Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"302 moved" redirect bug


  • This topic is locked This topic is locked
16 replies to this topic

#1 myeasybucks

myeasybucks

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 22 December 2009 - 08:37 PM

I downloaded the "security tool" malware the other day, [DUH!!!]found your forum and successfully(?) removed "security tool" using rkill and MBAM. Now when I do a Google search I get a page that says "302 moved the document has moved here" the word "here" is hyperlinked, when I click it goes to a fake lookin google page aking me to fill in a "captcha" type thingy to prove I'm human. Yahoo search shows results but they all lead to unrelated garbage sites.
I realize it's the holidays and all. This is not an emergency situation. Two other computers in the house are not affected. I'll be patient.
Here are the required logs.


DDS (Ver_09-12-01.01) - NTFSx86
Run by ClaudeandValerie at 18:35:22.60 on Tue 12/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.206 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Airlink101\AWLL5025\WLService.exe
C:\Program Files\Airlink101\AWLL5025\AWLL5025.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\rsmsink.exe
C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page =

hxxp://us.ard.yahoo.com/SIG=12kem247e/M=251521.4171885.5377190.4064603/D=groups/S=1705000001:HEADR/Y=YAHOO/EXP=1128197379/A=1859317/R=1/SIG=1

1nl12oj3/*http://us.rd.yahoo.com/evt=31329/*http://my.yahoo.com
uDefault_Page_URL = hxxp://start.earthlink.net/
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uWindow Title = Copper.net Internet Explorer
uSearch Bar = hxxp://home.peoplepc.com/search
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://home.peoplepc.com/search
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [uoltray] c:\program files\netzero\exec.exe regrun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Opumajo] rundll32.exe "c:\windows\uvikejupe.dll",Startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: Display All Images with Full Quality - c:\program files\juno\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\juno\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {0A9F8624-4221-4508-9636-69ABD753695A} - c:\program files\popupbuster\popupbuster.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} - hxxp://office.microsoft.com/productupdates/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261341797434
DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.140/code/PWActiveXImgCtl.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261341703528
DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - hxxp://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} - hxxp://directv.direcway.com/dwayready/dpcsysinfo.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://pcpitstop.com/mhLbl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37807.2961458333
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} - hxxp://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: WIKI.DLL
LSA: Notification Packages = scecli scecli
Hosts: 78.159.110.56 www.google.com
Hosts: 78.159.110.56 www.google.de
Hosts: 78.159.110.56 www.google.fr
Hosts: 78.159.110.56 www.google.co.uk
Hosts: 78.159.110.56 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\claude~1\applic~1\mozilla\firefox\profiles\13xsgci0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.peoplestring.com/
FF - component: c:\documents and settings\claudeandvalerie\application

data\mozilla\firefox\profiles\13xsgci0.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\claudeandvalerie\application

data\mozilla\firefox\profiles\13xsgci0.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}\components\RadioWMPCore.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-20 114768]
R2 Airlink101 USB XR Adapter WLService;Airlink101 USB XR Adapter WLService;c:\program files\airlink101\awll5025\WLService.exe [2006-7-4

49152]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-20 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-12-20 138680]
R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2006-7-4 19968]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-12-20 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-20 352920]

=============== Created Last 30 ================

2009-12-22 13:02:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 13:02:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 13:02:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-21 22:10:58 0 d-----w- c:\docume~1\claude~1\applic~1\Malwarebytes
2009-12-21 22:10:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-21 19:47:20 0 ----a-w- c:\windows\Qteyi.bin
2009-12-21 19:47:17 120 ----a-w- c:\windows\Ndepamujumuqobo.dat
2009-12-21 03:40:18 0 d-----w- c:\program files\Quick Tab Change
2009-12-21 02:55:40 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-21 02:49:36 0 d-sh--w- c:\documents and settings\claudeandvalerie\PrivacIE
2009-12-21 02:41:39 0 d-sh--w- c:\documents and settings\claudeandvalerie\IETldCache
2009-12-21 02:38:33 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-21 02:38:30 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-21 02:38:30 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-21 02:38:29 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-21 02:38:28 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-21 02:38:23 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-21 02:38:17 0 d-----w- c:\windows\ie8updates
2009-12-21 02:36:38 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-21 02:33:36 0 dc-h--w- c:\windows\ie8
2009-12-21 01:37:58 0 d-----w- c:\windows\system32\scripting
2009-12-21 01:37:43 0 d-----w- c:\windows\l2schemas
2009-12-21 01:37:39 0 d-----w- c:\windows\system32\en
2009-12-20 23:26:54 0 d-----w- c:\windows\network diagnostic
2009-12-20 23:20:45 239616 ----a-w- c:\windows\system32\wstrenderer.ax
2009-12-20 23:20:43 677888 ----a-w- c:\windows\system32\mstsc.exe
2009-12-20 23:20:42 28672 ----a-w- c:\windows\system32\verclsid.exe
2009-12-20 23:20:42 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-12-20 23:20:42 118272 ----a-w- c:\windows\system32\mpeg2data.ax
2009-12-20 23:20:32 164352 ----a-w- c:\windows\system32\wstpager.ax
2009-12-20 23:20:28 10752 ----a-w- c:\windows\system32\smtpapi.dll
2009-12-20 23:20:24 9728 ----a-w- c:\windows\system32\comsdupd.exe
2009-12-20 23:20:16 9728 ----a-w- c:\windows\system32\rwnh.dll
2009-12-20 23:20:12 12800 ----a-w- c:\windows\system32\spiisupd.exe
2009-12-20 23:20:06 32768 ----a-w- c:\windows\system32\asr_pfu.exe
2009-12-20 23:18:58 7680 ----a-w- c:\windows\system32\kbdsmsfi.dll
2009-12-20 23:17:44 2775842 ----a-w- c:\windows\system32\wbem\cimwin32.mof
2009-12-20 23:16:59 8704 ----a-w- c:\windows\system32\fxsperf.dll
2009-12-20 21:51:33 276992 ------w- c:\windows\system32\wmphoto.dll
2009-12-20 21:51:20 69120 ------w- c:\windows\system32\wlanapi.dll
2009-12-20 21:51:04 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-12-20 21:51:03 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-12-20 21:50:44 53248 ------w- c:\windows\system32\tsgqec.dll
2009-12-20 21:50:44 50688 ------w- c:\windows\system32\tspkg.dll
2009-12-20 21:50:15 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-12-20 21:50:14 32768 ------w- c:\windows\system32\setupn.exe
2009-12-20 21:50:05 290304 ------w- c:\windows\system32\rhttpaa.dll
2009-12-20 21:50:02 61952 ------w- c:\windows\system32\rasqec.dll
2009-12-20 21:50:00 76800 ------w- c:\windows\system32\qutil.dll
2009-12-20 21:48:20 33792 ------w- c:\windows\system32\mmcperf.exe
2009-12-20 21:48:19 397312 ------w- c:\windows\system32\mmcex.dll
2009-12-20 21:48:19 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-12-20 21:48:19 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-12-20 21:47:47 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-12-20 21:47:44 61440 ------w- c:\windows\system32\kmsvc.dll
2009-12-20 21:47:42 6144 ------w- c:\windows\system32\kbdpash.dll
2009-12-20 21:47:42 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-12-20 21:47:42 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-12-20 21:47:41 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-12-20 21:47:07 974 ------w- c:\windows\system32\pid.inf
2009-12-20 21:45:45 7168 ------w- c:\windows\system32\bitsprx4.dll
2009-12-20 21:45:44 233472 ------w- c:\windows\system32\azroles.dll
2009-12-20 21:45:20 136192 ------w- c:\windows\system32\aaclient.dll
2009-12-20 21:04:23 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-20 20:59:44 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-20 20:59:41 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-20 20:59:36 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-20 20:59:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-20 20:59:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-20 20:58:45 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-20 20:55:43 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-20 20:53:21 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-20 20:53:06 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-20 20:52:45 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-20 20:52:44 1203922 ------w- c:\windows\system32\dllcache\sysmain.sdb
2009-12-20 20:52:42 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-20 20:42:08 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-20 20:42:02 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-12-20 20:41:59 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-12-20 20:41:59 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-12-20 20:41:59 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-29 05:38:22 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll

============= FINISH: 18:36:10.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 24 December 2009 - 12:54 AM

UPDATE okay this thing appears to be progressing. It has now taken over my address bar. I typed in Bleepingcomputer.com and got a page stating you're for sale. When I closed FireFox the shutdown icons appeared on the desktop without my request to shutdown. I put it into hibernation instead. I won't touch it again until I here from someone in here. Unless I decide to just just write zeros to the disc and start with a clean install of XP PRO.
If you need new scans I'll try to run them when I here from you.

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:37 AM

Posted 04 January 2010 - 11:54 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 January 2010 - 01:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

> No problem at all Myrti, I understand.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

>This machine was in storage for over two years. I finally unpacked it and set it up just 2 or 3 days prior to getting infected with "Security tool". Naturally I had to download XP SP3 when I first turned it on. I just realized that will probably give you A LOT to sift through. Sorry about that. I put this machine into hibernation immediately after my last post here and haven't touched it again until now. Info from 1st two posts is up to date. I hope that satisfies this request.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

>Ok. I assume this includes Avast on access protection. I have shut it off.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

1. Please download OTL from following mirror:
* This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. Push the button.
6. Two reports will open, copy and paste them in a reply here:
* OTL.txt <-- Will be opened

>OTL logfile created on: 1/5/2010 11:55:12 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 16.85 Gb Free Space | 60.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CVR1
Current User Name: ClaudeandValerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/05 11:53:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads\OTL.exe
PRC - [2009/12/02 08:17:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/24 17:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/01/02 15:12:32 | 00,207,226 | ---- | M] () -- C:\Program Files\Quick Tab Change\Quick Tab Change.exe
PRC - [2008/04/13 18:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\snmp.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/09/29 10:16:50 | 00,827,392 | ---- | M] () -- C:\Program Files\Airlink101\AWLL5025\AWLL5025.exe
PRC - [2004/03/29 15:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Airlink101\AWLL5025\WLService.exe
PRC - [2004/02/10 10:51:30 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\hkcmd.exe
PRC - [2003/07/18 18:29:01 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2002/12/17 11:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/08/29 04:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
PRC - [2002/08/29 04:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\CIDAEMON.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/05 11:53:31 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 18:12:08 | 00,165,376 | ---- | M] () -- C:\WINDOWS\uvikejupe.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 17:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 17:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 17:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 17:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/04/13 18:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\snmp.exe -- (SNMP)
SRV - [2004/03/29 15:08:16 | 00,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Airlink101\AWLL5025\WLService.exe -- (Airlink101 USB XR Adapter WLService)
SRV - [2002/08/29 04:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 17:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2)
DRV - [2009/11/24 17:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP)
DRV - [2009/11/24 17:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 17:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 17:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr)
DRV - [2009/11/24 17:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 12:45:32 | 00,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\gckernel.sys -- (GcKernel)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2006/07/04 07:48:59 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/10/18 14:39:38 | 00,242,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73) Airlink101 USB XR Adapter Driver (RT73)
DRV - [2005/06/17 12:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)
DRV - [2004/08/03 23:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 23:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 23:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 23:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 23:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 23:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 23:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 23:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 23:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/03 23:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/02/10 11:17:06 | 00,681,469 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2003/10/08 10:12:24 | 00,120,830 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS)
DRV - [2003/10/08 10:12:16 | 00,098,842 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH)
DRV - [2003/06/26 23:09:26 | 00,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/06/26 23:09:26 | 00,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys -- (pwd_2k)
DRV - [2003/06/26 23:09:26 | 00,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/06/26 23:09:26 | 00,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/01/15 13:45:06 | 00,042,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/12/19 16:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2002/12/17 11:32:58 | 00,061,424 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2002/12/17 11:32:46 | 00,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/12/17 11:27:32 | 00,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/10/29 15:38:10 | 00,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/29 15:37:36 | 01,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/29 15:31:28 | 00,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/10/07 08:29:48 | 00,011,027 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2002/08/29 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/08/29 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM)
DRV - [2002/07/19 09:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/05/13 17:59:20 | 00,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:02:50 | 00,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://start.earthlink.net/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://start.earthlink.net/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
IE - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.ard.yahoo.com/SIG=12kem247e/M=25...://my.yahoo.com
IE - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\S-1-5-21-4106144296-1916765863-1144734290-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.peoplestring.com/"
FF - prefs.js..extensions.enabledItems: {0ed0633c-a54d-47f1-94e7-5bded41ae674}:2.5.2.13

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 21:17:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 21:16:45 | 00,000,000 | ---D | M]

[2009/12/20 21:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Extensions
[2010/01/05 11:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Firefox\Profiles\13xsgci0.default\extensions
[2009/12/20 23:32:54 | 00,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Firefox\Profiles\13xsgci0.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2009/12/20 21:16:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (1523 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 78.159.110.56 www.google.com
O1 - Hosts: 78.159.110.56 www.google.de
O1 - Hosts: 78.159.110.56 www.google.fr
O1 - Hosts: 78.159.110.56 www.google.co.uk
O1 - Hosts: 78.159.110.56 www.google.com.br
O1 - Hosts: 78.159.110.56 www.google.it
O1 - Hosts: 78.159.110.56 www.google.es
O1 - Hosts: 78.159.110.56 www.google.co.jp
O1 - Hosts: 78.159.110.56 www.google.com.mx
O1 - Hosts: 78.159.110.56 www.google.ca
O1 - Hosts: 78.159.110.56 www.google.com.au
O1 - Hosts: 78.159.110.56 www.google.nl
O1 - Hosts: 78.159.110.56 www.google.co.za
O1 - Hosts: 78.159.110.56 www.google.be
O1 - Hosts: 78.159.110.56 www.google.gr
O1 - Hosts: 78.159.110.56 www.google.at
O1 - Hosts: 78.159.110.56 www.google.se
O1 - Hosts: 78.159.110.56 www.google.ch
O1 - Hosts: 78.159.110.56 www.google.pt
O1 - Hosts: 78.159.110.56 www.google.dk
O1 - Hosts: 78.159.110.56 www.google.fi
O1 - Hosts: 78.159.110.56 www.google.ie
O1 - Hosts: 78.159.110.56 www.google.no
O1 - Hosts: 78.159.110.56 search.yahoo.com
O1 - Hosts: 2 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Opumajo] C:\WINDOWS\uvikejupe.DLL ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005..\Run: [uoltray] C:\Program Files\NetZero\exec.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (KMGI)
O9 - Extra 'Tools' menuitem : Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (KMGI)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1261341797434 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1261341703528 (MUWebControl Class)
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab (Reg Error: Key error.)
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} http://directv.direcway.com/dwayready/dpcsysinfo.cab (SystemInfo Class)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7807.2961458333 (Reg Error: Key error.)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.net/checkmypc/includes/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} http://officeupdate.microsoft.com/Template...nloads/outc.cab (Microsoft Office Tools on the Web Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - https://my.compassweb.com/i/cbr/cbr-header1.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/22 07:02:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/22 07:02:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/22 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 16:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ClaudeandValerie\Application Data\Malwarebytes
[2009/12/21 16:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/20 21:40:18 | 00,000,000 | ---D | C] -- C:\Program Files\Quick Tab Change
[2009/12/20 21:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads
[2009/12/20 21:17:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\Mozilla
[2009/12/20 21:16:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/12/20 20:56:08 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/20 20:56:07 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/20 20:56:07 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/20 20:56:04 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/20 20:56:03 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/20 20:56:03 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/20 20:56:03 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/20 20:56:03 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/20 20:55:40 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/20 20:55:40 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/12/20 20:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/20 20:49:36 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ClaudeandValerie\PrivacIE
[2009/12/20 20:45:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/12/20 20:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/20 20:44:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/20 20:44:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/20 20:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/20 20:41:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ClaudeandValerie\IETldCache
[2009/12/20 20:38:30 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/20 20:38:30 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/20 20:38:29 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/20 20:38:23 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/20 20:38:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/20 20:35:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/20 20:33:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/20 20:23:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/20 19:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/12/20 19:37:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/12/20 19:37:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/12/20 19:37:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/12/20 18:55:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/20 17:26:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/12/20 17:20:43 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/12/20 17:20:42 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/20 17:20:42 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/12/20 17:20:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/12/20 17:20:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/12/20 17:20:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/12/20 17:20:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2009/12/20 17:20:06 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2009/12/20 17:19:57 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/12/20 17:19:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009/12/20 17:19:55 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2009/12/20 17:19:55 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl
[2009/12/20 17:19:55 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
[2009/12/20 17:19:55 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/12/20 17:19:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2009/12/20 17:19:52 | 00,199,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iac25_32.ax
[2009/12/20 17:19:52 | 00,120,320 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qc.dll
[2009/12/20 17:19:51 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/12/20 17:19:50 | 00,154,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ivfsrc.ax
[2009/12/20 17:19:50 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprpres.dll
[2009/12/20 17:19:48 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/12/20 17:19:46 | 00,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2009/12/20 17:19:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/12/20 17:19:43 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/12/20 17:19:41 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2009/12/20 17:19:41 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/12/20 17:19:40 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2009/12/20 17:19:37 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/12/20 17:19:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2009/12/20 17:19:36 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msftedit.dll
[2009/12/20 17:19:36 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2009/12/20 17:19:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/12/20 17:19:35 | 00,338,432 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qcx.dll
[2009/12/20 17:19:35 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
[2009/12/20 17:19:35 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/12/20 17:19:34 | 00,183,808 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qcx.dll
[2009/12/20 17:19:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2009/12/20 17:19:33 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/12/20 17:19:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2009/12/20 17:19:32 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sbeio.dll
[2009/12/20 17:19:28 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/12/20 17:19:28 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/12/20 17:19:27 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/12/20 17:19:26 | 00,755,200 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir50_32.dll
[2009/12/20 17:19:26 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
[2009/12/20 17:19:25 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2009/12/20 17:19:23 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009/12/20 17:19:22 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/12/20 17:19:22 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2009/12/20 17:19:21 | 01,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2009/12/20 17:19:20 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssap.dll
[2009/12/20 17:19:18 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/12/20 17:19:17 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/12/20 17:19:16 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
[2009/12/20 17:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2009/12/20 17:19:15 | 01,647,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winbrand.dll
[2009/12/20 17:19:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009/12/20 17:19:14 | 00,848,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir41_32.ax
[2009/12/20 17:19:14 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2009/12/20 17:19:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2009/12/20 17:19:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2009/12/20 17:19:04 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2009/12/20 17:19:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2009/12/20 17:19:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009/12/20 17:19:02 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/12/20 17:19:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
[2009/12/20 17:19:00 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/12/20 17:19:00 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2009/12/20 17:18:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2009/12/20 17:18:57 | 00,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1res.dll
[2009/12/20 17:18:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/12/20 17:18:55 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2009/12/20 17:18:54 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/12/20 17:18:53 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/12/20 17:18:52 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/12/20 17:18:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi.dll
[2009/12/20 17:18:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2009/12/20 17:18:46 | 00,200,192 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qc.dll
[2009/12/20 17:18:46 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
[2009/12/20 17:18:46 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/12/20 17:18:45 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/12/20 17:18:45 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2009/12/20 17:18:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2009/12/20 17:18:44 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/12/20 17:18:44 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009/12/20 17:18:42 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2009/12/20 17:18:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2009/12/20 17:18:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2009/12/20 17:18:34 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2009/12/20 17:18:34 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/12/20 17:18:34 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/12/20 17:18:34 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/12/20 17:18:34 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/12/20 17:18:34 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/12/20 17:18:34 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/12/20 17:18:34 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/12/20 17:18:33 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/12/20 17:18:33 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/12/20 17:18:33 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/12/20 17:18:33 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/12/20 17:18:33 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/12/20 17:18:33 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/12/20 17:18:33 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/12/20 17:18:33 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/12/20 17:18:32 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/12/20 17:18:32 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/12/20 17:18:32 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/12/20 17:18:32 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/12/20 17:18:32 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/12/20 17:18:32 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/12/20 17:18:31 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/12/20 17:18:30 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009/12/20 17:18:29 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpcdll.dll
[2009/12/20 17:18:29 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pidgen.dll
[2009/12/20 17:18:25 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/12/20 17:18:23 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/12/20 17:18:22 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgr.dll
[2009/12/20 17:18:22 | 00,163,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwrdr.sys
[2009/12/20 17:18:22 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bootcfg.exe
[2009/12/20 17:18:22 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fde.dll
[2009/12/20 17:18:22 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnw.dll
[2009/12/20 17:18:22 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventtriggers.exe
[2009/12/20 17:18:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fdeploy.dll
[2009/12/20 17:18:22 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe
[2009/12/20 17:18:22 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cipher.exe
[2009/12/20 17:18:22 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe
[2009/12/20 17:18:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_fmt.exe
[2009/12/20 17:18:22 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\efsadu.dll
[2009/12/20 17:18:21 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpedit.dll
[2009/12/20 17:18:21 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gptext.dll
[2009/12/20 17:18:21 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe
[2009/12/20 17:18:21 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mqlogmgr.dll
[2009/12/20 17:18:21 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe
[2009/12/20 17:18:21 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2009/12/20 17:18:20 | 01,200,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2009/12/20 17:18:20 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2009/12/20 17:18:20 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe
[2009/12/20 17:18:20 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009/12/20 17:18:20 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe
[2009/12/20 17:18:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2009/12/20 17:18:20 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2009/12/20 17:18:20 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll
[2009/12/20 17:18:20 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwapi32.dll
[2009/12/20 17:18:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2009/12/20 17:18:19 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsecedit.dll
[2009/12/20 17:18:19 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe
[2009/12/20 17:18:19 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2009/12/20 17:18:19 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe
[2009/12/20 17:18:19 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/12/20 17:18:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvrp.dll
[2009/12/20 17:17:32 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2009/12/20 17:17:32 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2009/12/20 17:17:32 | 00,050,688 | ---- | C] (Twain Working Group) -- C:\WINDOWS\twain_32.dll
[2009/12/20 17:17:29 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\activeds.dll
[2009/12/20 17:17:29 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/12/20 17:17:29 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aclui.dll
[2009/12/20 17:17:29 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
[2009/12/20 17:17:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/12/20 17:17:29 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/12/20 17:17:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2009/12/20 17:17:28 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnt.dll
[2009/12/20 17:17:28 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldp.dll
[2009/12/20 17:17:28 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldpc.dll
[2009/12/20 17:17:28 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/12/20 17:17:28 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2009/12/20 17:17:28 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsmsext.dll
[2009/12/20 17:17:27 | 00,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2009/12/20 17:17:27 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asctrls.ocx
[2009/12/20 17:17:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2009/12/20 17:17:27 | 00,030,208 | ---- | C] (Adobe Systems) -- C:\WINDOWS\System32\atmlib.dll
[2009/12/20 17:17:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2009/12/20 17:17:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2009/12/20 17:17:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2009/12/20 17:17:26 | 00,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autofmt.exe
[2009/12/20 17:17:25 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/12/20 17:17:25 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browselc.dll
[2009/12/20 17:17:25 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\basesrv.dll
[2009/12/20 17:17:25 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batmeter.dll
[2009/12/20 17:17:25 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2009/12/20 17:17:25 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bidispl.dll
[2009/12/20 17:17:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autolfn.exe
[2009/12/20 17:17:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/12/20 17:17:24 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/12/20 17:17:24 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/12/20 17:17:24 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capesnpn.dll
[2009/12/20 17:17:24 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/12/20 17:17:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browsewm.dll
[2009/12/20 17:17:24 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cabinet.dll
[2009/12/20 17:17:24 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\camocx.dll
[2009/12/20 17:17:23 | 02,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdosys.dll
[2009/12/20 17:17:22 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certmgr.dll
[2009/12/20 17:17:22 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certcli.dll
[2009/12/20 17:17:22 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cic.dll
[2009/12/20 17:17:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/12/20 17:17:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ciodm.dll
[2009/12/20 17:17:22 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/12/20 17:17:22 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgmgr32.dll
[2009/12/20 17:17:21 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdial32.dll
[2009/12/20 17:17:21 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/12/20 17:17:21 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.dll
[2009/12/20 17:17:21 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2009/12/20 17:17:21 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clusapi.dll
[2009/12/20 17:17:21 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2009/12/20 17:17:21 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2009/12/20 17:17:21 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmcfg32.dll
[2009/12/20 17:17:20 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\compstui.dll
[2009/12/20 17:17:20 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/12/20 17:17:20 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/12/20 17:17:20 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2009/12/20 17:17:20 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/12/20 17:17:20 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnbjmon.dll
[2009/12/20 17:17:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2009/12/20 17:17:20 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmutil.dll
[2009/12/20 17:17:20 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/12/20 17:17:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2009/12/20 17:17:19 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/12/20 17:17:19 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/12/20 17:17:18 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/12/20 17:17:18 | 00,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\confmsp.dll
[2009/12/20 17:17:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credui.dll
[2009/12/20 17:17:18 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2009/12/20 17:17:18 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/12/20 17:17:17 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2009/12/20 17:17:17 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdlg.dll
[2009/12/20 17:17:17 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdll.dll
[2009/12/20 17:17:16 | 01,179,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8.dll
[2009/12/20 17:17:16 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll
[2009/12/20 17:17:16 | 00,824,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dim700.dll
[2009/12/20 17:17:16 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8thk.dll
[2009/12/20 17:17:15 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dataclen.dll
[2009/12/20 17:17:14 | 00,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbghelp.dll
[2009/12/20 17:17:14 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddraw.dll
[2009/12/20 17:17:14 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\datime.dll
[2009/12/20 17:17:14 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\daxctle.ocx
[2009/12/20 17:17:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnetlib.dll
[2009/12/20 17:17:14 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2009/12/20 17:17:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnmpntw.dll
[2009/12/20 17:17:14 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\davclnt.dll
[2009/12/20 17:17:14 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsrpcn.dll
[2009/12/20 17:17:14 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dciman32.dll
[2009/12/20 17:17:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/12/20 17:17:13 | 00,379,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpmon.dll
[2009/12/20 17:17:13 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devmgr.dll
[2009/12/20 17:17:13 | 00,124,416 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgui.dll
[2009/12/20 17:17:13 | 00,111,104 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dgnet.dll
[2009/12/20 17:17:13 | 00,105,472 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2009/12/20 17:17:13 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2009/12/20 17:17:13 | 00,082,944 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2009/12/20 17:17:13 | 00,039,424 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgsnap.dll
[2009/12/20 17:17:13 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddrawex.dll
[2009/12/20 17:17:13 | 00,025,088 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2009/12/20 17:17:12 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8.dll
[2009/12/20 17:17:12 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2009/12/20 17:17:12 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput.dll
[2009/12/20 17:17:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmcompos.dll
[2009/12/20 17:17:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dispex.dll
[2009/12/20 17:17:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmband.dll
[2009/12/20 17:17:11 | 00,285,184 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdlgs.dll
[2009/12/20 17:17:11 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdskmgr.dll
[2009/12/20 17:17:11 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmime.dll
[2009/12/20 17:17:11 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmstyle.dll
[2009/12/20 17:17:11 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmsynth.dll
[2009/12/20 17:17:11 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmscript.dll
[2009/12/20 17:17:11 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmloader.dll
[2009/12/20 17:17:11 | 00,015,872 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2009/12/20 17:17:10 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplayx.dll
[2009/12/20 17:17:10 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmusic.dll
[2009/12/20 17:17:10 | 00,052,224 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmutil.dll
[2009/12/20 17:17:10 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2009/12/20 17:17:09 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2009/12/20 17:17:09 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhupnp.dll
[2009/12/20 17:17:09 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhpast.dll
[2009/12/20 17:17:09 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpmodemx.dll
[2009/12/20 17:17:09 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnaddr.dll
[2009/12/20 17:17:08 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvoice.dll
[2009/12/20 17:17:08 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2009/12/20 17:17:08 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvacm.dll
[2009/12/20 17:17:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2009/12/20 17:17:08 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnlobby.dll
[2009/12/20 17:17:07 | 00,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound.dll
[2009/12/20 17:17:07 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmo.dll
[2009/12/20 17:17:07 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvvox.dll
[2009/12/20 17:17:07 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dskquota.dll
[2009/12/20 17:17:07 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmoprp.dll
[2009/12/20 17:17:07 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpwsockx.dll
[2009/12/20 17:17:07 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ds32gt.dll
[2009/12/20 17:17:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drprov.dll
[2009/12/20 17:17:06 | 01,293,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound3d.dll
[2009/12/20 17:17:06 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprop.dll
[2009/12/20 17:17:06 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dssenh.dll
[2009/12/20 17:17:06 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dswave.dll
[2009/12/20 17:17:05 | 00,304,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\duser.dll
[2009/12/20 17:17:04 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx8vb.dll
[2009/12/20 17:17:04 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx7vb.dll
[2009/12/20 17:17:04 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2009/12/20 17:17:04 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2009/12/20 17:17:03 | 01,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2009/12/20 17:17:03 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/12/20 17:17:03 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/12/20 17:17:03 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\els.dll
[2009/12/20 17:17:02 | 01,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2009/12/20 17:17:02 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2009/12/20 17:17:02 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[2009/12/20 17:17:01 | 00,380,445 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\expsrv.dll
[2009/12/20 17:17:01 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\filemgmt.dll
[2009/12/20 17:17:01 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exts.dll
[2009/12/20 17:17:01 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll
[2009/12/20 17:17:01 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe
[2009/12/20 17:17:01 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faultrep.dll
[2009/12/20 17:17:01 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2009/12/20 17:17:01 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe
[2009/12/20 17:17:01 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\feclient.dll
[2009/12/20 17:17:00 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2009/12/20 17:17:00 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fldrclnr.dll
[2009/12/20 17:17:00 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/12/20 17:17:00 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2009/12/20 17:17:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2009/12/20 17:17:00 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framebuf.dll
[2009/12/20 17:17:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2009/12/20 17:16:59 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2009/12/20 17:16:59 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2009/12/20 17:16:59 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2009/12/20 17:16:59 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2009/12/20 17:16:59 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2009/12/20 17:16:59 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2009/12/20 17:16:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2009/12/20 17:16:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2009/12/20 17:16:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2009/12/20 17:16:59 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2009/12/20 17:16:59 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2009/12/20 17:16:58 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2009/12/20 17:16:58 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2009/12/20 17:16:58 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2009/12/20 17:16:58 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2009/12/20 17:16:58 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2009/12/20 17:16:57 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323msp.dll
[2009/12/20 17:16:57 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323.tsp
[2009/12/20 17:16:57 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\glu32.dll
[2009/12/20 17:16:57 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009/12/20 17:16:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpkrsrc.dll
[2009/12/20 17:16:56 | 00,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhctrl.ocx
[2009/12/20 17:16:56 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetcfg.dll
[2009/12/20 17:16:56 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hdwwiz.cpl
[2009/12/20 17:16:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlink.dll
[2009/12/20 17:16:56 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhsetup.dll
[2009/12/20 17:16:56 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidphone.tsp
[2009/12/20 17:16:56 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hid.dll
[2009/12/20 17:16:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2009/12/20 17:16:55 | 00,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetwiz.dll
[2009/12/20 17:16:54 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hotplug.dll
[2009/12/20 17:16:54 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\htui.dll
[2009/12/20 17:16:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll
[2009/12/20 17:16:53 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/12/20 17:16:52 | 00,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\i81xdnt5.dll
[2009/12/20 17:16:52 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/12/20 17:16:52 | 00,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icm32.dll
[2009/12/20 17:16:52 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/12/20 17:16:52 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/20 17:16:52 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/20 17:16:52 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ifmon.dll
[2009/12/20 17:16:52 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/12/20 17:16:52 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\idq.dll
[2009/12/20 17:16:52 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasrad.dll
[2009/12/20 17:16:52 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2009/12/20 17:16:52 | 00,080,384 | ---- | C] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2009/12/20 17:16:52 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/12/20 17:16:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/12/20 17:16:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/12/20 17:16:52 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/12/20 17:16:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/12/20 17:16:52 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icmp.dll
[2009/12/20 17:16:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/12/20 17:16:51 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/12/20 17:16:51 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\initpki.dll
[2009/12/20 17:16:51 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\intl.cpl
[2009/12/20 17:16:51 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\input.dll
[2009/12/20 17:16:51 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/12/20 17:16:51 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/12/20 17:16:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetpp.dll
[2009/12/20 17:16:51 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/12/20 17:16:51 | 00,036,921 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imeshare.dll
[2009/12/20 17:16:51 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/12/20 17:16:51 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetmib1.dll
[2009/12/20 17:16:51 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetppui.dll
[2009/12/20 17:16:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\igmpagnt.dll
[2009/12/20 17:16:50 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsmsnap.dll
[2009/12/20 17:16:50 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsecsnp.dll
[2009/12/20 17:16:50 | 00,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ippromon.dll
[2009/12/20 17:16:50 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprtrmgr.dll
[2009/12/20 17:16:50 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipmontr.dll
[2009/12/20 17:16:50 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\itircl.dll
[2009/12/20 17:16:50 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iphlpapi.dll
[2009/12/20 17:16:50 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/12/20 17:16:50 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6mon.dll
[2009/12/20 17:16:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2009/12/20 17:16:50 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ixsso.dll
[2009/12/20 17:16:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2009/12/20 17:16:50 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/12/20 17:16:50 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2009/12/20 17:16:50 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxwan.dll
[2009/12/20 17:16:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconf.tsp
[2009/12/20 17:16:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/12/20 17:16:49 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/20 17:16:49 | 00,423,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licdll.dll
[2009/12/20 17:16:49 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2009/12/20 17:16:49 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\jgdw400.dll
[2009/12/20 17:16:49 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\keymgr.dll
[2009/12/20 17:16:49 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/12/20 17:16:49 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/12/20 17:16:49 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\joy.cpl
[2009/12/20 17:16:49 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/12/20 17:16:49 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/12/20 17:16:49 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/12/20 17:16:49 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/12/20 17:16:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmddsp.tsp
[2009/12/20 17:16:49 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgpl400.dll
[2009/12/20 17:16:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/20 17:16:49 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kd1394.dll
[2009/12/20 17:16:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll
[2009/12/20 17:16:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/12/20 17:16:48 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localsec.dll
[2009/12/20 17:16:48 | 00,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2009/12/20 17:16:48 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdminst.dll
[2009/12/20 17:16:48 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\loadperf.dll
[2009/12/20 17:16:48 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciavi32.dll
[2009/12/20 17:16:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009/12/20 17:16:48 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2009/12/20 17:16:48 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mf3216.dll
[2009/12/20 17:16:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll
[2009/12/20 17:16:48 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciwave.dll
[2009/12/20 17:16:48 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciseq.dll
[2009/12/20 17:16:48 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\linkinfo.dll
[2009/12/20 17:16:48 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mcastmib.dll
[2009/12/20 17:16:48 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localui.dll
[2009/12/20 17:16:48 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprhelp.dll
[2009/12/20 17:16:47 | 01,872,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcndmgr.dll
[2009/12/20 17:16:47 | 01,414,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2009/12/20 17:16:47 | 01,028,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2009/12/20 17:16:47 | 00,981,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2009/12/20 17:16:47 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2009/12/20 17:16:47 | 00,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mlang.dll
[2009/12/20 17:16:47 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcbase.dll
[2009/12/20 17:16:47 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miglibnt.dll
[2009/12/20 17:16:47 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/12/20 17:16:47 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mimefilt.dll
[2009/12/20 17:16:47 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcsubs.dll
[2009/12/20 17:16:47 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/12/20 17:16:46 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.ax
[2009/12/20 17:16:46 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4dmod.dll
[2009/12/20 17:16:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msadds32.ax
[2009/12/20 17:16:46 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\moricons.dll
[2009/12/20 17:16:46 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\modemui.dll
[2009/12/20 17:16:46 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdart.dll
[2009/12/20 17:16:46 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
[2009/12/20 17:16:46 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/12/20 17:16:46 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mprapi.dll
[2009/12/20 17:16:46 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscms.dll
[2009/12/20 17:16:46 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msacm32.dll
[2009/12/20 17:16:46 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/12/20 17:16:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfp.dll
[2009/12/20 17:16:46 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscpxl32.dll
[2009/12/20 17:16:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\more.com
[2009/12/20 17:16:46 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdatsrc.tlb
[2009/12/20 17:16:46 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscpx32r.dll
[2009/12/20 17:16:46 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msafd.dll
[2009/12/20 17:16:45 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/12/20 17:16:45 | 00,518,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch40.dll
[2009/12/20 17:16:45 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/12/20 17:16:45 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/12/20 17:16:45 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/12/20 17:16:43 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/12/20 17:16:43 | 00,997,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgina.dll
[2009/12/20 17:16:43 | 00,326,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl40.dll
[2009/12/20 17:16:42 | 02,843,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
[2009/12/20 17:16:42 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimsg.dll
[2009/12/20 17:16:42 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msihnd.dll
[2009/12/20 17:16:42 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimtf.dll
[2009/12/20 17:16:42 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msident.dll
[2009/12/20 17:16:42 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/12/20 17:16:42 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msisip.dll
[2009/12/20 17:16:42 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msidle.dll
[2009/12/20 17:16:41 | 01,516,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet40.dll
[2009/12/20 17:16:41 | 00,355,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspbde40.dll
[2009/12/20 17:16:41 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/20 17:16:41 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/12/20 17:16:41 | 00,248,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjtes40.dll
[2009/12/20 17:16:41 | 00,219,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus40.dll
[2009/12/20 17:16:41 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint40.dll
[2009/12/20 17:16:41 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msorcl32.dll
[2009/12/20 17:16:41 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/12/20 17:16:41 | 00,060,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter40.dll
[2009/12/20 17:16:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msprivs.dll
[2009/12/20 17:16:41 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspatcha.dll
[2009/12/20 17:16:41 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msorc32r.dll
[2009/12/20 17:16:40 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/12/20 17:16:40 | 00,559,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl40.dll
[2009/12/20 17:16:40 | 00,432,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x40.dll
[2009/12/20 17:16:40 | 00,322,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd3x40.dll
[2009/12/20 17:16:40 | 00,264,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext40.dll
[2009/12/20 17:16:40 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/12/20 17:16:40 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
[2009/12/20 17:16:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msscds32.ax
[2009/12/20 17:16:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/12/20 17:16:39 | 01,384,479 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm60.dll
[2009/12/20 17:16:39 | 00,838,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswdat10.dll
[2009/12/20 17:16:39 | 00,621,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswstr10.dll
[2009/12/20 17:16:39 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp60.dll
[2009/12/20 17:16:39 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/12/20 17:16:39 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msutb.dll
[2009/12/20 17:16:39 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvfw32.dll
[2009/12/20 17:16:39 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstlsapi.dll
[2009/12/20 17:16:39 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msw3prt.dll
[2009/12/20 17:16:39 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt40.dll
[2009/12/20 17:16:39 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcirt.dll
[2009/12/20 17:16:38 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml2.dll
[2009/12/20 17:16:38 | 00,622,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netcfgx.dll
[2009/12/20 17:16:38 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml.dll
[2009/12/20 17:16:38 | 00,355,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbde40.dll
[2009/12/20 17:16:38 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2009/12/20 17:16:38 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/12/20 17:16:38 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxclu.dll
[2009/12/20 17:16:38 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ndptsp.tsp
[2009/12/20 17:16:38 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2009/12/20 17:16:38 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2009/12/20 17:16:38 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ncobjapi.dll
[2009/12/20 17:16:38 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/12/20 17:16:38 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/12/20 17:16:38 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddenb32.dll
[2009/12/20 17:16:38 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapi.dll
[2009/12/20 17:16:38 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2009/12/20 17:16:38 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/12/20 17:16:37 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
[2009/12/20 17:16:37 | 00,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2009/12/20 17:16:37 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\newdev.dll
[2009/12/20 17:16:37 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netui1.dll
[2009/12/20 17:16:37 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netid.dll
[2009/12/20 17:16:37 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nlhtml.dll
[2009/12/20 17:16:37 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2009/12/20 17:16:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netui0.dll
[2009/12/20 17:16:37 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\npptools.dll
[2009/12/20 17:16:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlanman.dll
[2009/12/20 17:16:37 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmsapi.dll
[2009/12/20 17:16:37 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2009/12/20 17:16:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/12/20 17:16:37 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netrap.dll
[2009/12/20 17:16:36 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmsmgr.dll
[2009/12/20 17:16:36 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\objsel.dll
[2009/12/20 17:16:36 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/12/20 17:16:36 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nusrmgr.cpl
[2009/12/20 17:16:36 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32.dll
[2009/12/20 17:16:36 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmsdba.dll
[2009/12/20 17:16:36 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.dll
[2009/12/20 17:16:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccp32.dll
[2009/12/20 17:16:36 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcint.dll
[2009/12/20 17:16:36 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2009/12/20 17:16:36 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ocmanage.dll
[2009/12/20 17:16:36 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccu32.dll
[2009/12/20 17:16:36 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccr32.dll
[2009/12/20 17:16:36 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccp32.cpl
[2009/12/20 17:16:36 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009/12/20 17:16:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcbcp.dll
[2009/12/20 17:16:36 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32gt.dll
[2009/12/20 17:16:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdmd.dll
[2009/12/20 17:16:35 | 00,713,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\opengl32.dll
[2009/12/20 17:16:35 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcjt32.dll
[2009/12/20 17:16:35 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\offfilt.dll
[2009/12/20 17:16:35 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbctrac.dll
[2009/12/20 17:16:35 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oledlg.dll
[2009/12/20 17:16:35 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleprn.dll
[2009/12/20 17:16:35 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecli32.dll
[2009/12/20 17:16:35 | 00,053,279 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcji32.dll
[2009/12/20 17:16:35 | 00,020,511 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odtext32.dll
[2009/12/20 17:16:35 | 00,020,511 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oddbse32.dll
[2009/12/20 17:16:35 | 00,020,510 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odpdx32.dll
[2009/12/20 17:16:35 | 00,020,510 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odfox32.dll
[2009/12/20 17:16:35 | 00,020,510 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odexl32.dll
[2009/12/20 17:16:35 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcp32r.dll
[2009/12/20 17:16:33 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pdh.dll
[2009/12/20 17:16:33 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009/12/20 17:16:33 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.cpl
[2009/12/20 17:16:33 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\polstore.dll
[2009/12/20 17:16:33 | 00,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\proctexe.ocx
[2009/12/20 17:16:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pautoenr.dll
[2009/12/20 17:16:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.dll
[2009/12/20 17:16:33 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2009/12/20 17:16:33 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/12/20 17:16:33 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pid.dll
[2009/12/20 17:16:33 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfproc.dll
[2009/12/20 17:16:33 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\profmap.dll
[2009/12/20 17:16:33 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfdisk.dll
[2009/12/20 17:16:33 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfos.dll
[2009/12/20 17:16:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2009/12/20 17:16:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfnet.dll
[2009/12/20 17:16:33 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powrprof.dll
[2009/12/20 17:16:33 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2009/12/20 17:16:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pjlmon.dll
[2009/12/20 17:16:32 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2009/12/20 17:16:32 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psbase.dll
[2009/12/20 17:16:32 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/12/20 17:16:32 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pstorec.dll
[2009/12/20 17:16:32 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pstorsvc.dll
[2009/12/20 17:16:32 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/12/20 17:16:32 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/12/20 17:16:31 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\query.dll
[2009/12/20 17:16:31 | 00,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasppp.dll
[2009/12/20 17:16:31 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/12/20 17:16:31 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/12/20 17:16:31 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcbdyctl.dll
[2009/12/20 17:16:31 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/12/20 17:16:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/12/20 17:16:31 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/12/20 17:16:31 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/12/20 17:16:31 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2009/12/20 17:16:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2009/12/20 17:16:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/12/20 17:16:31 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2009/12/20 17:16:31 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2009/12/20 17:16:31 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/12/20 17:16:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rassapi.dll
[2009/12/20 17:16:31 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/12/20 17:16:31 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasadhlp.dll
[2009/12/20 17:16:30 | 00,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\riched20.dll
[2009/12/20 17:16:30 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\regwizc.dll
[2009/12/20 17:16:30 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
[2009/12/20 17:16:30 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2009/12/20 17:16:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotesp.tsp
[2009/12/20 17:16:30 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\resutils.dll
[2009/12/20 17:16:30 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regapi.dll
[2009/12/20 17:16:30 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtutils.dll
[2009/12/20 17:16:30 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtipxmib.dll
[2009/12/20 17:16:30 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmps.dll
[2009/12/20 17:16:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2009/12/20 17:16:30 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2009/12/20 17:16:30 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2009/12/20 17:16:30 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2009/12/20 17:16:29 | 00,314,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scesrv.dll
[2009/12/20 17:16:29 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[2009/12/20 17:16:29 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scrobj.dll
[2009/12/20 17:16:29 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sccsccp.dll
[2009/12/20 17:16:29 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2009/12/20 17:16:29 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scarddlg.dll
[2009/12/20 17:16:29 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/12/20 17:16:29 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/12/20 17:16:29 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/12/20 17:16:29 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2009/12/20 17:16:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sendcmsg.dll
[2009/12/20 17:16:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\security.dll
[2009/12/20 17:16:27 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2009/12/20 17:16:27 | 00,549,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdoclc.dll
[2009/12/20 17:16:27 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
[2009/12/20 17:16:27 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shgina.dll
[2009/12/20 17:16:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shimeng.dll
[2009/12/20 17:16:27 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/12/20 17:16:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2009/12/20 17:16:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shfolder.dll
[2009/12/20 17:16:27 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/12/20 17:16:27 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sensapi.dll
[2009/12/20 17:16:27 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.dll
[2009/12/20 17:16:26 | 00,362,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogcfg.dll
[2009/12/20 17:16:26 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpsnap.dll
[2009/12/20 17:16:26 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/12/20 17:16:26 | 00,098,304 | ---- | C] (Schlumberger Technology Corporation) -- C:\WINDOWS\System32\slbiop.dll
[2009/12/20 17:16:26 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2009/12/20 17:16:26 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2009/12/20 17:16:26 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2009/12/20 17:16:26 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2009/12/20 17:16:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
[2009/12/20 17:16:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2009/12/20 17:16:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2009/12/20 17:16:26 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2009/12/20 17:16:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpapi.dll
[2009/12/20 17:16:26 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simpdata.tlb
[2009/12/20 17:16:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sigtab.dll
[2009/12/20 17:16:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll
[2009/12/20 17:16:25 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2009/12/20 17:16:25 | 00,610,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2009/12/20 17:16:25 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/12/20 17:16:25 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.dll
[2009/12/20 17:16:25 | 00,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2009/12/20 17:16:25 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/12/20 17:16:25 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlunirl.dll
[2009/12/20 17:16:25 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2009/12/20 17:16:25 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolss.dll
[2009/12/20 17:16:25 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2009/12/20 17:16:25 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssdpapi.dll
[2009/12/20 17:16:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2009/12/20 17:16:25 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2009/12/20 17:16:25 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2009/12/20 17:16:25 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2009/12/20 17:16:24 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2009/12/20 17:16:24 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sti_ci.dll
[2009/12/20 17:16:24 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sti.dll
[2009/12/20 17:16:24 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/12/20 17:16:24 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdole2.tlb
[2009/12/20 17:16:23 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2009/12/20 17:16:22 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi3.dll
[2009/12/20 17:16:22 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sxs.dll
[2009/12/20 17:16:22 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termmgr.dll
[2009/12/20 17:16:22 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysmon.ocx
[2009/12/20 17:16:22 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi32.dll
[2009/12/20 17:16:22 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/12/20 17:16:22 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2009/12/20 17:16:22 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2009/12/20 17:16:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/12/20 17:16:22 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\synceng.dll
[2009/12/20 17:16:22 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmon.dll
[2009/12/20 17:16:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmib.dll
[2009/12/20 17:16:21 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2009/12/20 17:16:21 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdm.tsp
[2009/12/20 17:16:21 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\upnp.dll
[2009/12/20 17:16:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\txflog.dll
[2009/12/20 17:16:21 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\timedate.cpl
[2009/12/20 17:16:21 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/12/20 17:16:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdmat.dll
[2009/12/20 17:16:21 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\umandlg.dll
[2009/12/20 17:16:21 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\udhisapi.dll
[2009/12/20 17:16:21 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2009/12/20 17:16:21 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniplat.dll
[2009/12/20 17:16:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tree.com
[2009/12/20 17:16:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2009/12/20 17:16:21 | 00,012,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsddd.dll
[2009/12/20 17:16:20 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/12/20 17:16:20 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/12/20 17:16:20 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/12/20 17:16:20 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2009/12/20 17:16:20 | 00,042,496 | ---- | C] (user) -- C:\WINDOWS\mosent32.dll
[2009/12/20 17:16:20 | 00,030,749 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbajet32.dll
[2009/12/20 17:16:20 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbisurf.ax
[2009/12/20 17:16:20 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbmon.dll
[2009/12/20 17:16:19 | 00,463,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiadefui.dll
[2009/12/20 17:16:19 | 00,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2009/12/20 17:16:19 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wavemsp.dll
[2009/12/20 17:16:19 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\webvw.dll
[2009/12/20 17:16:19 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2009/12/20 17:16:19 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmredir.dll
[2009/12/20 17:16:19 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.dll
[2009/12/20 17:16:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmdbg.dll
[2009/12/20 17:16:19 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\watchdog.sys
[2009/12/20 17:16:18 | 00,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winntbbu.dll
[2009/12/20 17:16:18 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2009/12/20 17:16:18 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiadss.dll
[2009/12/20 17:16:18 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiavideo.dll
[2009/12/20 17:16:18 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winscard.dll
[2009/12/20 17:16:18 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsta.dll
[2009/12/20 17:16:18 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winipsec.dll
[2009/12/20 17:16:17 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmstream.dll
[2009/12/20 17:16:17 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8ds32.ax
[2009/12/20 17:16:17 | 00,264,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wow32.dll
[2009/12/20 17:16:17 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvds32.ax
[2009/12/20 17:16:17 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshom.ocx
[2009/12/20 17:16:17 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe.dll
[2009/12/20 17:16:17 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshcon.dll
[2009/12/20 17:16:17 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2009/12/20 17:16:17 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wship6.dll
[2009/12/20 17:16:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshrm.dll
[2009/12/20 17:16:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2009/12/20 17:16:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmi.dll
[2009/12/20 17:16:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2009/12/20 17:16:16 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcdlg.dll
[2009/12/20 17:16:16 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactsrv.dll
[2009/12/20 17:16:16 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2009/12/20 17:16:16 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wstdecod.dll
[2009/12/20 17:16:16 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsnmp32.dll
[2009/12/20 17:16:16 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2009/12/20 17:16:16 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsock32.dll
[2009/12/20 17:16:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshtcpip.dll
[2009/12/20 17:16:16 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wtsapi32.dll
[2009/12/20 17:16:16 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/12/20 17:16:15 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2009/12/20 17:16:15 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/12/20 17:16:15 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2009/12/20 17:16:15 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2009/12/20 17:16:15 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/20 17:16:15 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2009/12/20 17:16:15 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2009/12/20 17:16:14 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2009/12/20 17:16:14 | 00,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2009/12/20 17:16:14 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2009/12/20 17:16:14 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2009/12/20 17:16:14 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2009/12/20 17:16:14 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2009/12/20 17:16:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2009/12/20 17:16:14 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2009/12/20 17:16:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2009/12/20 17:16:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2009/12/20 17:16:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2009/12/20 17:16:12 | 00,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2009/12/20 17:16:12 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2009/12/20 17:16:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2009/12/20 17:16:12 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2009/12/20 17:16:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2009/12/20 17:16:11 | 00,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2009/12/20 17:16:11 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2009/12/20 17:16:11 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2009/12/20 17:16:11 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2009/12/20 17:16:10 | 01,850,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/12/20 17:16:10 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/12/20 17:16:10 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2009/12/20 17:16:10 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2009/12/20 17:16:10 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2009/12/20 17:16:10 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2009/12/20 17:16:09 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/12/20 17:16:09 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2009/12/20 17:16:09 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/12/20 17:16:09 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gckernel.sys
[2009/12/20 17:16:09 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2009/12/20 17:16:09 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2009/12/20 17:16:09 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2009/12/20 17:16:09 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2009/12/20 17:16:09 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/12/20 17:16:08 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2009/12/20 17:16:08 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/12/20 17:16:08 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/12/20 17:16:07 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2009/12/20 17:16:07 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/12/20 17:16:07 | 00,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2009/12/20 17:16:07 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2009/12/20 17:16:07 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2009/12/20 17:16:06 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2009/12/20 17:16:06 | 00,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2009/12/20 17:16:06 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/12/20 17:16:06 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2009/12/20 17:16:06 | 00,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/12/20 17:16:06 | 00,020,480 | ---- | C] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/12/20 17:16:06 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2009/12/20 17:16:06 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2009/12/20 17:16:05 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2009/12/20 17:16:05 | 00,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2009/12/20 17:16:05 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/12/20 17:16:05 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/12/20 17:16:05 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2009/12/20 17:16:05 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2009/12/20 17:16:04 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2009/12/20 17:16:04 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/12/20 17:16:04 | 00,131,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2009/12/20 15:51:33 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/12/20 15:51:20 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/12/20 15:51:04 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/12/20 15:51:03 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/12/20 15:50:44 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/12/20 15:50:14 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/12/20 15:50:05 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/12/20 15:50:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/12/20 15:50:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/12/20 15:49:57 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/12/20 15:49:56 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/12/20 15:49:52 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/12/20 15:49:46 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/12/20 15:49:17 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/12/20 15:49:17 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/12/20 15:49:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/12/20 15:49:14 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/12/20 15:49:14 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/12/20 15:49:13 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/12/20 15:49:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/12/20 15:49:06 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/12/20 15:48:20 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/12/20 15:48:19 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/12/20 15:48:19 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/12/20 15:48:19 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/12/20 15:47:47 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/12/20 15:47:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/12/20 15:47:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/12/20 15:47:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/12/20 15:47:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/12/20 15:46:42 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2009/12/20 15:46:25 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/12/20 15:46:25 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/12/20 15:46:25 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/12/20 15:46:25 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/12/20 15:46:25 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/12/20 15:46:24 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/12/20 15:46:24 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/12/20 15:46:15 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/12/20 15:46:15 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/12/20 15:46:15 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/12/20 15:46:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/12/20 15:46:15 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/12/20 15:46:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/12/20 15:46:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/12/20 15:46:09 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/12/20 15:45:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/12/20 15:45:44 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/12/20 15:45:20 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/12/20 15:04:23 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/20 15:01:50 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/12/20 15:01:45 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/20 15:01:43 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/20 15:01:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/20 14:59:44 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/12/20 14:59:41 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/20 14:59:36 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/20 14:59:33 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/12/20 14:58:45 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/20 14:55:43 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/12/20 14:53:21 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/20 14:53:06 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/12/20 14:42:08 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/12/20 14:42:02 | 00,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/12/20 14:41:59 | 00,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/12/20 14:41:59 | 00,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/12/20 14:41:59 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2004/12/30 08:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2004/12/30 08:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 20:09:00 | 00,670,072 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\ClaudeandValerie\Desktop\autoruns.exe
[2009/12/22 20:09:00 | 00,559,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\ClaudeandValerie\Desktop\autorunsc.exe
[2009/12/22 20:09:00 | 00,048,904 | ---- | M] () -- C:\Documents and Settings\ClaudeandValerie\Desktop\autoruns.chm
[2009/12/22 17:00:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/22 17:00:34 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/22 17:00:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/22 17:00:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/22 17:00:07 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/22 16:59:04 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\ClaudeandValerie\ntuser.dat
[2009/12/22 16:59:04 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\ClaudeandValerie\NTUSER.INI
[2009/12/22 15:53:50 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Ndepamujumuqobo.dat
[2009/12/22 13:01:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/22 12:58:07 | 02,802,882 | -H-- | M] () -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\IconCache.db
[2009/12/22 07:02:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 06:18:36 | 00,000,139 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2009/12/22 06:13:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Qteyi.bin
[2009/12/21 18:30:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/21 15:30:56 | 00,000,708 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/21 15:30:56 | 00,000,306 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/12/21 15:30:56 | 00,000,210 | RHS- | M] () -- C:\BOOT.INI
[2009/12/21 12:42:32 | 00,000,923 | ---- | M] () -- C:\WINDOWS\JUNO.INI
[2009/12/20 21:40:19 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Tab Change.lnk
[2009/12/20 21:16:49 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/20 20:56:09 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/20 20:56:03 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/20 20:26:43 | 00,306,990 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/20 20:26:43 | 00,038,636 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/20 20:26:41 | 00,349,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/20 20:24:44 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/20 20:23:24 | 00,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/20 19:07:46 | 00,250,048 | ---- | M] () -- C:\ntldr
[2009/12/20 18:30:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/20 18:30:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/20 15:42:01 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/22 07:02:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/21 13:47:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qteyi.bin
[2009/12/21 13:47:17 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ndepamujumuqobo.dat
[2009/12/20 21:40:19 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Tab Change.lnk
[2009/12/20 21:16:49 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/20 20:56:09 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/20 17:20:45 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2009/12/20 17:20:42 | 00,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2009/12/20 17:20:32 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2009/12/20 17:19:59 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2009/12/20 17:17:14 | 00,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/12/20 17:16:46 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2009/12/20 17:16:45 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2009/12/20 17:16:45 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2009/12/20 17:16:36 | 00,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2009/12/20 17:16:32 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/12/20 17:16:32 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2009/12/20 17:16:20 | 00,165,376 | ---- | C] () -- C:\WINDOWS\uvikejupe.dll
[2009/12/20 17:16:15 | 00,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2009/12/20 17:16:11 | 00,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2009/12/20 17:16:05 | 00,250,048 | ---- | C] () -- C:\ntldr
[2009/12/20 15:47:07 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2006/07/04 07:48:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\AWLL5025.dll
[2006/07/04 07:48:56 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/02/08 21:36:46 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\FASTWiz.log
[2005/01/02 10:48:43 | 00,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/08/08 20:12:31 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/04 04:05:41 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/07/04 02:00:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/05/17 07:16:58 | 00,000,062 | ---- | C] () -- C:\WINDOWS\einit.ini
[2004/05/17 07:10:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/04/09 23:00:13 | 00,000,326 | ---- | C] () -- C:\WINDOWS\alchem.ini
[2004/04/09 08:22:48 | 00,282,917 | ---- | C] () -- C:\WINDOWS\twaintec.ini
[2004/04/09 06:57:27 | 00,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/07 00:13:40 | 00,000,130 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2003/10/07 09:59:43 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Application Data\fontdb.mdb
[2003/07/27 09:16:38 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/07/27 08:31:48 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/07/27 08:31:48 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/07/27 08:31:47 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/07/27 08:24:29 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2003/07/27 08:24:29 | 00,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2003/07/27 08:22:10 | 00,000,139 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/07/18 11:34:13 | 00,000,127 | ---- | C] () -- C:\WINDOWS\nawca.INI
[2003/07/17 10:15:05 | 00,000,923 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2003/07/13 23:07:29 | 00,000,023 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2003/07/13 23:07:29 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2003/07/13 23:07:29 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2003/07/13 00:11:01 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/07/12 17:36:02 | 00,002,048 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Application Data\user60.rdb
[2003/07/12 17:33:46 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Application Data\sversion.ini
[2003/07/09 20:00:06 | 00,000,765 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2003/07/09 20:00:06 | 00,000,072 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/07/09 16:25:12 | 00,001,197 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/07/09 14:51:28 | 00,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2003/07/09 14:48:39 | 00,114,738 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2003/07/09 14:48:39 | 00,046,700 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll
[2003/07/09 14:23:16 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/06 14:43:18 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2003/07/05 06:52:14 | 00,000,044 | ---- | C] () -- C:\WINDOWS\earthlink.INI
[2003/07/05 06:13:27 | 00,000,034 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2003/06/26 23:11:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/06/26 23:00:15 | 00,000,803 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/06/26 22:57:52 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/26 22:52:29 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/06/26 22:25:42 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/12/17 15:10:36 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
< End of report >

* Extra.txt <-- Will be minimized

> OTL Extras logfile created on: 1/5/2010 11:55:12 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 241.00 Mb Available Physical Memory | 47.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 16.85 Gb Free Space | 60.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CVR1
Current User Name: ClaudeandValerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4106144296-1916765863-1144734290-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1469:UDP" = 1469:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"1468:UDP" = 1468:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"1471:UDP" = 1471:UDP:*:Enabled:Windows Media Format SDK (iexplore.exe)
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Juno\bin\juno.exe" = C:\Program Files\Juno\bin\juno.exe:*:Enabled:Juno -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealOne Player -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A9F8624-4221-4508-9636-69ABD753695B}" = PopUp Buster+
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = BACS
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F1AF20C-1EBA-467A-A5DB-833A8875DF3B}" = Mail Password Recovery
"{53F6E695-8BE1-4DB0-9896-643D031B63CA}_is1" = Quick Tab Change 2.0
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{715A3A08-2228-4055-8986-5BC16083A420}" = Airlink101 USB XR Adapter
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600602}" = MSN Messenger 6.0
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BC019EBE-613F-491F-9A83-08E3E8A74CE6}" = EarthLink Free Trial
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{CF5193F7-6B37-11D5-B7D2-00AA00A204F1}" = Microsoft Money 2002 System Pack
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7298FD5-1386-11D5-8D6C-0050DAD32D95}" = Microsoft Money 2002
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdWizard" = AdWizard
"avast!" = avast! Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K Speakerphone PCI Modem
"Cool Page 2.72" = Cool Page 2.72
"DellSupport" = Dell Support 5.0.0 (766)
"ie8" = Windows Internet Explorer 8
"InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}" = Broadcom Advanced Control Suite
"JPEGCruncher Pro 2.0 Trial Version" = JPEGCruncher Pro 2.0 Trial Version
"List Manager" = List Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NavHelper" = NavHelper
"OmniFormat" = OmniFormat
"OpenOffice.org 1.0.3" = OpenOffice.org 1.0.3
"Pagis Viewer 2.0" = Pagis Viewer 2.0
"Pdf995" = Pdf995
"QuickTime" = QuickTime
"Shockwave" = Shockwave
"ShockwaveFlash" = Macromedia Flash Player 8
"Snazzy Freeware Safe List Submitter_is1" = Snazzy Freeware Safe List Submitter V1.1
"TaxACT 2003" = TaxACT 2003
"TaxACT 2004" = TaxACT 2004
"TweakAll_is1" = TweakAll 3.0
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WEFT" = Microsoft Web Embedding Fonts Tool (III)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WorldCast" = WorldCast
"xqdcXSP_is1" = Xteq-dotec X-Setup Pro 6.6.300.Final1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2009 10:53:30 PM | Computer Name = CVR1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/20/2009 10:53:30 PM | Computer Name = CVR1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/21/2009 10:56:47 AM | Computer Name = CVR1 | Source = Ci | ID = 4128
Description = Error 3221225529 detected in content index on c:\system volume information\catalog.wci.

Error - 12/21/2009 3:43:58 PM | Computer Name = CVR1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module iexplore.exe, version 8.0.6001.18702, fault address 0x00006472.

Error - 12/21/2009 3:43:58 PM | Computer Name = CVR1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 12/21/2009 3:54:47 PM | Computer Name = CVR1 | Source = Application Error | ID = 1000
Description = Faulting application _ex-08.exe, version 0.0.0.0, faulting module
_ex-08.exe, version 0.0.0.0, fault address 0x00001f25.

Error - 12/22/2009 3:09:06 PM | Computer Name = CVR1 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 12/22/2009 3:09:06 PM | Computer Name = CVR1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/23/2009 11:01:51 AM | Computer Name = CVR1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2009 11:03:14 AM | Computer Name = CVR1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1589847310.

[ Application Events ]
Error - 12/20/2009 10:53:30 PM | Computer Name = CVR1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/20/2009 10:53:30 PM | Computer Name = CVR1 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 12/21/2009 10:56:47 AM | Computer Name = CVR1 | Source = Ci | ID = 4128
Description = Error 3221225529 detected in content index on c:\system volume information\catalog.wci.

Error - 12/21/2009 3:43:58 PM | Computer Name = CVR1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module iexplore.exe, version 8.0.6001.18702, fault address 0x00006472.

Error - 12/21/2009 3:43:58 PM | Computer Name = CVR1 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00010a19.

Error - 12/21/2009 3:54:47 PM | Computer Name = CVR1 | Source = Application Error | ID = 1000
Description = Faulting application _ex-08.exe, version 0.0.0.0, faulting module
_ex-08.exe, version 0.0.0.0, fault address 0x00001f25.

Error - 12/22/2009 3:09:06 PM | Computer Name = CVR1 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 12/22/2009 3:09:06 PM | Computer Name = CVR1 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/23/2009 11:01:51 AM | Computer Name = CVR1 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3622, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2009 11:03:14 AM | Computer Name = CVR1 | Source = Application Hang | ID = 1001
Description = Fault bucket 1589847310.

[ System Events ]
Error - 12/20/2009 8:01:58 PM | Computer Name = CVR1 | Source = NtServicePack | ID = 921878
Description = Windows XP installation failed, leaving Windows XP partially updated.
The
installation of the Service Pack did not complete, and a rollback to the pre-installation
state has been initiated. A rollback is a two-step process. Step one is complete;
to complete step two, click OK. To be reminded at next login to complete step two,
click Cancel. After you complete the rollback, your system will reboot and you
may retry the installation of the Service Pack.

Error - 12/20/2009 8:30:20 PM | Computer Name = CVR1 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 12/21/2009 3:43:24 PM | Computer Name = CVR1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the SharedAccess service.

Error - 12/21/2009 3:44:17 PM | Computer Name = CVR1 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Kernel Acoustic Echo Canceller service failed to start
due to the following error: %%31

Error - 12/21/2009 4:15:51 PM | Computer Name = CVR1 | Source = DCOM | ID = 10010
Description = The server {1CD83BD6-228D-4F2C-A5E8-FF7D07FD8574} did not register
with DCOM within the required timeout.

Error - 12/21/2009 4:16:22 PM | Computer Name = CVR1 | Source = DCOM | ID = 10010
Description = The server {D678FF2F-31A7-4484-AB32-4822028B7B96} did not register
with DCOM within the required timeout.

Error - 12/21/2009 5:37:46 PM | Computer Name = CVR1 | Source = DCOM | ID = 10010
Description = The server {1CD83BD6-228D-4F2C-A5E8-FF7D07FD8574} did not register
with DCOM within the required timeout.

Error - 12/21/2009 8:27:07 PM | Computer Name = CVR1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 12/22/2009 3:00:31 PM | Computer Name = CVR1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 1/5/2010 1:13:42 PM | Computer Name = CVR1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.5 on
the Network Card with network address 000BDB2D3575.


< End of report >



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

#5 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 January 2010 - 01:22 PM

I've Turned off windows automatic updates. Putting this this back into hibernation til we meet again.

Regards,

Claude

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:37 AM

Posted 05 January 2010 - 04:17 PM

Hi,

part of the infection still seems to be active. I would like to do a rootkit scan to see if more is present before starting to remove anything.

Please run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 05 January 2010 - 10:19 PM

I hope this is what you were looking for. I followed instructions, didn't get any rootkit warnings, but it sure don't look like much info.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 21:10:44
Windows 5.1.2600 Service Pack 3
Running: i6p08ptu.exe; Driver: C:\DOCUME~1\CLAUDE~1\LOCALS~1\Temp\pxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEFBA16B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEFBA1574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEFBA1A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEFBA114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEFBA164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEFBA108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEFBA10F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEFBA176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEFBA172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEFBA18AE]

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[508] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[508] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat EEB3BD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----
Til we meet again,
Claude

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:37 AM

Posted 08 January 2010 - 05:42 PM

Hi,

usually the shorter the logs, the better. :(

The good news is, that you do not seem to be infected by a rootkit. :( However there are a couple of leftovers from the infection still present and it is still partially active. Your google bug most likely comes from a modification of your hosts-file, which we are going to remove now:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O4 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005..\Run: [uoltray] C:\Program Files\NetZero\exec.exe File not found
    O4 - HKLM..\Run: [Opumajo] C:\WINDOWS\uvikejupe.DLL ()
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKU\S-1-5-21-4106144296-1916765863-1144734290-1005\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
    [2009/12/21 13:47:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Qteyi.bin
    [2009/12/21 13:47:17 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ndepamujumuqobo.dat
    
    :commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
let me know if that fixed your bug,

regards myrti

Edited by myrti, 08 January 2010 - 05:43 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 January 2010 - 09:54 PM

Hello again myrti,
I was very Pleased to see some good news in your last post. I did as directed but didn't happen exactly as expected.
I ran the Otl fix. It did request reboot. After reboot I was asked If I wanted to start Otl again. (unsigned warning) I clicked run and the following log opened in notepad:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4106144296-1916765863-1144734290-1005\Software\Microsoft\Windows\CurrentVersion\Run\\uoltray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Opumajo deleted successfully.
C:\WINDOWS\uvikejupe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_USERS\S-1-5-21-4106144296-1916765863-1144734290-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
C:\WINDOWS\Qteyi.bin moved successfully.
C:\WINDOWS\Ndepamujumuqobo.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: ClaudeandValerie
->Temp folder emptied: 72726607 bytes
->Temporary Internet Files folder emptied: 47546147 bytes
->FireFox cache emptied: 91182371 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 92475 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Valerie
->Temp folder emptied: 4000798 bytes
->Temporary Internet Files folder emptied: 3247365 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58666 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 8748344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 222814 bytes
RecycleBin emptied: 4139408 bytes

Total Files Cleaned = 221.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.21.0 log created on 01082010_202238

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_450.dat not found!

Registry entries deleted on Reboot...



Then I went and found the newest OTL >log file as instructed. I couldn't locate any .log files.but I did find the same file from above again.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-4106144296-1916765863-1144734290-1005\Software\Microsoft\Windows\CurrentVersion\Run\\uoltray deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Opumajo deleted successfully.
C:\WINDOWS\uvikejupe.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_USERS\S-1-5-21-4106144296-1916765863-1144734290-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085}\ not found.
C:\WINDOWS\Qteyi.bin moved successfully.
C:\WINDOWS\Ndepamujumuqobo.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: ClaudeandValerie
->Temp folder emptied: 72726607 bytes
->Temporary Internet Files folder emptied: 47546147 bytes
->FireFox cache emptied: 91182371 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 92475 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Valerie
->Temp folder emptied: 4000798 bytes
->Temporary Internet Files folder emptied: 3247365 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58666 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 8748344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 222814 bytes
RecycleBin emptied: 4139408 bytes

Total Files Cleaned = 221.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.21.0 log created on 01082010_202238

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_450.dat not found!

Registry entries deleted on Reboot...


I'm going to run the followup scan now. I'll post those results when finished.

Thank you,
Claude

#10 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 January 2010 - 10:07 PM

Here are the results of the 'followup scan'. I'll post a bit later to let you know if the problaem has been fixed.

OTL logfile created on: 1/8/2010 9:00:26 PM - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 332.00 Mb Available Physical Memory | 65.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 17.02 Gb Free Space | 61.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CVR1
Current User Name: ClaudeandValerie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\SYSTEM32\snmp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Airlink101\AWLL5025\AWLL5025.exe ()
PRC - C:\Program Files\Airlink101\AWLL5025\WLService.exe ()
PRC - C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\WINDOWS\SYSTEM32\TCPSVCS.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\CIDAEMON.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (SNMP) -- C:\WINDOWS\SYSTEM32\snmp.exe (Microsoft Corporation)
SRV - (Airlink101 USB XR Adapter WLService) -- C:\Program Files\Airlink101\AWLL5025\WLService.exe ()
SRV - (SimpTcp) -- C:\WINDOWS\SYSTEM32\TCPSVCS.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys (ALWIL Software)
DRV - (GcKernel) -- C:\WINDOWS\SYSTEM32\DRIVERS\gckernel.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AegisP) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\SYSTEM32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (RT73) Airlink101 USB XR Adapter Driver (RT73) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (StreamSurge) StreamSurge Driver (miniport) -- C:\WINDOWS\SYSTEM32\DRIVERS\ss.sys (WikiTek Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (ialm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys (Intel Corporation)
DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (smwdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.)
DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS (Microsoft Corporation)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\SYSTEM32\DRIVERS\bvrp_pci.sys ()
DRV - (aeaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\SYSTEM32\DRIVERS\HIDSwvd.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.ard.yahoo.com/SIG=12kem247e/M=25...://my.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.peoplestring.com/"
FF - prefs.js..extensions.enabledItems: {0ed0633c-a54d-47f1-94e7-5bded41ae674}:2.5.2.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/20 21:17:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/20 21:16:45 | 00,000,000 | ---D | M]

[2009/12/20 21:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Extensions
[2009/12/20 21:17:30 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/08 20:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Firefox\Profiles\13xsgci0.default\extensions
[2009/12/20 23:32:54 | 00,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Documents and Settings\ClaudeandValerie\Application Data\Mozilla\Firefox\Profiles\13xsgci0.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2009/12/20 21:16:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/20 21:16:46 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/12/02 08:17:58 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/02 08:17:59 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/12/02 08:18:00 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009/12/02 01:38:29 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/02 01:38:29 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/02 01:38:29 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/02 01:38:29 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/02 01:38:29 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/02 01:38:29 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/02 01:38:29 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\SYSTEM32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\Money Express.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [!CleanupNetMeetingDispDriver] C:\WINDOWS\System32\msconf.dll (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (KMGI)
O9 - Extra 'Tools' menuitem : Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe (KMGI)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SYSTEM32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SYSTEM32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\SYSTEM32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} https://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} http://office.microsoft.com/productupdates/content/opuc.cab (OPUCatalog Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1261341797434 (WUWebControl Class)
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} http://216.249.24.140/code/PWActiveXImgCtl.CAB (PWMediaSendControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1261341703528 (MUWebControl Class)
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab (Reg Error: Key error.)
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} http://directv.direcway.com/dwayready/dpcsysinfo.cab (SystemInfo Class)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7807.2961458333 (Reg Error: Key error.)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://www.verizon.net/checkmypc/includes/MotivePreQual.cab (PreQualifier Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} http://officeupdate.microsoft.com/Template...nloads/outc.cab (Microsoft Office Tools on the Web Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SYSTEM32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SYSTEM32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SYSTEM32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SYSTEM32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SYSTEM32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SYSTEM32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (WIKI.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\SYSTEM32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SYSTEM32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SYSTEM32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SYSTEM32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SYSTEM32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - https://my.compassweb.com/i/cbr/cbr-header1.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 12:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/08 20:22:38 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/22 07:02:05 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/22 07:02:01 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/22 07:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 16:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ClaudeandValerie\Application Data\Malwarebytes
[2009/12/21 16:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/20 21:40:18 | 00,000,000 | ---D | C] -- C:\Program Files\Quick Tab Change
[2009/12/20 21:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ClaudeandValerie\My Documents\Downloads
[2009/12/20 21:17:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\Mozilla
[2009/12/20 21:16:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/12/20 20:56:08 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/20 20:56:07 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/20 20:56:07 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/20 20:56:04 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/20 20:56:03 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/20 20:56:03 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/20 20:56:03 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/20 20:56:03 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/20 20:55:40 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/20 20:55:40 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/12/20 20:55:37 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/12/20 20:49:36 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ClaudeandValerie\PrivacIE
[2009/12/20 20:45:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/12/20 20:45:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/20 20:44:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/20 20:44:45 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/20 20:44:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/20 20:41:39 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\ClaudeandValerie\IETldCache
[2009/12/20 20:38:30 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/20 20:38:30 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/20 20:38:29 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/20 20:38:23 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/20 20:38:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/12/20 20:35:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/12/20 20:33:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/12/20 20:23:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/12/20 19:38:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/12/20 19:37:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/12/20 19:37:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/12/20 19:37:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/12/20 18:55:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/12/20 17:26:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/12/20 17:20:43 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/12/20 17:20:42 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/20 17:20:42 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/12/20 17:20:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/12/20 17:20:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/12/20 17:20:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/12/20 17:20:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spiisupd.exe
[2009/12/20 17:20:06 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_pfu.exe
[2009/12/20 17:19:57 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/12/20 17:19:56 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secedit.exe
[2009/12/20 17:19:55 | 02,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll
[2009/12/20 17:19:55 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl
[2009/12/20 17:19:55 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll
[2009/12/20 17:19:55 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/12/20 17:19:55 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2009/12/20 17:19:52 | 00,199,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iac25_32.ax
[2009/12/20 17:19:52 | 00,120,320 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qc.dll
[2009/12/20 17:19:51 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/12/20 17:19:50 | 00,154,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ivfsrc.ax
[2009/12/20 17:19:50 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprpres.dll
[2009/12/20 17:19:48 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/12/20 17:19:46 | 00,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl
[2009/12/20 17:19:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/12/20 17:19:43 | 04,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/12/20 17:19:41 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl
[2009/12/20 17:19:41 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/12/20 17:19:40 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2009/12/20 17:19:37 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/12/20 17:19:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2009/12/20 17:19:36 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msftedit.dll
[2009/12/20 17:19:36 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl
[2009/12/20 17:19:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/12/20 17:19:35 | 00,338,432 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qcx.dll
[2009/12/20 17:19:35 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll
[2009/12/20 17:19:35 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/12/20 17:19:34 | 00,183,808 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qcx.dll
[2009/12/20 17:19:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl
[2009/12/20 17:19:33 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/12/20 17:19:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2009/12/20 17:19:32 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sbeio.dll
[2009/12/20 17:19:28 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/12/20 17:19:28 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/12/20 17:19:27 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/12/20 17:19:26 | 00,755,200 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir50_32.dll
[2009/12/20 17:19:26 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll
[2009/12/20 17:19:25 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2009/12/20 17:19:23 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009/12/20 17:19:22 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/12/20 17:19:22 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll
[2009/12/20 17:19:21 | 01,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll
[2009/12/20 17:19:20 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssap.dll
[2009/12/20 17:19:18 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/12/20 17:19:17 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/12/20 17:19:16 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll
[2009/12/20 17:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll
[2009/12/20 17:19:15 | 01,647,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winbrand.dll
[2009/12/20 17:19:15 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009/12/20 17:19:14 | 00,848,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir41_32.ax
[2009/12/20 17:19:14 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll
[2009/12/20 17:19:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll
[2009/12/20 17:19:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll
[2009/12/20 17:19:04 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2009/12/20 17:19:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll
[2009/12/20 17:19:04 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009/12/20 17:19:02 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/12/20 17:19:01 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll
[2009/12/20 17:19:00 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/12/20 17:19:00 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2009/12/20 17:18:58 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2009/12/20 17:18:57 | 00,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp1res.dll
[2009/12/20 17:18:56 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/12/20 17:18:55 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll
[2009/12/20 17:18:54 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/12/20 17:18:53 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/12/20 17:18:52 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/12/20 17:18:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi.dll
[2009/12/20 17:18:47 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2009/12/20 17:18:46 | 00,200,192 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qc.dll
[2009/12/20 17:18:46 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll
[2009/12/20 17:18:46 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/12/20 17:18:45 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/12/20 17:18:45 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2009/12/20 17:18:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2009/12/20 17:18:44 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/12/20 17:18:44 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll
[2009/12/20 17:18:42 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2009/12/20 17:18:38 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll
[2009/12/20 17:18:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2009/12/20 17:18:34 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll
[2009/12/20 17:18:34 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/12/20 17:18:34 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/12/20 17:18:34 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/12/20 17:18:34 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/12/20 17:18:34 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/12/20 17:18:34 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/12/20 17:18:34 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/12/20 17:18:33 | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2009/12/20 17:18:33 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/12/20 17:18:33 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/12/20 17:18:33 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/12/20 17:18:33 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/12/20 17:18:33 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/12/20 17:18:33 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/12/20 17:18:33 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/12/20 17:18:32 | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2009/12/20 17:18:32 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/12/20 17:18:32 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/12/20 17:18:32 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/12/20 17:18:32 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/12/20 17:18:32 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/12/20 17:18:31 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/12/20 17:18:30 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2009/12/20 17:18:29 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpcdll.dll
[2009/12/20 17:18:29 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pidgen.dll
[2009/12/20 17:18:25 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll
[2009/12/20 17:18:23 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll
[2009/12/20 17:18:22 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgr.dll
[2009/12/20 17:18:22 | 00,163,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwrdr.sys
[2009/12/20 17:18:22 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bootcfg.exe
[2009/12/20 17:18:22 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fde.dll
[2009/12/20 17:18:22 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnw.dll
[2009/12/20 17:18:22 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventtriggers.exe
[2009/12/20 17:18:22 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fdeploy.dll
[2009/12/20 17:18:22 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\driverquery.exe
[2009/12/20 17:18:22 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cipher.exe
[2009/12/20 17:18:22 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventcreate.exe
[2009/12/20 17:18:22 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asr_fmt.exe
[2009/12/20 17:18:22 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\efsadu.dll
[2009/12/20 17:18:21 | 00,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpedit.dll
[2009/12/20 17:18:21 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gptext.dll
[2009/12/20 17:18:21 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpresult.exe
[2009/12/20 17:18:21 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mqlogmgr.dll
[2009/12/20 17:18:21 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getmac.exe
[2009/12/20 17:18:21 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2009/12/20 17:18:20 | 01,200,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2009/12/20 17:18:20 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schtasks.exe
[2009/12/20 17:18:20 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsnotify.exe
[2009/12/20 17:18:20 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009/12/20 17:18:20 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\taskkill.exe
[2009/12/20 17:18:20 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\systeminfo.exe
[2009/12/20 17:18:20 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\openfiles.exe
[2009/12/20 17:18:20 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwwks.dll
[2009/12/20 17:18:20 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwapi32.dll
[2009/12/20 17:18:20 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2009/12/20 17:18:19 | 00,604,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsecedit.dll
[2009/12/20 17:18:19 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tracerpt.exe
[2009/12/20 17:18:19 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsess.exe
[2009/12/20 17:18:19 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntadmn.exe
[2009/12/20 17:18:19 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/12/20 17:18:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tlntsvrp.dll
[2009/12/20 17:17:32 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2009/12/20 17:17:32 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2009/12/20 17:17:32 | 00,050,688 | ---- | C] (Twain Working Group) -- C:\WINDOWS\twain_32.dll
[2009/12/20 17:17:29 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\activeds.dll
[2009/12/20 17:17:29 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/12/20 17:17:29 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aclui.dll
[2009/12/20 17:17:29 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
[2009/12/20 17:17:29 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/12/20 17:17:29 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/12/20 17:17:29 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2009/12/20 17:17:28 | 00,263,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsnt.dll
[2009/12/20 17:17:28 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldp.dll
[2009/12/20 17:17:28 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsldpc.dll
[2009/12/20 17:17:28 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/12/20 17:17:28 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2009/12/20 17:17:28 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsmsext.dll
[2009/12/20 17:17:27 | 00,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2009/12/20 17:17:27 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asctrls.ocx
[2009/12/20 17:17:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\asycfilt.dll
[2009/12/20 17:17:27 | 00,030,208 | ---- | C] (Adobe Systems) -- C:\WINDOWS\System32\atmlib.dll
[2009/12/20 17:17:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2009/12/20 17:17:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2009/12/20 17:17:27 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2009/12/20 17:17:26 | 00,580,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autofmt.exe
[2009/12/20 17:17:25 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avifil32.dll
[2009/12/20 17:17:25 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browselc.dll
[2009/12/20 17:17:25 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\basesrv.dll
[2009/12/20 17:17:25 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batmeter.dll
[2009/12/20 17:17:25 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2009/12/20 17:17:25 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bidispl.dll
[2009/12/20 17:17:25 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autolfn.exe
[2009/12/20 17:17:25 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/12/20 17:17:24 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/12/20 17:17:24 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/12/20 17:17:24 | 00,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capesnpn.dll
[2009/12/20 17:17:24 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/12/20 17:17:24 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browsewm.dll
[2009/12/20 17:17:24 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cabinet.dll
[2009/12/20 17:17:24 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\camocx.dll
[2009/12/20 17:17:23 | 02,091,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdosys.dll
[2009/12/20 17:17:22 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certmgr.dll
[2009/12/20 17:17:22 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\certcli.dll
[2009/12/20 17:17:22 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cic.dll
[2009/12/20 17:17:22 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/12/20 17:17:22 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ciodm.dll
[2009/12/20 17:17:22 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/12/20 17:17:22 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgmgr32.dll
[2009/12/20 17:17:21 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdial32.dll
[2009/12/20 17:17:21 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/12/20 17:17:21 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.dll
[2009/12/20 17:17:21 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2009/12/20 17:17:21 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clusapi.dll
[2009/12/20 17:17:21 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2009/12/20 17:17:21 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2009/12/20 17:17:21 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmcfg32.dll
[2009/12/20 17:17:20 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\compstui.dll
[2009/12/20 17:17:20 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/12/20 17:17:20 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/12/20 17:17:20 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2009/12/20 17:17:20 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/12/20 17:17:20 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cnbjmon.dll
[2009/12/20 17:17:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2009/12/20 17:17:20 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmutil.dll
[2009/12/20 17:17:20 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/12/20 17:17:20 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2009/12/20 17:17:19 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/12/20 17:17:19 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/12/20 17:17:18 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/12/20 17:17:18 | 00,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\confmsp.dll
[2009/12/20 17:17:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credui.dll
[2009/12/20 17:17:18 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2009/12/20 17:17:18 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/12/20 17:17:17 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2009/12/20 17:17:17 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdlg.dll
[2009/12/20 17:17:17 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptdll.dll
[2009/12/20 17:17:16 | 01,179,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8.dll
[2009/12/20 17:17:16 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\danim.dll
[2009/12/20 17:17:16 | 00,824,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dim700.dll
[2009/12/20 17:17:16 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d8thk.dll
[2009/12/20 17:17:15 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dataclen.dll
[2009/12/20 17:17:14 | 00,640,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbghelp.dll
[2009/12/20 17:17:14 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddraw.dll
[2009/12/20 17:17:14 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\datime.dll
[2009/12/20 17:17:14 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\daxctle.ocx
[2009/12/20 17:17:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnetlib.dll
[2009/12/20 17:17:14 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2009/12/20 17:17:14 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbnmpntw.dll
[2009/12/20 17:17:14 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\davclnt.dll
[2009/12/20 17:17:14 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsrpcn.dll
[2009/12/20 17:17:14 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dciman32.dll
[2009/12/20 17:17:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/12/20 17:17:13 | 00,379,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpmon.dll
[2009/12/20 17:17:13 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\devmgr.dll
[2009/12/20 17:17:13 | 00,124,416 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgui.dll
[2009/12/20 17:17:13 | 00,111,104 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dgnet.dll
[2009/12/20 17:17:13 | 00,105,472 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2009/12/20 17:17:13 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2009/12/20 17:17:13 | 00,082,944 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2009/12/20 17:17:13 | 00,039,424 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgsnap.dll
[2009/12/20 17:17:13 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ddrawex.dll
[2009/12/20 17:17:13 | 00,025,088 | ---- | C] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2009/12/20 17:17:12 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput8.dll
[2009/12/20 17:17:12 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2009/12/20 17:17:12 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dinput.dll
[2009/12/20 17:17:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmcompos.dll
[2009/12/20 17:17:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dispex.dll
[2009/12/20 17:17:12 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmband.dll
[2009/12/20 17:17:11 | 00,285,184 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdlgs.dll
[2009/12/20 17:17:11 | 00,200,704 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmdskmgr.dll
[2009/12/20 17:17:11 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmime.dll
[2009/12/20 17:17:11 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmstyle.dll
[2009/12/20 17:17:11 | 00,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmsynth.dll
[2009/12/20 17:17:11 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmscript.dll
[2009/12/20 17:17:11 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmloader.dll
[2009/12/20 17:17:11 | 00,015,872 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2009/12/20 17:17:10 | 00,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplayx.dll
[2009/12/20 17:17:10 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dmusic.dll
[2009/12/20 17:17:10 | 00,052,224 | ---- | C] (Microsoft Corp.) -- C:\WINDOWS\System32\dmutil.dll
[2009/12/20 17:17:10 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2009/12/20 17:17:09 | 00,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnet.dll
[2009/12/20 17:17:09 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhupnp.dll
[2009/12/20 17:17:09 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnhpast.dll
[2009/12/20 17:17:09 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpmodemx.dll
[2009/12/20 17:17:09 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnaddr.dll
[2009/12/20 17:17:08 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvoice.dll
[2009/12/20 17:17:08 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2009/12/20 17:17:08 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvacm.dll
[2009/12/20 17:17:08 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2009/12/20 17:17:08 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnlobby.dll
[2009/12/20 17:17:07 | 00,367,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound.dll
[2009/12/20 17:17:07 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmo.dll
[2009/12/20 17:17:07 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvvox.dll
[2009/12/20 17:17:07 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dskquota.dll
[2009/12/20 17:17:07 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsdmoprp.dll
[2009/12/20 17:17:07 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dpwsockx.dll
[2009/12/20 17:17:07 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ds32gt.dll
[2009/12/20 17:17:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drprov.dll
[2009/12/20 17:17:06 | 01,293,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsound3d.dll
[2009/12/20 17:17:06 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dsprop.dll
[2009/12/20 17:17:06 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dssenh.dll
[2009/12/20 17:17:06 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dswave.dll
[2009/12/20 17:17:05 | 00,304,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\duser.dll
[2009/12/20 17:17:04 | 01,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx8vb.dll
[2009/12/20 17:17:04 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx7vb.dll
[2009/12/20 17:17:04 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2009/12/20 17:17:04 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2009/12/20 17:17:03 | 01,298,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2009/12/20 17:17:03 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/12/20 17:17:03 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/12/20 17:17:03 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\els.dll
[2009/12/20 17:17:02 | 01,082,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\esent.dll
[2009/12/20 17:17:02 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2009/12/20 17:17:02 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[2009/12/20 17:17:01 | 00,380,445 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\expsrv.dll
[2009/12/20 17:17:01 | 00,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\filemgmt.dll
[2009/12/20 17:17:01 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exts.dll
[2009/12/20 17:17:01 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntagnt.dll
[2009/12/20 17:17:01 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntwin.exe
[2009/12/20 17:17:01 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faultrep.dll
[2009/12/20 17:17:01 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2009/12/20 17:17:01 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\evntcmd.exe
[2009/12/20 17:17:01 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\feclient.dll
[2009/12/20 17:17:00 | 00,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsapi.dll
[2009/12/20 17:17:00 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fldrclnr.dll
[2009/12/20 17:17:00 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/12/20 17:17:00 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2009/12/20 17:17:00 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2009/12/20 17:17:00 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\framebuf.dll
[2009/12/20 17:17:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2009/12/20 17:16:59 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsst.dll
[2009/12/20 17:16:59 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscomex.dll
[2009/12/20 17:16:59 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscover.exe
[2009/12/20 17:16:59 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsclnt.exe
[2009/12/20 17:16:59 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxscom.dll
[2009/12/20 17:16:59 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsevent.dll
[2009/12/20 17:16:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsdrv.dll
[2009/12/20 17:16:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsmon.dll
[2009/12/20 17:16:59 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsext32.dll
[2009/12/20 17:16:59 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsperf.dll
[2009/12/20 17:16:59 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsres.dll
[2009/12/20 17:16:58 | 00,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsxp32.dll
[2009/12/20 17:16:58 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxstiff.dll
[2009/12/20 17:16:58 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxst30.dll
[2009/12/20 17:16:58 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxswzrd.dll
[2009/12/20 17:16:58 | 00,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fxsui.dll
[2009/12/20 17:16:57 | 00,614,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323msp.dll
[2009/12/20 17:16:57 | 00,265,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\h323.tsp
[2009/12/20 17:16:57 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\glu32.dll
[2009/12/20 17:16:57 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009/12/20 17:16:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpkrsrc.dll
[2009/12/20 17:16:56 | 00,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhctrl.ocx
[2009/12/20 17:16:56 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetcfg.dll
[2009/12/20 17:16:56 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hdwwiz.cpl
[2009/12/20 17:16:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlink.dll
[2009/12/20 17:16:56 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hhsetup.dll
[2009/12/20 17:16:56 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidphone.tsp
[2009/12/20 17:16:56 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hid.dll
[2009/12/20 17:16:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2009/12/20 17:16:55 | 00,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetwiz.dll
[2009/12/20 17:16:54 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hotplug.dll
[2009/12/20 17:16:54 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\htui.dll
[2009/12/20 17:16:54 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hostmib.dll
[2009/12/20 17:16:53 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/12/20 17:16:52 | 00,702,845 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\i81xdnt5.dll
[2009/12/20 17:16:52 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/12/20 17:16:52 | 00,254,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icm32.dll
[2009/12/20 17:16:52 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/12/20 17:16:52 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/20 17:16:52 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/20 17:16:52 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ifmon.dll
[2009/12/20 17:16:52 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/12/20 17:16:52 | 00,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\idq.dll
[2009/12/20 17:16:52 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iasrad.dll
[2009/12/20 17:16:52 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2009/12/20 17:16:52 | 00,080,384 | ---- | C] (Radius Inc.) -- C:\WINDOWS\System32\iccvid.dll
[2009/12/20 17:16:52 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/12/20 17:16:52 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/12/20 17:16:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/12/20 17:16:52 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/12/20 17:16:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/12/20 17:16:52 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icmp.dll
[2009/12/20 17:16:51 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/12/20 17:16:51 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/12/20 17:16:51 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\initpki.dll
[2009/12/20 17:16:51 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\intl.cpl
[2009/12/20 17:16:51 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\input.dll
[2009/12/20 17:16:51 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/12/20 17:16:51 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/12/20 17:16:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetpp.dll
[2009/12/20 17:16:51 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/12/20 17:16:51 | 00,036,921 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imeshare.dll
[2009/12/20 17:16:51 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/12/20 17:16:51 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetmib1.dll
[2009/12/20 17:16:51 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetppui.dll
[2009/12/20 17:16:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\igmpagnt.dll
[2009/12/20 17:16:50 | 00,384,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsmsnap.dll
[2009/12/20 17:16:50 | 00,349,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsecsnp.dll
[2009/12/20 17:16:50 | 00,330,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ippromon.dll
[2009/12/20 17:16:50 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iprtrmgr.dll
[2009/12/20 17:16:50 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipmontr.dll
[2009/12/20 17:16:50 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\itircl.dll
[2009/12/20 17:16:50 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iphlpapi.dll
[2009/12/20 17:16:50 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/12/20 17:16:50 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6mon.dll
[2009/12/20 17:16:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2009/12/20 17:16:50 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ixsso.dll
[2009/12/20 17:16:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2009/12/20 17:16:50 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/12/20 17:16:50 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2009/12/20 17:16:50 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxwan.dll
[2009/12/20 17:16:50 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconf.tsp
[2009/12/20 17:16:50 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2009/12/20 17:16:49 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/20 17:16:49 | 00,423,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licdll.dll
[2009/12/20 17:16:49 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2009/12/20 17:16:49 | 00,163,840 | ---- | C] (America Online) -- C:\WINDOWS\System32\jgdw400.dll
[2009/12/20 17:16:49 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\keymgr.dll
[2009/12/20 17:16:49 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/12/20 17:16:49 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2009/12/20 17:16:49 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\joy.cpl
[2009/12/20 17:16:49 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2009/12/20 17:16:49 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/12/20 17:16:49 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/12/20 17:16:49 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2009/12/20 17:16:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmddsp.tsp
[2009/12/20 17:16:49 | 00,027,648 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\jgpl400.dll
[2009/12/20 17:16:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/20 17:16:49 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kd1394.dll
[2009/12/20 17:16:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec.dll
[2009/12/20 17:16:49 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/12/20 17:16:48 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localsec.dll
[2009/12/20 17:16:48 | 00,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2009/12/20 17:16:48 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdminst.dll
[2009/12/20 17:16:48 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\loadperf.dll
[2009/12/20 17:16:48 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciavi32.dll
[2009/12/20 17:16:48 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009/12/20 17:16:48 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2009/12/20 17:16:48 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mf3216.dll
[2009/12/20 17:16:48 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lmmib2.dll
[2009/12/20 17:16:48 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciwave.dll
[2009/12/20 17:16:48 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mciseq.dll
[2009/12/20 17:16:48 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\linkinfo.dll
[2009/12/20 17:16:48 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mcastmib.dll
[2009/12/20 17:16:48 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localui.dll
[2009/12/20 17:16:48 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lprhelp.dll
[2009/12/20 17:16:47 | 01,872,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcndmgr.dll
[2009/12/20 17:16:47 | 01,414,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2009/12/20 17:16:47 | 01,028,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2009/12/20 17:16:47 | 00,981,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2009/12/20 17:16:47 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2009/12/20 17:16:47 | 00,586,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mlang.dll
[2009/12/20 17:16:47 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcbase.dll
[2009/12/20 17:16:47 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miglibnt.dll
[2009/12/20 17:16:47 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/12/20 17:16:47 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mimefilt.dll
[2009/12/20 17:16:47 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcsubs.dll
[2009/12/20 17:16:47 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/12/20 17:16:46 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4ds32.ax
[2009/12/20 17:16:46 | 00,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpg4dmod.dll
[2009/12/20 17:16:46 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msadds32.ax
[2009/12/20 17:16:46 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\moricons.dll
[2009/12/20 17:16:46 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\modemui.dll
[2009/12/20 17:16:46 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdart.dll
[2009/12/20 17:16:46 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
[2009/12/20 17:16:46 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/12/20 17:16:46 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mprapi.dll
[2009/12/20 17:16:46 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscms.dll
[2009/12/20 17:16:46 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msacm32.dll
[2009/12/20 17:16:46 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/12/20 17:16:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfp.dll
[2009/12/20 17:16:46 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscpxl32.dll
[2009/12/20 17:16:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\more.com
[2009/12/20 17:16:46 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdatsrc.tlb
[2009/12/20 17:16:46 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscpx32r.dll
[2009/12/20 17:16:46 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msafd.dll
[2009/12/20 17:16:45 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/12/20 17:16:45 | 00,518,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexch40.dll
[2009/12/20 17:16:45 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/12/20 17:16:45 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/12/20 17:16:45 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/12/20 17:16:43 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/12/20 17:16:43 | 00,997,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msgina.dll
[2009/12/20 17:16:43 | 00,326,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msexcl40.dll
[2009/12/20 17:16:42 | 02,843,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
[2009/12/20 17:16:42 | 00,884,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimsg.dll
[2009/12/20 17:16:42 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msihnd.dll
[2009/12/20 17:16:42 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimtf.dll
[2009/12/20 17:16:42 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msident.dll
[2009/12/20 17:16:42 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/12/20 17:16:42 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msisip.dll
[2009/12/20 17:16:42 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msidle.dll
[2009/12/20 17:16:41 | 01,516,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet40.dll
[2009/12/20 17:16:41 | 00,355,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspbde40.dll
[2009/12/20 17:16:41 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/20 17:16:41 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/12/20 17:16:41 | 00,248,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjtes40.dll
[2009/12/20 17:16:41 | 00,219,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msltus40.dll
[2009/12/20 17:16:41 | 00,151,583 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjint40.dll
[2009/12/20 17:16:41 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msorcl32.dll
[2009/12/20 17:16:41 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/12/20 17:16:41 | 00,060,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjter40.dll
[2009/12/20 17:16:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msprivs.dll
[2009/12/20 17:16:41 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspatcha.dll
[2009/12/20 17:16:41 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msorc32r.dll
[2009/12/20 17:16:40 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/12/20 17:16:40 | 00,559,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl40.dll
[2009/12/20 17:16:40 | 00,432,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x40.dll
[2009/12/20 17:16:40 | 00,322,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd3x40.dll
[2009/12/20 17:16:40 | 00,264,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstext40.dll
[2009/12/20 17:16:40 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/12/20 17:16:40 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
[2009/12/20 17:16:40 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msscds32.ax
[2009/12/20 17:16:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/12/20 17:16:39 | 01,384,479 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvbvm60.dll
[2009/12/20 17:16:39 | 00,838,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswdat10.dll
[2009/12/20 17:16:39 | 00,621,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswstr10.dll
[2009/12/20 17:16:39 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp60.dll
[2009/12/20 17:16:39 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/12/20 17:16:39 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msutb.dll
[2009/12/20 17:16:39 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvfw32.dll
[2009/12/20 17:16:39 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstlsapi.dll
[2009/12/20 17:16:39 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msw3prt.dll
[2009/12/20 17:16:39 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt40.dll
[2009/12/20 17:16:39 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcirt.dll
[2009/12/20 17:16:38 | 00,701,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml2.dll
[2009/12/20 17:16:38 | 00,622,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netcfgx.dll
[2009/12/20 17:16:38 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml.dll
[2009/12/20 17:16:38 | 00,355,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxbde40.dll
[2009/12/20 17:16:38 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2009/12/20 17:16:38 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/12/20 17:16:38 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxclu.dll
[2009/12/20 17:16:38 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ndptsp.tsp
[2009/12/20 17:16:38 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2009/12/20 17:16:38 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2009/12/20 17:16:38 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ncobjapi.dll
[2009/12/20 17:16:38 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/12/20 17:16:38 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/12/20 17:16:38 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddenb32.dll
[2009/12/20 17:16:38 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapi.dll
[2009/12/20 17:16:38 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2009/12/20 17:16:38 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/12/20 17:16:37 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
[2009/12/20 17:16:37 | 00,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2009/12/20 17:16:37 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\newdev.dll
[2009/12/20 17:16:37 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netui1.dll
[2009/12/20 17:16:37 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netid.dll
[2009/12/20 17:16:37 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nlhtml.dll
[2009/12/20 17:16:37 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2009/12/20 17:16:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netui0.dll
[2009/12/20 17:16:37 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\npptools.dll
[2009/12/20 17:16:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlanman.dll
[2009/12/20 17:16:37 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmsapi.dll
[2009/12/20 17:16:37 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2009/12/20 17:16:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/12/20 17:16:37 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netrap.dll
[2009/12/20 17:16:36 | 00,488,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmsmgr.dll
[2009/12/20 17:16:36 | 00,286,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\objsel.dll
[2009/12/20 17:16:36 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oakley.dll
[2009/12/20 17:16:36 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nusrmgr.cpl
[2009/12/20 17:16:36 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32.dll
[2009/12/20 17:16:36 | 00,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntmsdba.dll
[2009/12/20 17:16:36 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.dll
[2009/12/20 17:16:36 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccp32.dll
[2009/12/20 17:16:36 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcint.dll
[2009/12/20 17:16:36 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2009/12/20 17:16:36 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ocmanage.dll
[2009/12/20 17:16:36 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccu32.dll
[2009/12/20 17:16:36 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccr32.dll
[2009/12/20 17:16:36 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbccp32.cpl
[2009/12/20 17:16:36 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009/12/20 17:16:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcbcp.dll
[2009/12/20 17:16:36 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbc32gt.dll
[2009/12/20 17:16:36 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdmd.dll
[2009/12/20 17:16:35 | 00,713,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\opengl32.dll
[2009/12/20 17:16:35 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcjt32.dll
[2009/12/20 17:16:35 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\offfilt.dll
[2009/12/20 17:16:35 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbctrac.dll
[2009/12/20 17:16:35 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oledlg.dll
[2009/12/20 17:16:35 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleprn.dll
[2009/12/20 17:16:35 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecli32.dll
[2009/12/20 17:16:35 | 00,053,279 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcji32.dll
[2009/12/20 17:16:35 | 00,020,511 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odtext32.dll
[2009/12/20 17:16:35 | 00,020,511 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oddbse32.dll
[2009/12/20 17:16:35 | 00,020,510 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odpdx32.dll
[2009/12/20 17:16:35 | 00,020,510 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odfox32.dll
[2009/12/20 17:16:35 | 00,020,510 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odexl32.dll
[2009/12/20 17:16:35 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcp32r.dll
[2009/12/20 17:16:33 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pdh.dll
[2009/12/20 17:16:33 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009/12/20 17:16:33 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.cpl
[2009/12/20 17:16:33 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\polstore.dll
[2009/12/20 17:16:33 | 00,081,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\proctexe.ocx
[2009/12/20 17:16:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pautoenr.dll
[2009/12/20 17:16:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.dll
[2009/12/20 17:16:33 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2009/12/20 17:16:33 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/12/20 17:16:33 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pid.dll
[2009/12/20 17:16:33 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfproc.dll
[2009/12/20 17:16:33 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\profmap.dll
[2009/12/20 17:16:33 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfdisk.dll
[2009/12/20 17:16:33 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfos.dll
[2009/12/20 17:16:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2009/12/20 17:16:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfnet.dll
[2009/12/20 17:16:33 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powrprof.dll
[2009/12/20 17:16:33 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2009/12/20 17:16:33 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pjlmon.dll
[2009/12/20 17:16:32 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2009/12/20 17:16:32 | 00,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psbase.dll
[2009/12/20 17:16:32 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/12/20 17:16:32 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pstorec.dll
[2009/12/20 17:16:32 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pstorsvc.dll
[2009/12/20 17:16:32 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/12/20 17:16:32 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/12/20 17:16:31 | 01,435,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\query.dll
[2009/12/20 17:16:31 | 00,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasppp.dll
[2009/12/20 17:16:31 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastls.dll
[2009/12/20 17:16:31 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/12/20 17:16:31 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcbdyctl.dll
[2009/12/20 17:16:31 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/12/20 17:16:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\raschap.dll
[2009/12/20 17:16:31 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/12/20 17:16:31 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/12/20 17:16:31 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2009/12/20 17:16:31 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2009/12/20 17:16:31 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/12/20 17:16:31 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2009/12/20 17:16:31 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2009/12/20 17:16:31 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/12/20 17:16:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rassapi.dll
[2009/12/20 17:16:31 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/12/20 17:16:31 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasadhlp.dll
[2009/12/20 17:16:30 | 00,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\riched20.dll
[2009/12/20 17:16:30 | 00,397,824 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\regwizc.dll
[2009/12/20 17:16:30 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
[2009/12/20 17:16:30 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2009/12/20 17:16:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotesp.tsp
[2009/12/20 17:16:30 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\resutils.dll
[2009/12/20 17:16:30 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regapi.dll
[2009/12/20 17:16:30 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtutils.dll
[2009/12/20 17:16:30 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rtipxmib.dll
[2009/12/20 17:16:30 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmps.dll
[2009/12/20 17:16:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2009/12/20 17:16:30 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2009/12/20 17:16:30 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2009/12/20 17:16:30 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2009/12/20 17:16:29 | 00,314,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scesrv.dll
[2009/12/20 17:16:29 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[2009/12/20 17:16:29 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scrobj.dll
[2009/12/20 17:16:29 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sccsccp.dll
[2009/12/20 17:16:29 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2009/12/20 17:16:29 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scarddlg.dll
[2009/12/20 17:16:29 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/12/20 17:16:29 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/12/20 17:16:29 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/12/20 17:16:29 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2009/12/20 17:16:28 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sendcmsg.dll
[2009/12/20 17:16:28 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\security.dll
[2009/12/20 17:16:27 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfcfiles.dll
[2009/12/20 17:16:27 | 00,549,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdoclc.dll
[2009/12/20 17:16:27 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
[2009/12/20 17:16:27 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shgina.dll
[2009/12/20 17:16:27 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shimeng.dll
[2009/12/20 17:16:27 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/12/20 17:16:27 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2009/12/20 17:16:27 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shfolder.dll
[2009/12/20 17:16:27 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/12/20 17:16:27 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sensapi.dll
[2009/12/20 17:16:27 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.dll
[2009/12/20 17:16:26 | 00,362,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogcfg.dll
[2009/12/20 17:16:26 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpsnap.dll
[2009/12/20 17:16:26 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/12/20 17:16:26 | 00,098,304 | ---- | C] (Schlumberger Technology Corporation) -- C:\WINDOWS\System32\slbiop.dll
[2009/12/20 17:16:26 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2009/12/20 17:16:26 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2009/12/20 17:16:26 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2009/12/20 17:16:26 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2009/12/20 17:16:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
[2009/12/20 17:16:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2009/12/20 17:16:26 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2009/12/20 17:16:26 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2009/12/20 17:16:26 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpapi.dll
[2009/12/20 17:16:26 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\simpdata.tlb
[2009/12/20 17:16:26 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sigtab.dll
[2009/12/20 17:16:26 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snmpmib.dll
[2009/12/20 17:16:25 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2009/12/20 17:16:25 | 00,610,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2009/12/20 17:16:25 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/12/20 17:16:25 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.dll
[2009/12/20 17:16:25 | 00,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2009/12/20 17:16:25 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/12/20 17:16:25 | 00,180,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlunirl.dll
[2009/12/20 17:16:25 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2009/12/20 17:16:25 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spoolss.dll
[2009/12/20 17:16:25 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2009/12/20 17:16:25 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssdpapi.dll
[2009/12/20 17:16:25 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2009/12/20 17:16:25 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2009/12/20 17:16:25 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2009/12/20 17:16:25 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2009/12/20 17:16:24 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2009/12/20 17:16:24 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sti_ci.dll
[2009/12/20 17:16:24 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sti.dll
[2009/12/20 17:16:24 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/12/20 17:16:24 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdole2.tlb
[2009/12/20 17:16:23 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2009/12/20 17:16:22 | 00,858,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi3.dll
[2009/12/20 17:16:22 | 00,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sxs.dll
[2009/12/20 17:16:22 | 00,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termmgr.dll
[2009/12/20 17:16:22 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysmon.ocx
[2009/12/20 17:16:22 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi32.dll
[2009/12/20 17:16:22 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/12/20 17:16:22 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2009/12/20 17:16:22 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2009/12/20 17:16:22 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/12/20 17:16:22 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\synceng.dll
[2009/12/20 17:16:22 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmon.dll
[2009/12/20 17:16:22 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmib.dll
[2009/12/20 17:16:21 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2009/12/20 17:16:21 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdm.tsp
[2009/12/20 17:16:21 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\upnp.dll
[2009/12/20 17:16:21 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\txflog.dll
[2009/12/20 17:16:21 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\timedate.cpl
[2009/12/20 17:16:21 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/12/20 17:16:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unimdmat.dll
[2009/12/20 17:16:21 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\umandlg.dll
[2009/12/20 17:16:21 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\udhisapi.dll
[2009/12/20 17:16:21 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2009/12/20 17:16:21 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniplat.dll
[2009/12/20 17:16:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tree.com
[2009/12/20 17:16:21 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2009/12/20 17:16:21 | 00,012,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsddd.dll
[2009/12/20 17:16:20 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/12/20 17:16:20 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/12/20 17:16:20 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/12/20 17:16:20 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2009/12/20 17:16:20 | 00,042,496 | ---- | C] (user) -- C:\WINDOWS\mosent32.dll
[2009/12/20 17:16:20 | 00,030,749 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbajet32.dll
[2009/12/20 17:16:20 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbisurf.ax
[2009/12/20 17:16:20 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbmon.dll
[2009/12/20 17:16:19 | 00,463,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiadefui.dll
[2009/12/20 17:16:19 | 00,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2009/12/20 17:16:19 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wavemsp.dll
[2009/12/20 17:16:19 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\webvw.dll
[2009/12/20 17:16:19 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2009/12/20 17:16:19 | 00,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmredir.dll
[2009/12/20 17:16:19 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.dll
[2009/12/20 17:16:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vdmdbg.dll
[2009/12/20 17:16:19 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\watchdog.sys
[2009/12/20 17:16:18 | 00,756,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winntbbu.dll
[2009/12/20 17:16:18 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsrv.dll
[2009/12/20 17:16:18 | 00,124,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiadss.dll
[2009/12/20 17:16:18 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiavideo.dll
[2009/12/20 17:16:18 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winscard.dll
[2009/12/20 17:16:18 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsta.dll
[2009/12/20 17:16:18 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winipsec.dll
[2009/12/20 17:16:17 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmstream.dll
[2009/12/20 17:16:17 | 00,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmv8ds32.ax
[2009/12/20 17:16:17 | 00,264,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wow32.dll
[2009/12/20 17:16:17 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvds32.ax
[2009/12/20 17:16:17 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshom.ocx
[2009/12/20 17:16:17 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe.dll
[2009/12/20 17:16:17 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshcon.dll
[2009/12/20 17:16:17 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2009/12/20 17:16:17 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wship6.dll
[2009/12/20 17:16:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshrm.dll
[2009/12/20 17:16:17 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2009/12/20 17:16:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmi.dll
[2009/12/20 17:16:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2009/12/20 17:16:16 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcdlg.dll
[2009/12/20 17:16:16 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactsrv.dll
[2009/12/20 17:16:16 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wzcsapi.dll
[2009/12/20 17:16:16 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wstdecod.dll
[2009/12/20 17:16:16 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsnmp32.dll
[2009/12/20 17:16:16 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xcopy.exe
[2009/12/20 17:16:16 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wsock32.dll
[2009/12/20 17:16:16 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshtcpip.dll
[2009/12/20 17:16:16 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wtsapi32.dll
[2009/12/20 17:16:16 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/12/20 17:16:15 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\autoconv.exe
[2009/12/20 17:16:15 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/12/20 17:16:15 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\desk.cpl
[2009/12/20 17:16:15 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2009/12/20 17:16:15 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/20 17:16:15 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\format.com
[2009/12/20 17:16:15 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2009/12/20 17:16:14 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lsasrv.dll
[2009/12/20 17:16:14 | 00,420,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2009/12/20 17:16:14 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2009/12/20 17:16:14 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2009/12/20 17:16:14 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nwprovau.dll
[2009/12/20 17:16:14 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntprint.dll
[2009/12/20 17:16:14 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2009/12/20 17:16:14 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perfctrs.dll
[2009/12/20 17:16:14 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2009/12/20 17:16:14 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mgmtapi.dll
[2009/12/20 17:16:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlsapi.dll
[2009/12/20 17:16:12 | 00,658,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdlg.dll
[2009/12/20 17:16:12 | 00,415,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\samsrv.dll
[2009/12/20 17:16:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2009/12/20 17:16:12 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rastapi.dll
[2009/12/20 17:16:12 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2009/12/20 17:16:11 | 00,990,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\syssetup.dll
[2009/12/20 17:16:11 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\untfs.dll
[2009/12/20 17:16:11 | 00,275,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ulib.dll
[2009/12/20 17:16:11 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpmonui.dll
[2009/12/20 17:16:10 | 01,850,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2009/12/20 17:16:10 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/12/20 17:16:10 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2009/12/20 17:16:10 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\win32spl.dll
[2009/12/20 17:16:10 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atmlane.sys
[2009/12/20 17:16:10 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amdk6.sys
[2009/12/20 17:16:09 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ks.sys
[2009/12/20 17:16:09 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dxg.sys
[2009/12/20 17:16:09 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/12/20 17:16:09 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gckernel.sys
[2009/12/20 17:16:09 | 00,049,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\classpnp.sys
[2009/12/20 17:16:09 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2009/12/20 17:16:09 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2009/12/20 17:16:09 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\diskdump.sys
[2009/12/20 17:16:09 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2009/12/20 17:16:08 | 00,063,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mf.sys
[2009/12/20 17:16:08 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009/12/20 17:16:08 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2009/12/20 17:16:07 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rmcast.sys
[2009/12/20 17:16:07 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/12/20 17:16:07 | 00,088,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nwlnkipx.sys
[2009/12/20 17:16:07 | 00,040,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nmnt.sys
[2009/12/20 17:16:07 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\pciidex.sys
[2009/12/20 17:16:06 | 00,225,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2009/12/20 17:16:06 | 00,096,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\scsiport.sys
[2009/12/20 17:16:06 | 00,049,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\stream.sys
[2009/12/20 17:16:06 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismp.sys
[2009/12/20 17:16:06 | 00,025,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sonydcam.sys
[2009/12/20 17:16:06 | 00,020,480 | ---- | C] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/12/20 17:16:06 | 00,019,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdi.sys
[2009/12/20 17:16:06 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tape.sys
[2009/12/20 17:16:05 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2009/12/20 17:16:05 | 00,081,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\videoprt.sys
[2009/12/20 17:16:05 | 00,025,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd2.sys
[2009/12/20 17:16:05 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbcamd.sys
[2009/12/20 17:16:05 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbintel.sys
[2009/12/20 17:16:05 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023.sys
[2009/12/20 17:16:04 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2009/12/20 17:16:04 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/12/20 17:16:04 | 00,131,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\HAL.DLL
[2009/12/20 15:51:33 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/12/20 15:51:20 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/12/20 15:51:04 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/12/20 15:51:03 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/12/20 15:50:44 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/12/20 15:50:14 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/12/20 15:50:05 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/12/20 15:50:02 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/12/20 15:50:00 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/12/20 15:49:57 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/12/20 15:49:56 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/12/20 15:49:52 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/12/20 15:49:46 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/12/20 15:49:17 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/12/20 15:49:17 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/12/20 15:49:17 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/12/20 15:49:14 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2009/12/20 15:49:14 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/12/20 15:49:13 | 01,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/12/20 15:49:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/12/20 15:49:06 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/12/20 15:48:20 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/12/20 15:48:19 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/12/20 15:48:19 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/12/20 15:48:19 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/12/20 15:47:47 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/12/20 15:47:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/12/20 15:47:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/12/20 15:47:42 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/12/20 15:47:41 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/12/20 15:46:42 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2009/12/20 15:46:25 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/12/20 15:46:25 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/12/20 15:46:25 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/12/20 15:46:25 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/12/20 15:46:25 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/12/20 15:46:24 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/12/20 15:46:24 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/12/20 15:46:15 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/12/20 15:46:15 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/12/20 15:46:15 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/12/20 15:46:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/12/20 15:46:15 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/12/20 15:46:15 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/12/20 15:46:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/12/20 15:46:09 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/12/20 15:45:45 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/12/20 15:45:44 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/12/20 15:45:20 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/12/20 15:04:23 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/20 15:01:50 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/12/20 15:01:45 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/20 15:01:43 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/20 15:01:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/20 14:59:44 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/12/20 14:59:41 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/20 14:59:36 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/20 14:59:33 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/12/20 14:58:45 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/20 14:55:43 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/12/20 14:53:21 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/20 14:53:06 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/12/20 14:42:08 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/12/20 14:42:02 | 00,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2009/12/20 14:41:59 | 00,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2009/12/20 14:41:59 | 00,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2009/12/20 14:41:59 | 00,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2004/12/30 08:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2004/12/30 08:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help

========== Files - Modified Within 30 Days ==========

[2010/01/08 20:59:23 | 00,000,662 | ---- | M] () -- C:\Documents and Settings\ClaudeandValerie\Desktop\Shortcut to OTL.lnk
[2010/01/08 20:26:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/01/08 20:25:06 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/01/08 20:24:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/08 20:24:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/01/08 20:24:41 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/08 20:23:59 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\ClaudeandValerie\ntuser.dat
[2010/01/08 20:23:49 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\ClaudeandValerie\NTUSER.INI
[2010/01/08 20:23:32 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2009/12/22 20:09:00 | 00,670,072 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\ClaudeandValerie\Desktop\autoruns.exe
[2009/12/22 20:09:00 | 00,559,992 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\ClaudeandValerie\Desktop\autorunsc.exe
[2009/12/22 20:09:00 | 00,048,904 | ---- | M] () -- C:\Documents and Settings\ClaudeandValerie\Desktop\autoruns.chm
[2009/12/22 13:01:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/22 12:58:07 | 02,802,882 | -H-- | M] () -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\IconCache.db
[2009/12/22 07:02:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/22 06:18:36 | 00,000,139 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2009/12/21 18:30:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/21 15:30:56 | 00,000,708 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/21 15:30:56 | 00,000,306 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/12/21 15:30:56 | 00,000,210 | RHS- | M] () -- C:\BOOT.INI
[2009/12/21 12:42:32 | 00,000,923 | ---- | M] () -- C:\WINDOWS\JUNO.INI
[2009/12/20 21:40:19 | 00,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Tab Change.lnk
[2009/12/20 21:16:49 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/20 20:56:09 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/20 20:56:03 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/20 20:26:43 | 00,306,990 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/12/20 20:26:43 | 00,038,636 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/12/20 20:26:41 | 00,349,342 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/20 20:24:44 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/12/20 20:23:24 | 00,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/20 19:07:46 | 00,250,048 | ---- | M] () -- C:\ntldr
[2009/12/20 18:30:29 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/12/20 18:30:29 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/12/20 15:42:01 | 00,000,282 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job

========== Files Created - No Company Name ==========

[2010/01/08 20:59:23 | 00,000,662 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Desktop\Shortcut to OTL.lnk
[2009/12/22 07:02:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 21:40:19 | 00,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Tab Change.lnk
[2009/12/20 21:16:49 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/20 20:56:09 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/12/20 17:20:45 | 00,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2009/12/20 17:20:42 | 00,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2009/12/20 17:20:32 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2009/12/20 17:19:59 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2009/12/20 17:17:14 | 00,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/12/20 17:16:46 | 00,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2009/12/20 17:16:45 | 00,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2009/12/20 17:16:45 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2009/12/20 17:16:36 | 00,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2009/12/20 17:16:32 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/12/20 17:16:32 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2009/12/20 17:16:15 | 00,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2009/12/20 17:16:11 | 00,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2009/12/20 17:16:05 | 00,250,048 | ---- | C] () -- C:\ntldr
[2009/12/20 15:47:07 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2006/07/04 07:48:58 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\AWLL5025.dll
[2006/07/04 07:48:56 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/02/08 21:36:46 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\FASTWiz.log
[2005/01/02 10:48:43 | 00,000,128 | ---- | C] () -- C:\WINDOWS\TaxACT04.ini
[2004/08/08 20:12:31 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/04 04:05:41 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/07/04 02:00:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2004/05/17 07:16:58 | 00,000,062 | ---- | C] () -- C:\WINDOWS\einit.ini
[2004/05/17 07:10:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/04/09 23:00:13 | 00,000,326 | ---- | C] () -- C:\WINDOWS\alchem.ini
[2004/04/09 08:22:48 | 00,282,917 | ---- | C] () -- C:\WINDOWS\twaintec.ini
[2004/04/09 06:57:27 | 00,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/07 00:13:40 | 00,000,130 | ---- | C] () -- C:\WINDOWS\TaxACT03.ini
[2003/10/07 09:59:43 | 00,163,840 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Application Data\fontdb.mdb
[2003/07/27 09:16:38 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/07/27 08:31:48 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/07/27 08:31:48 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/07/27 08:31:47 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/07/27 08:24:29 | 00,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2003/07/27 08:24:29 | 00,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2003/07/27 08:22:10 | 00,000,139 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/07/18 11:34:13 | 00,000,127 | ---- | C] () -- C:\WINDOWS\nawca.INI
[2003/07/17 10:15:05 | 00,000,923 | ---- | C] () -- C:\WINDOWS\JUNO.INI
[2003/07/13 23:07:29 | 00,000,023 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2003/07/13 23:07:29 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2003/07/13 23:07:29 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2003/07/13 00:11:01 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/07/12 17:36:02 | 00,002,048 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Application Data\user60.rdb
[2003/07/12 17:33:46 | 00,000,083 | ---- | C] () -- C:\Documents and Settings\ClaudeandValerie\Application Data\sversion.ini
[2003/07/09 20:00:06 | 00,000,765 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2003/07/09 20:00:06 | 00,000,072 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/07/09 16:25:12 | 00,001,197 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/07/09 14:51:28 | 00,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2003/07/09 14:48:39 | 00,114,738 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2003/07/09 14:48:39 | 00,046,700 | ---- | C] () -- C:\WINDOWS\System32\pdfmon.dll
[2003/07/09 14:23:16 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/06 14:43:18 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2003/07/05 06:52:14 | 00,000,044 | ---- | C] () -- C:\WINDOWS\earthlink.INI
[2003/07/05 06:13:27 | 00,000,034 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2003/06/26 23:11:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/06/26 23:00:15 | 00,000,803 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/06/26 22:57:52 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/06/26 22:52:29 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/06/26 22:25:42 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/12/17 15:10:36 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
< End of report >

#11 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 08 January 2010 - 10:23 PM

Oh joy Oh joy,
I'm getting legitimate search results again. Also I typed bleepingcomputer.com into my address bar and 'voila' you are no longer for sale!
Thank you SOOOO much for your help Myrti. We seem to have stomped on my 'bug'.

Claude

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:37 AM

Posted 09 January 2010 - 07:30 AM

Hi,

your logs are looking good! :(

Just to be safe that there isn't anything lingering, I would like you to run the following to scans:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 09 January 2010 - 02:55 PM

Still getting rid of junk:



Malwarebytes' Anti-Malware 1.44
Database version: 3527
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/9/2010 12:24:44 PM
mbam-log-2010-01-09 (12-24-44).txt

Scan type: Quick Scan
Objects scanned: 124472
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\mosent32.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.




AND ESEPscan:


C:\My Downloads\marinefree.exe Win32/Adware.NdotNet application deleted - quarantined
C:\My Downloads\Spedia.exe probably a variant of Win32/Adware.Agent application cleaned by deleting - quarantined
C:\Program Files\NavExcel\NavHelper\v2.0.4d\v2.0.4d.cab Win32/Adware.NavExcel application deleted - quarantined
C:\_OTL\MovedFiles\01082010_202238\C_WINDOWS\System32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined


Thanks Myrti

Edited by myeasybucks, 09 January 2010 - 02:57 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:37 AM

Posted 09 January 2010 - 04:39 PM

Hi,

those are left overs from infection that are no longer active. How is your PC doing?

Your Adobe Reader is out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myeasybucks

myeasybucks
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 09 January 2010 - 04:57 PM

PC is doing great. Thank you for the help.

I'll take care of that adobe reader right now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users