC68 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820E6860 8 Bytes [68, 8C, F3, 87, 48, 8D, F3, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820E6874 4 Bytes [58, BD, F2, 87]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820E6904 4 Bytes [D8, A4, E9, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820E6938 4 Bytes [B8, 89, F3, 87]
.text ntkrnlpa.exe!KeSetEvent + 221 820E6964 4 Bytes [28, BF, F2, 87]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Program Files\Microsoft Windows 7 Upgrade Advisor 0 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\aeinv.dll 310032 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\aeinventory.exe 33552 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\Compressor 0 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\Compressor\Cabtech.dll 91408 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\Compressor\Compressor.exe 65296 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\DetectHAV.sys 14096 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\drvmain.sdb 150872 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\en 0 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\en\WindowsUpgradeAdvisor.resources.dll 278528 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\EULA.RTF 161760 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\HAVTool.exe 35600 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\install_notes.txt 410 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\Microsoft.WUA.Data.dll 215824 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\QueryAppBlock.exe 101648 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\sysmain32.sdb 3875608 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\sysmain64.sdb 109058 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\sysspecdata.dll 61712 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\Transporter.dll 35600 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe 502544 bytes executable
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\WindowsUpgradeAdvisor.exe.config 151 bytes
File C:\Program Files\Microsoft Windows 7 Upgrade Advisor\winsat.exe 3199248 bytes executable

---- EOF - GMER 1.0.15 ----

#14 jjphcross

jjphcross
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 20 November 2009 - 12:17 AM

win32diag
Running from: C:\Users\John\Desktop\Win32kDiag.exe

Log file at : C:\Users\John\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-18 21:58:08 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-18 21:57:33 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-18 21:57:50 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-18 21:57:50 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()





Finished!

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:49 PM

Posted 20 November 2009 - 06:38 AM

Aside from the blue screen when running Combofix, what issues are you having now?
Are you still being redirected?

Also OTL should have created a separate log called extra.txt
Please post that log for me.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users