Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

freezeing/black when right click


  • This topic is locked This topic is locked
22 replies to this topic

#1 insaniak

insaniak

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 17 January 2010 - 04:45 PM

My comp randomly freezes everytime on on it and my svchost.exe's ar taking up 50-70k of memory this is not normal I know that. have ran Kaspersky scan/combofix and malewarebytes antimaleware to try and fix this, but nothing. Please help. ark file is in the post after DDS I could not attach says I used up all space.

Thank you

DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Kyle at 13:06:08.89 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1254 [GMT -8:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kyle\Local Settings\Temporary Internet Files\Content.IE5\A61Y752O\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.msn.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [IBP]
uRun: [AOL Fast Start] "c:\program files\aol 9.5a\AOL.EXE" -b
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HostManager] c:\program files\common files\aol\1240792393\ee\AOLSoftware.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [VolPanel] "c:\program files\creative\volume panel\VolPanlu.exe" /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SBAMTray] c:\program files\sunbelt software\counterspy\SBAMTray.exe
StartupFolder: c:\docume~1\kyle\startm~1\programs\startup\gigatr~1.lnk - c:\program files\gigatribe\gigatribe.exe
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-explorer: NoPrinters = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
uPolicies-explorer: NoChangeAnimation = 0 (0x0)
uPolicies-system: NoSecCpl = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
LSP: c:\windows\system32\HMIPCore.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240775643447
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 72.167.174.84 www.micronichefinder.com
================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kyle\applic~1\mozilla\firefox\profiles\05ynilll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\kyle\application data\mozilla\firefox\profiles\05ynilll.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false);FF - user.js: protocol-handler.warn-external.dnUpdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-5-24 128016]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-10 150568]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-26 296976]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-22 92464]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2002-9-3 14336]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-19 12672]
R3 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-5-25 303376]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip 2009\HideMyIpSrv.exe [2010-1-15 2396464]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-5-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R4 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys --> c:\windows\system32\drivers\sbaphd.sys [?]
R4 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys --> c:\windows\system32\drivers\sbapifs.sys [?]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\shldrv51.sys --> c:\windows\system32\drivers\ShlDrv51.sys [?]
S2 FlexService;Remote Connections Service;"c:\program files\rapidbit\cisvc.exe" --> c:\program files\rapidbit\cisvc.exe [?]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\pavproc.sys --> c:\windows\system32\drivers\PavProc.sys [?]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2009-3-17 894248]
S3 BCASPROT;Advanced System Protector;c:\program files\systweak\advanced system protector\sasprot32.sys [2009-4-26 6656]
S3 CJELUWGV;CJELUWGV;c:\docume~1\kyle\locals~1\temp\cjeluwgv.exe --> c:\docume~1\kyle\locals~1\temp\CJELUWGV.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-10 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\kyle\locals~1\temp\asb1b.tmp --> c:\docume~1\kyle\locals~1\temp\ASB1B.tmp [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\drivers\gttap1.sys --> c:\windows\system32\drivers\gttap1.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S3 portio32;portio32;c:\windows\system32\drivers\portio32.sys --> c:\windows\system32\drivers\portio32.sys [?]
S3 UVPMOACD;UVPMOACD;c:\docume~1\kyle\locals~1\temp\uvpmoacd.exe --> c:\docume~1\kyle\locals~1\temp\UVPMOACD.exe [?]
S3 vpn-x;VPN-X Virtual Network Interface Card(NIC);c:\windows\system32\drivers\vpn-x.sys [2009-10-22 24960]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-7-4 1858144]
S4 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
S4 gupdate1c9e3f3554e6e32;Google Update Service (gupdate1c9e3f3554e6e32);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" --> c:\program files\common files\panda software\pavshld\pavprsrv.exe [?]

=============== Created Last 30 ================

2010-01-17 10:59:23 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-17 10:59:23 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-17 10:58:19 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-17 10:58:19 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-17 10:58:13 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-01-17 10:58:13 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-01-17 06:49:25 0 d-----w- c:\docume~1\kyle\applic~1\Sunbelt
2010-01-17 06:46:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-17 00:56:37 0 d-----w- c:\program files\LogMeIn Hamachi
2010-01-16 18:41:28 54016 ----a-w- c:\windows\system32\drivers\dntrbqi.sys
2010-01-16 00:18:59 0 d-----w- c:\program files\WinSCP
2010-01-15 21:11:12 38 ----a-w- c:\windows\avisplitter.INI
2010-01-15 21:08:02 200704 ----a-w- c:\windows\system32\HMIPCore.dll
2010-01-15 21:07:42 0 d-----w- c:\program files\Hide My IP 2009
2010-01-15 20:29:09 0 d-----w- c:\docume~1\kyle\applic~1\ubot
2010-01-15 19:43:03 0 d-----w- c:\program files\DupeFree Pro
2010-01-15 18:47:13 0 d-----w- c:\program files\Tube Thumper
2010-01-15 06:19:08 0 d-----w- c:\program files\IBP 11
2010-01-15 03:00:13 0 d-----w- c:\docume~1\kyle\applic~1\IBP
2010-01-14 19:05:15 0 d-----w- c:\program files\FBP - Facebook Blaster Pro
2010-01-14 08:23:23 0 d-----w- c:\program files\Super AlexaBooster
2010-01-14 08:23:23 0 d-----w- c:\documents and settings\all users\Start MenuSuper Alexa Booster site
2010-01-14 08:23:23 0 d-----w- c:\documents and settings\all users\Start MenuSuper-AlexaBooster V1.10
2010-01-14 08:23:23 0 d-----w- c:\documents and settings\all users\Start MenuReadme
2010-01-14 08:23:23 0 d-----w- c:\documents and settings\all users\DesktopSuper Alexa Booster
2010-01-14 08:23:23 0 d-----w- c:\documents and settings\all users\DesktopSuper-AlexaBooster V1.10
2010-01-13 03:51:58 0 d-----w- c:\program files\WinPcap
2010-01-12 10:43:46 64900 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2010-01-12 10:43:46 55020 ----a-w- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2010-01-12 10:43:46 55020 ----a-w- c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2010-01-12 10:43:46 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-01-12 10:43:46 1080 ----a-w- c:\windows\system32\settings.sfm
2010-01-12 10:42:01 766 ----a-r- c:\windows\system32\SBXFi.ico
2010-01-12 10:42:01 3128 ----a-r- c:\windows\system32\XFi.bmp
2010-01-12 10:41:18 86445 ----a-r- c:\windows\system32\instwdm.ini
2010-01-12 10:41:18 191 ----a-r- c:\windows\system32\ctzapxx.ini
2010-01-12 10:41:18 10240 ----a-w- c:\windows\CTDCRES.DLL
2010-01-12 10:10:32 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-12 10:09:45 3304 ------w- C:\bootsqm.dat
2010-01-12 08:45:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Media Center Programs
2010-01-12 08:43:43 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 05:38:07 0 d-----w- c:\docume~1\alluse~1\applic~1\GlobalSCAPE
2010-01-12 05:36:59 0 d-----w- c:\program files\GlobalSCAPE
2010-01-12 02:33:51 0 d-----w- c:\documents and settings\all users\Micro Niche Finder Service
2010-01-12 02:33:51 0 d-----w- c:\documents and settings\all users\Micro Niche Finder
2010-01-12 02:33:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Micro Niche Finder
2010-01-12 02:31:31 0 d-----w- c:\program files\Micro Niche Finder
2010-01-11 23:55:24 0 d-----w- c:\program files\SmartFTP Client
2010-01-10 20:57:22 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-01-10 20:57:10 0 d-----w- c:\program files\OpenAL
2010-01-10 20:53:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2010-01-10 20:52:04 0 d-----w- c:\program files\common files\Creative Labs Shared
2010-01-10 20:42:57 0 d--h--w- c:\windows\PIF
2010-01-10 20:35:06 0 d-----w- c:\windows\system32\Data
2010-01-09 23:06:20 0 d-----w- C:\AMusic
2010-01-09 21:22:30 0 d-----w- C:\temp
2010-01-08 02:56:20 64 ----a-w- c:\documents and settings\kyle\settings.ini
2010-01-07 23:28:17 0 d-----w- c:\program files\LimeWire
2010-01-07 17:10:16 0 d-----w- c:\docume~1\kyle\applic~1\Find Duplicate Files Easily
2010-01-06 04:43:08 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-06 04:43:08 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-06 04:43:08 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-06 04:43:07 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-05 08:53:37 0 d-----w- c:\documents and settings\kyle\Uploads
2010-01-05 08:53:35 0 d-----w- c:\documents and settings\kyle\New Folder
2010-01-05 00:14:03 0 d-----w- c:\documents and settings\kyle\temp
2010-01-01 04:53:59 0 d-----w- c:\docume~1\kyle\applic~1\RegistryDefense
2010-01-01 04:53:47 0 d-----w- c:\program files\Registry Defense
2009-12-22 23:59:32 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-12-22 22:30:00 0 d-----w- c:\docume~1\kyle\applic~1\Dell
2009-12-21 06:36:43 0 d-----w- c:\program files\Perfect World Entertainment
2009-12-21 03:42:04 0 d-----w- c:\docume~1\kyle\applic~1\GetRightToGo

==================== Find3M ====================

2010-01-16 04:45:08 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-16 04:44:59 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-12 10:28:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-12 10:28:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-12 08:44:08 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-08 00:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 22:40:00 47360 ----a-w- c:\docume~1\kyle\applic~1\pcouffin.sys
2009-12-10 06:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-02 07:35:11 1228240 ----a-w- C:\ADBEPHSPCS4_LS1.exe
2009-12-02 04:54:27 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-12-01 00:44:31 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-27 10:56:37 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-11-26 23:07:40 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-26 23:07:40 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-26 23:04:52 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-11-26 22:24:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 06:46:04 7424990 ----a-w- C:\26743o.zip
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-28 14:38:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-28 14:38:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-25 14:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 06:00:21 409088 ----a-w- c:\windows\system32\systemcpl.dll
2009-10-20 06:00:13 1049600 ----a-w- c:\windows\System3215.exe
2006-11-18 07:24:06 66046 ----a-w- c:\program files\Dupe_Free_0_NO_VISTA.ico
2006-06-24 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 13:06:54.04 ===============


ARC.txt

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2010/01/17 13:06
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAEF78000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB8656000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP1434
Image Path: \Driver\PCI_PNP1434
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0x94601000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sbaphd.sys
Image Path: C:\WINDOWS\system32\drivers\sbaphd.sys
Address: 0xB8650000 Size: 6656 File Visible: No Signed: -
Status: -

Name: sbapifs.sys
Image Path: C:\WINDOWS\system32\drivers\sbapifs.sys
Address: 0xAF0AD000 Size: 63232 File Visible: No Signed: -
Status: -

Name: spqf.sys
Image Path: spqf.sys
Address: 0xB7EB4000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\$RECYCLE.BIN
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch3A0A.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch3A0B.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch3A19.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch3A1A.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch3A40.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\temp\cch3A41.tmp
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\kyle\local settings\temp\~dfe2e2.tmp
Status: Allocation size mismatch (API: 393216, Raw: 16384)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\bases\cache\av338c.tmp
Status: Allocation size mismatch (API: 20504576, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\report\05\00000002_objdt.dat
Status: Size mismatch (API: 147194, Raw: 147154)

Path: C:\Documents and Settings\Kyle\Local Settings\Apps\2.0\AKGHGDB8.N5X\N4GPGTLD.915\manifests\Phoenix Twitter Desktop.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Kyle\Local Settings\Apps\2.0\AKGHGDB8.N5X\N4GPGTLD.915\manifests\Phoenix Twitter Desktop.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c536e

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x876bd630

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5a86

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c660c

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6b40

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5d78

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sbaphd.sys" at address 0xb86504d0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6a18

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c3d0a

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c68d4

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5102

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6c72

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c840e

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5886

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6976

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4a20

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4cf8

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c621c

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c8980

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4e3a

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4ee4

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6016

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c7ea6

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c443c

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c444e

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5030

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6be2

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5b08

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4604

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6ab0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x876bca60

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c8438

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6d14

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x876bce80

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4f8e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4bb6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c48bc

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c8128

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4b34

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c40c2

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c709e

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6f64

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c7c30

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c4224

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c8860

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c3ec4

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c6312

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c5984

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c75f2

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c7fa0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c84c2

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sbaphd.sys" at address 0xb8650520

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x876bd460

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x876bd280

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c7dd2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8a865df0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x876bd0b0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2c57c8

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x884fc430]
Process: System Address: 0x876bb790 Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a6e11f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x875be500 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_CREATE]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_CLOSE]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_READ]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_WRITE]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_CLEANUP]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: USBP, IRP_MJ_PNP]
Process: System Address: 0x876261f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_CREATE]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_CLOSE]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_POWER]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: a61a6ib4Ѕ扏煓Ёధ䵆湦İ, IRP_MJ_PNP]
Process: System Address: 0x895621f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x896e41f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x897031f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a6e31f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x876881f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_CREATE]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_CLOSE]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_POWER]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_PNP]
Process: System Address: 0x8a6e21f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89803500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8767e500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_CREATE]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_CLOSE]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_READ]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_CLEANUP]
Process: System Address: 0x8765b500 Size: 121

Object: Hidden Code [Driver: Cdfsȅజ䵆湦, IRP_MJ_PNP]
Process: System Address: 0x8765b500 Size: 121

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d532a

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d53ee

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d5454

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d538a

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4ec4

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d5242

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d50b2

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4e2c

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d517a

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4e78

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d5004

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4f5a

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4fae

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d510a

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d5064

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4d7c

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xaf2d4dd2

==EOF==

Attached Files


Edited by insaniak, 17 January 2010 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:08 AM

Posted 24 January 2010 - 09:05 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 25 January 2010 - 12:49 AM

Same, Issue still happening I have Attached DDS Log and Attach Log.

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:08 AM

Posted 25 January 2010 - 01:11 PM

Hello, insaniak and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 26 January 2010 - 03:02 AM

No matter what I do GMER keeps freezing and I am unable to copy the file. I have tried in safe mode many times i am discounected from internet and AV/firewalls deactivated/disabled

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:08 AM

Posted 26 January 2010 - 04:21 PM

Hi,


RootRepeal - Rootkit Detector


Download RootRepeal.zip and unzip it to your Desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Clickthe Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 26 January 2010 - 05:45 PM

I included Root repeal in my originaly post, nothing has changed

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:08 AM

Posted 27 January 2010 - 12:26 AM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix





regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 28 January 2010 - 04:14 PM

ComboFix 10-01-27.06 - Kyle 01/28/2010 12:33:37.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1536 [GMT -8:00]
Running from: c:\documents and settings\Kyle\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3471991282-3843868291-988700022-1001
c:\documents and settings\Kyle\Help.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMP\VPN_174D\9218E5A4.dll
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-26 20:59 . 2010-01-26 20:59 -------- d-----w- c:\program files\TrueGames
2010-01-25 20:20 . 2010-01-25 20:20 -------- d-----w- C:\Converted
2010-01-25 02:58 . 2010-01-25 04:31 -------- d-----w- c:\program files\DupeEliminator
2010-01-23 21:19 . 2008-11-11 23:33 200704 ----a-w- c:\windows\system32\snmvtsvc.exe
2010-01-23 21:19 . 2008-11-11 23:05 3768 ----a-w- c:\windows\system32\SndTVideo.sys
2010-01-23 21:19 . 2008-11-11 23:05 3768 ----a-w- c:\windows\system32\drivers\SndTVideo.sys
2010-01-23 21:19 . 2008-11-11 23:05 10936 ----a-w- c:\windows\system32\SndTVideo.dll
2010-01-23 21:19 . 2008-11-11 23:05 23096 ----a-w- c:\windows\system32\SndTAudio.sys
2010-01-23 21:19 . 2008-11-11 23:05 23096 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-01-23 21:19 . 2010-01-23 21:20 -------- d-----w- c:\program files\SoundTaxi
2010-01-23 21:10 . 2010-01-23 21:10 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-01-23 21:09 . 2010-01-23 21:20 -------- d-----w- c:\program files\Replay Music 3
2010-01-23 21:09 . 2010-01-23 21:09 -------- d-----w- c:\windows\Replay Music
2010-01-22 23:08 . 2010-01-22 23:08 108296 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-01-22 23:08 . 2010-01-25 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-01-22 23:08 . 2010-01-22 23:08 -------- d-----w- c:\documents and settings\Kyle\Application Data\Webroot
2010-01-22 23:08 . 2009-04-06 21:32 1563008 ----a-w- c:\windows\WRSetup.dll
2010-01-22 21:23 . 2010-01-22 21:23 -------- d-----w- c:\program files\iPod
2010-01-22 21:23 . 2010-01-22 21:23 -------- d-----w- c:\program files\iTunes
2010-01-22 21:23 . 2010-01-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-22 21:22 . 2010-01-22 21:22 -------- d-----w- c:\program files\Bonjour
2010-01-22 21:21 . 2010-01-22 21:22 -------- d-----w- c:\program files\QuickTime
2010-01-22 21:20 . 2010-01-22 21:20 -------- d-----w- c:\program files\Apple Software Update
2010-01-22 21:20 . 2009-08-29 03:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-22 21:20 . 2009-08-29 03:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-22 21:20 . 2010-01-22 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-22 07:56 . 2010-01-22 07:56 -------- d-----w- c:\program files\MSSOAP
2010-01-22 07:56 . 2010-01-22 07:56 -------- d-----w- c:\program files\Webroot
2010-01-22 07:34 . 2010-01-22 07:34 -------- d-----w- C:\VundoFix Backups
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-21 04:31 . 2010-01-21 04:31 -------- d-----w- c:\program files\Attribute Manager
2010-01-21 04:25 . 2010-01-21 04:27 -------- d-----w- c:\program files\File Properties Changer
2010-01-21 02:18 . 2010-01-21 02:18 -------- d-----w- c:\documents and settings\Dean\Application Data\acccore
2010-01-21 02:17 . 2010-01-21 02:17 -------- d-----w- c:\documents and settings\Dean\Local Settings\Application Data\AOL OCP
2010-01-19 23:08 . 2010-01-19 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-01-19 02:39 . 2010-01-19 04:58 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\LogMeIn Hamachi
2010-01-19 02:39 . 2010-01-28 20:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-01-19 02:38 . 2010-01-19 02:38 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-19 00:13 . 2008-11-20 03:22 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2010-01-19 00:13 . 2010-01-19 00:13 -------- d-----w- c:\program files\S.A.D
2010-01-19 00:06 . 2010-01-19 00:08 -------- d-----w- c:\documents and settings\Kyle\Application Data\JonDo
2010-01-18 23:59 . 2010-01-18 23:59 -------- d-----w- c:\documents and settings\Kyle\Application Data\GPass
2010-01-18 23:29 . 2010-01-18 23:29 22000 ----a-w- c:\windows\system32\drivers\Neo_0028.sys
2010-01-18 23:28 . 2010-01-18 23:28 81920 ----a-w- c:\windows\system32\vpncmd.exe
2010-01-18 23:28 . 2010-01-28 20:46 -------- d-----w- c:\program files\PacketiX VPN Client English
2010-01-18 17:09 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 12:14 . 2010-01-18 12:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-18 09:56 . 2009-07-24 23:05 676704 ----a-w- c:\windows\system32\LCCoin30.dll
2010-01-18 09:56 . 2009-07-24 23:05 30560 ----a-w- c:\windows\system32\drivers\nx6000.sys
2010-01-18 09:55 . 2010-01-18 09:56 -------- d-----w- c:\program files\Microsoft LifeCam
2010-01-18 06:38 . 2010-01-18 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-01-18 06:13 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-18 06:12 . 2010-01-18 06:46 -------- d-----w- c:\documents and settings\Kyle\Application Data\QuickScan
2010-01-18 06:11 . 2010-01-18 06:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 06:10 . 2010-01-18 06:10 -------- d-----w- c:\program files\Lavasoft
2010-01-18 06:06 . 2010-01-24 04:30 -------- d-----w- c:\program files\Panda Security
2010-01-17 22:27 . 2009-09-23 17:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-01-17 22:26 . 2009-03-05 07:30 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-01-17 22:25 . 2008-09-12 17:38 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-01-17 10:59 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-01-17 10:59 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-01-17 10:58 . 2008-04-14 01:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-17 10:58 . 2008-04-14 01:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-17 06:49 . 2010-01-17 06:49 -------- d-----w- c:\documents and settings\Kyle\Application Data\Sunbelt
2010-01-17 06:46 . 2010-01-17 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-16 00:18 . 2010-01-16 00:18 -------- d-----w- c:\program files\WinSCP
2010-01-15 21:08 . 2009-12-15 12:47 200704 ----a-w- c:\windows\system32\HMIPCore.dll
2010-01-15 21:07 . 2010-01-15 21:09 -------- d-----w- c:\program files\Hide My IP 2009
2010-01-15 20:29 . 2010-01-15 20:29 -------- d-----w- c:\documents and settings\Kyle\Application Data\ubot
2010-01-15 20:28 . 2010-01-15 20:28 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\Xenocode
2010-01-15 19:43 . 2010-01-15 19:43 -------- d-----w- c:\program files\DupeFree Pro
2010-01-15 18:47 . 2010-01-15 18:47 -------- d-----w- c:\program files\Tube Thumper
2010-01-15 06:19 . 2010-01-15 06:19 -------- d-----w- c:\program files\IBP 11
2010-01-15 03:00 . 2010-01-16 19:29 -------- d-----w- c:\documents and settings\Kyle\Application Data\IBP
2010-01-14 19:05 . 2010-01-14 19:22 -------- d-----w- c:\program files\FBP - Facebook Blaster Pro
2010-01-14 08:23 . 2010-01-14 09:23 -------- d-----w- c:\program files\Super AlexaBooster
2010-01-14 08:23 . 2010-01-14 08:23 -------- d-----w- c:\documents and settings\All Users\Start MenuSuper Alexa Booster site
2010-01-14 08:23 . 2010-01-14 08:23 -------- d-----w- c:\documents and settings\All Users\Start MenuSuper-AlexaBooster V1.10
2010-01-14 08:23 . 2010-01-14 08:23 -------- d-----w- c:\documents and settings\All Users\Start MenuReadme
2010-01-14 08:23 . 2010-01-14 08:23 -------- d-----w- c:\documents and settings\All Users\DesktopSuper Alexa Booster
2010-01-14 08:23 . 2010-01-14 08:23 -------- d-----w- c:\documents and settings\All Users\DesktopSuper-AlexaBooster V1.10
2010-01-12 10:41 . 2006-05-24 04:20 10240 ----a-w- c:\windows\CTDCRES.DLL
2010-01-12 10:09 . 2010-01-12 10:09 3304 ------w- C:\bootsqm.dat
2010-01-12 08:45 . 2010-01-12 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Media Center Programs
2010-01-12 08:43 . 2010-01-12 10:20 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-12 05:38 . 2010-01-12 05:38 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\GlobalSCAPE
2010-01-12 05:38 . 2010-01-12 05:38 -------- d-----w- c:\documents and settings\Kyle\Application Data\GlobalSCAPE
2010-01-12 05:38 . 2010-01-12 05:38 -------- d-----w- c:\documents and settings\All Users\Application Data\GlobalSCAPE
2010-01-12 02:33 . 2010-01-27 22:42 -------- d-----w- c:\documents and settings\All Users\Micro Niche Finder
2010-01-12 02:33 . 2010-01-12 02:33 -------- d-----w- c:\documents and settings\All Users\Micro Niche Finder Service
2010-01-12 02:33 . 2010-01-12 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Micro Niche Finder
2010-01-12 02:31 . 2010-01-12 02:31 -------- d-----w- c:\program files\Micro Niche Finder
2010-01-12 00:16 . 2010-01-12 00:16 -------- d-----w- c:\documents and settings\Kyle\Application Data\SmartFTP
2010-01-11 23:55 . 2010-01-11 23:55 -------- d-----w- c:\program files\SmartFTP Client
2010-01-10 20:57 . 2008-02-04 18:27 102400 ----a-w- c:\windows\system32\cttele32.dll
2010-01-10 20:57 . 2010-01-10 20:57 -------- d-----w- c:\program files\OpenAL
2010-01-10 20:53 . 2009-05-18 22:34 22691984 ----a-w- c:\windows\system32\AppSetup.exe
2010-01-10 20:52 . 2010-01-10 20:52 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2010-01-10 20:42 . 2010-01-10 20:42 -------- d--h--w- c:\windows\PIF
2010-01-10 20:35 . 2010-01-12 10:42 -------- d-----w- c:\windows\system32\Data
2010-01-10 00:08 . 2010-01-12 10:20 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\Gas Powered Games
2010-01-09 23:06 . 2010-01-09 23:21 -------- d-----w- C:\AMusic
2010-01-09 21:22 . 2010-01-09 21:23 -------- d-----w- C:\temp
2010-01-07 23:28 . 2010-01-07 23:28 -------- d-----w- c:\program files\LimeWire
2010-01-07 17:10 . 2010-01-07 17:27 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\StreamingFileProcessing
2010-01-07 17:10 . 2010-01-07 17:28 -------- d-----w- c:\documents and settings\Kyle\Application Data\Find Duplicate Files Easily
2010-01-06 04:43 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-06 04:43 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-06 04:43 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-06 04:43 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-05 08:53 . 2010-01-05 08:53 -------- d-----w- c:\documents and settings\Kyle\Uploads
2010-01-05 08:53 . 2010-01-05 08:53 -------- d-----w- c:\documents and settings\Kyle\New Folder
2010-01-05 00:14 . 2010-01-05 00:14 -------- d-----w- c:\documents and settings\Kyle\temp
2010-01-01 05:54 . 2010-01-01 05:54 -------- d-sh--w- c:\documents and settings\Cathy\IECompatCache
2010-01-01 05:53 . 2010-01-01 05:53 -------- d-sh--w- c:\documents and settings\Cathy\PrivacIE
2010-01-01 05:53 . 2010-01-15 22:20 -------- d-----w- c:\documents and settings\Cathy\Local Settings\Application Data\AskToolbar
2010-01-01 04:53 . 2010-01-01 05:00 -------- d-----w- c:\documents and settings\Kyle\Application Data\RegistryDefense
2010-01-01 04:53 . 2010-01-01 04:53 -------- d-----w- c:\program files\Registry Defense
2009-12-30 09:12 . 2009-12-30 09:21 -------- d-----w- c:\documents and settings\Kyle\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:45 . 2009-12-02 07:23 -------- d-----w- c:\program files\Common Files\Akamai
2010-01-28 05:43 . 2009-04-26 19:55 -------- d-----w- c:\documents and settings\Kyle\Application Data\Xfire
2010-01-28 03:45 . 2009-04-27 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-27 23:14 . 2009-04-26 19:55 -------- d-----w- c:\program files\Xfire
2010-01-27 08:01 . 2009-11-26 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-26 05:18 . 2009-10-24 21:40 -------- d-----w- c:\documents and settings\Kyle\Application Data\vlc
2010-01-26 01:15 . 2009-10-31 00:08 -------- d-----w- c:\documents and settings\Cathy\Application Data\uTorrent
2010-01-25 00:16 . 2009-04-26 19:57 -------- d-----w- c:\documents and settings\Kyle\Application Data\uTorrent
2010-01-24 04:31 . 2009-12-21 06:36 -------- d-----w- c:\program files\Perfect World Entertainment
2010-01-22 22:57 . 2009-12-09 11:20 748400 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 21:31 . 2009-04-27 00:13 -------- d-----w- c:\documents and settings\Kyle\Application Data\Apple Computer
2010-01-22 21:23 . 2009-04-27 00:12 -------- d-----w- c:\program files\Common Files\Apple
2010-01-22 20:02 . 2009-04-26 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-21 06:15 . 2009-12-03 17:53 -------- d-----w- c:\program files\Simple Port Forwarding
2010-01-21 04:44 . 2009-09-19 02:25 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-21 04:44 . 2009-09-19 02:25 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-21 04:35 . 2009-04-26 20:49 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-19 00:23 . 2009-04-26 19:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-18 14:53 . 2009-12-03 18:48 -------- d-----w- c:\program files\Left 4 Dead 2
2010-01-18 14:53 . 2009-11-21 22:56 -------- d-----w- c:\program files\PE
2010-01-18 14:53 . 2009-12-04 02:02 -------- d-----w- c:\program files\ProxyFinderEnterprise
2010-01-18 14:53 . 2009-11-22 04:38 -------- d-----w- c:\program files\Smart PB
2010-01-18 14:53 . 2009-11-22 00:18 -------- d-----w- c:\program files\UB
2010-01-18 13:17 . 2009-07-04 22:20 -------- d-----w- c:\program files\a-squared Free
2010-01-18 06:28 . 2009-07-05 04:50 -------- d-----w- c:\program files\ESET
2010-01-18 06:10 . 2009-04-29 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-18 05:23 . 2009-04-26 20:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 09:55 . 2009-11-18 00:33 -------- d-----w- c:\program files\GigaTribe
2010-01-13 11:11 . 2009-04-27 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-13 04:03 . 2009-10-23 05:03 -------- d-----w- c:\program files\birdssoft
2010-01-13 03:43 . 2009-10-23 04:39 -------- d-----w- c:\program files\Garena
2010-01-12 10:42 . 2009-04-26 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-01-12 10:41 . 2009-04-26 20:22 -------- d-----w- c:\documents and settings\Kyle\Application Data\Creative
2010-01-12 10:29 . 2009-04-26 20:21 -------- d-----w- c:\program files\Creative
2010-01-12 10:28 . 2009-04-26 20:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-12 10:28 . 2009-04-26 20:22 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-12 08:44 . 2009-04-27 00:21 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-12 08:43 . 2009-04-27 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-12 01:26 . 2009-04-26 20:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-10 21:40 . 2009-08-08 22:30 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-10 21:40 . 2009-08-08 22:30 -------- d-----w- c:\documents and settings\Kyle\Application Data\SystemRequirementsLab
2010-01-10 11:01 . 2009-05-18 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 23:25 . 2009-04-27 00:27 -------- d-----w- c:\documents and settings\Kyle\Application Data\LimeWire
2010-01-09 21:12 . 2009-10-24 00:45 -------- d-----w- c:\program files\THQ
2010-01-09 20:52 . 2009-05-25 23:43 -------- d-----w- c:\documents and settings\Kyle\Application Data\IGN_DLM
2010-01-09 20:21 . 2009-04-26 19:56 -------- d-----w- c:\program files\Common Files\AOL
2010-01-08 00:07 . 2009-05-18 20:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-08-12 00:24 -------- d-----w- c:\program files\Rhapsody
2010-01-08 00:07 . 2009-05-18 20:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 12:16 . 2009-05-08 20:02 -------- d-----w- c:\program files\MagicISO
2010-01-07 08:59 . 2009-11-07 19:43 -------- d-----w- c:\program files\TidySongs
2010-01-05 22:42 . 2009-12-02 00:28 -------- d-----w- c:\program files\Pando Networks
2010-01-05 22:40 . 2009-04-27 00:37 -------- d-----w- c:\program files\VSO
2010-01-05 22:40 . 2009-04-27 00:37 -------- d-----w- c:\documents and settings\Kyle\Application Data\Vso
2010-01-05 22:40 . 2009-04-27 00:37 47360 ----a-w- c:\documents and settings\Kyle\Application Data\pcouffin.sys
2010-01-05 22:39 . 2009-11-04 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-01-05 00:14 . 2009-04-26 20:28 -------- d-----w- c:\documents and settings\Kyle\Application Data\TeamViewer
2010-01-05 00:14 . 2009-04-26 20:28 -------- d-----w- c:\program files\TeamViewer
2010-01-01 05:52 . 2009-12-02 00:37 -------- d-----w- c:\program files\CamStudio
2010-01-01 05:00 . 2009-06-02 17:09 -------- d-----w- c:\program files\ThreatFire
2010-01-01 04:25 . 2009-04-27 00:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-30 21:57 . 2009-11-26 04:00 -------- d-----w- c:\program files\DivX
2009-12-30 21:32 . 2009-06-03 02:29 -------- d-----w- c:\program files\Google
2009-12-23 12:27 . 2009-04-27 00:08 109048 ----a-w- c:\documents and settings\Kyle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 22:30 . 2009-12-22 22:30 -------- d-----w- c:\documents and settings\Kyle\Application Data\Dell
2009-12-21 19:14 . 2002-09-03 17:12 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 05:17 . 2009-12-21 03:42 -------- d-----w- c:\documents and settings\Kyle\Application Data\GetRightToGo
2009-12-18 07:59 . 2009-12-18 07:59 -------- d-----w- c:\program files\Sunbelt Software
2009-12-17 10:18 . 2009-10-20 17:01 -------- d-----w- c:\program files\RapidBIT
2009-12-17 09:33 . 2009-04-27 00:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-17 01:36 . 2009-11-26 23:47 -------- d-----w- c:\documents and settings\Kyle\Application Data\GSC 2.00
2009-12-15 22:53 . 2009-12-15 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-12-15 22:53 . 2009-12-15 22:53 -------- d-----w- c:\program files\Siber Systems
2009-12-14 00:52 . 2009-12-14 00:52 -------- d-----w- c:\program files\Veoh Networks
2009-12-11 19:50 . 2009-07-11 14:40 -------- d-----w- c:\documents and settings\Cathy\Application Data\AOL
2009-12-08 21:56 . 2009-12-08 21:56 -------- d-----w- c:\documents and settings\Cathy\Application Data\ubot
2009-12-08 02:24 . 2009-12-08 02:11 -------- d-----w- c:\program files\SENuke
2009-12-06 03:33 . 2009-12-06 03:32 -------- d-----w- c:\program files\AltBinz
2009-12-05 23:39 . 2009-10-31 00:28 -------- d-----w- c:\documents and settings\Cathy\Application Data\vlc
2009-12-05 23:31 . 2009-11-07 23:02 -------- d-----w- c:\program files\Steam
2009-12-05 23:17 . 2009-12-05 23:17 -------- d-----w- c:\documents and settings\Cathy\Application Data\DivX
2009-12-05 20:49 . 2009-12-05 20:49 -------- d-----w- c:\program files\Activision
2009-12-03 19:16 . 2009-12-03 19:16 -------- d-----w- c:\documents and settings\Cathy\Application Data\Apple Computer
2009-12-03 17:17 . 2009-12-03 17:17 -------- d-----w- c:\program files\Ask.com
2009-12-03 17:06 . 2009-12-03 17:06 -------- d-----w- c:\documents and settings\Cathy\Application Data\Ulead Systems
2009-12-03 17:06 . 2009-04-28 07:54 109048 ----a-w- c:\documents and settings\Cathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-03 07:23 . 2009-12-02 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2009-12-03 07:21 . 2009-12-02 02:56 -------- d-----w- c:\documents and settings\Kyle\Application Data\Tunebite
2009-12-03 00:42 . 2009-12-03 00:42 -------- d-----w- c:\documents and settings\Kyle\Application Data\Thinstall
2009-12-02 07:57 . 2009-06-27 20:10 -------- d-----w- c:\program files\Download Manager
2009-12-02 07:35 . 2009-12-02 07:25 1228240 ----a-w- C:\ADBEPHSPCS4_LS1.exe
2009-12-02 07:34 . 2009-05-28 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-02 07:13 . 2009-12-02 07:13 -------- d-----w- c:\program files\Adobe Media Player
2009-12-02 06:58 . 2009-12-02 06:58 -------- d-----w- c:\program files\Video Watermark Factory
2009-12-02 04:54 . 2009-12-02 04:54 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-12-02 04:54 . 2009-12-02 04:54 -------- d-----w- c:\program files\Common Files\DeskShare Shared
2009-12-02 04:54 . 2009-12-02 04:54 -------- d-----w- c:\program files\Deskshare
2009-12-02 03:56 . 2009-12-02 03:56 -------- d-----w- c:\documents and settings\Kyle\Application Data\Media Player Classic
2009-12-02 03:33 . 2009-12-02 03:30 -------- d-----w- c:\program files\Agree Free FLV MP4 MPEG MOV to AVI WMV Converter
2009-12-02 03:30 . 2009-12-02 03:30 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-09-14 05:10 . 2009-10-06 16:20 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-12-01_09.17.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
- 2007-11-07 09:19 . 2007-11-07 09:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 13:07 . 2008-07-29 13:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-08-12 22:35 . 2000-05-11 09:00 90112 c:\windows\Updreg.EXE
- 2009-08-12 22:35 . 2000-05-11 08:00 90112 c:\windows\Updreg.EXE
+ 2010-01-28 20:45 . 2010-01-28 20:45 16384 c:\windows\temp\Perflib_Perfdata_3dc.dat
+ 2010-01-28 20:45 . 2010-01-28 20:45 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
- 2009-05-03 21:18 . 2005-12-06 01:07 61136 c:\windows\system32\xinput9_1_0.dll
+ 2009-05-03 21:18 . 2005-12-06 02:07 61136 c:\windows\system32\xinput9_1_0.dll
- 2009-06-02 06:55 . 2007-04-05 01:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-06-02 06:55 . 2007-04-05 02:53 81768 c:\windows\system32\xinput1_3.dll
+ 2009-06-02 06:55 . 2006-07-28 17:30 62744 c:\windows\system32\xinput1_2.dll
- 2009-06-02 06:55 . 2006-07-28 16:30 62744 c:\windows\system32\xinput1_2.dll
+ 2009-05-26 02:13 . 2006-03-31 20:39 62672 c:\windows\system32\xinput1_1.dll
- 2009-05-26 02:13 . 2006-03-31 19:39 62672 c:\windows\system32\xinput1_1.dll
+ 2009-06-25 00:22 . 2009-09-05 01:44 69464 c:\windows\system32\XAPOFX1_3.dll
- 2009-06-25 00:22 . 2009-09-05 00:44 69464 c:\windows\system32\XAPOFX1_3.dll
- 2009-06-25 00:22 . 2008-10-27 17:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2009-06-25 00:22 . 2008-10-27 18:04 70992 c:\windows\system32\XAPOFX1_2.dll
- 2009-06-25 00:22 . 2008-07-31 17:41 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2009-06-25 00:22 . 2008-07-31 18:41 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2009-06-05 16:03 . 2008-05-30 22:17 65032 c:\windows\system32\XAPOFX1_0.dll
- 2009-06-05 16:03 . 2008-05-30 21:17 65032 c:\windows\system32\XAPOFX1_0.dll
- 2009-06-25 00:22 . 2009-03-16 21:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2009-06-25 00:22 . 2009-03-16 22:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2009-06-25 00:22 . 2008-10-27 18:04 23376 c:\windows\system32\X3DAudio1_5.dll
- 2009-06-25 00:22 . 2008-10-27 17:04 23376 c:\windows\system32\X3DAudio1_5.dll
+ 2009-06-05 16:03 . 2008-05-30 22:17 25608 c:\windows\system32\X3DAudio1_4.dll
- 2009-06-05 16:03 . 2008-05-30 21:17 25608 c:\windows\system32\X3DAudio1_4.dll
+ 2009-06-05 16:03 . 2008-03-06 00:00 25608 c:\windows\system32\X3DAudio1_3.dll
- 2009-06-05 16:03 . 2008-03-05 23:00 25608 c:\windows\system32\X3DAudio1_3.dll
+ 2009-06-05 16:03 . 2007-10-22 11:37 17928 c:\windows\system32\X3DAudio1_2.dll
- 2009-06-05 16:03 . 2007-10-22 10:37 17928 c:\windows\system32\X3DAudio1_2.dll
- 2009-06-02 06:55 . 2007-03-05 19:42 15128 c:\windows\system32\x3daudio1_1.dll
+ 2009-06-02 06:55 . 2007-03-05 20:42 15128 c:\windows\system32\x3daudio1_1.dll
+ 2009-05-26 02:13 . 2006-02-03 16:41 14032 c:\windows\system32\x3daudio1_0.dll
- 2009-05-26 02:13 . 2006-02-03 15:41 14032 c:\windows\system32\x3daudio1_0.dll
+ 2009-04-02 22:30 . 2009-04-02 22:30 31088 c:\windows\system32\wrLZMA.dll
+ 2009-04-26 20:22 . 2008-04-14 01:12 23552 c:\windows\system32\wdmaud.drv
- 2009-04-26 20:22 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
- 2004-08-04 07:56 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 07:56 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
+ 2009-04-02 22:29 . 2009-04-02 22:29 16240 c:\windows\system32\SsiEfr.exe
+ 2010-01-22 11:00 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-10-17 22:11 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-03-17 21:26 . 2009-03-17 21:26 65320 c:\windows\system32\sbbd.exe
+ 2010-01-18 09:58 . 2008-04-14 01:12 23552 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\wdmaud.drv
+ 2010-01-18 09:58 . 2008-04-13 19:45 60032 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\USBAUDIO.sys
+ 2010-01-18 09:58 . 2008-04-13 19:45 49408 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\stream.sys
+ 2010-01-18 09:58 . 2008-04-13 19:45 60160 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\drmk.sys
+ 2010-01-13 03:46 . 2009-09-26 02:50 24960 c:\windows\system32\ReinstallBackups\0029\DriverFiles\vpn-x.sys
+ 2010-01-18 09:56 . 2008-04-14 01:12 53760 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\vfwwdm32.dll
+ 2010-01-18 09:57 . 2008-04-14 00:12 16896 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\msyuv.dll
+ 2010-01-18 09:56 . 2008-04-14 00:11 47616 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\iyuv_32.dll
+ 2010-01-12 10:28 . 2009-06-04 10:48 15384 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\pfmodnt.sys
+ 2010-01-12 10:28 . 2009-06-04 10:48 95768 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\emupia2k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:47 14360 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctprxy2k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:46 72728 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\CTHWIUT.sys
+ 2010-01-12 10:28 . 2009-06-04 08:59 86016 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctcoinst.dll
+ 2010-01-12 10:28 . 2009-06-04 08:33 26919 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\ctd20x.dat
+ 2010-01-12 10:28 . 2009-06-04 08:40 56509 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\ctdnlstr.dat
+ 2010-01-12 10:28 . 2008-04-14 01:12 23552 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\wdmaud.drv
+ 2010-01-12 10:28 . 2008-04-13 19:45 49408 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\stream.sys
+ 2010-01-12 10:28 . 2008-04-13 19:45 60160 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\drmk.sys
+ 2010-01-12 10:28 . 2009-06-04 08:36 10240 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\sfman32.dll
+ 2010-01-12 10:28 . 2009-06-04 08:36 16384 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\regplib.exe
+ 2010-01-12 10:28 . 2009-06-04 08:36 68608 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\piaproxy.dll
+ 2010-01-12 10:28 . 2009-06-04 08:32 12800 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\killapps.exe
+ 2010-01-12 10:28 . 2001-07-11 18:51 77824 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\eaxac3.dll
+ 2010-01-12 10:28 . 2009-06-04 08:31 36864 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\devreg.dll
+ 2010-01-12 10:28 . 2009-06-04 08:55 39424 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\CTxfiSpk.dll
+ 2010-01-12 10:28 . 2009-06-04 08:50 47104 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\CTxfiReg.exe
+ 2010-01-12 10:28 . 2009-06-04 08:55 25600 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\Ctxfihlp.exe
+ 2010-01-12 10:28 . 2009-06-04 08:55 41472 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\CTxfiBtn.dll
+ 2010-01-12 10:28 . 2007-03-13 18:32 89336 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ctpxst32.exe
+ 2010-01-12 10:28 . 2009-06-04 08:36 74752 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ctosuser.dll
+ 2010-01-12 10:28 . 2009-06-04 08:37 53248 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ctdproxy.dll
+ 2010-01-12 10:28 . 2009-06-04 08:37 50688 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ctasio.dll
+ 2010-01-12 10:28 . 2009-06-04 08:50 15360 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\Ct20xspi.dll
+ 2010-01-12 10:28 . 2006-12-05 22:52 48400 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\AddCat.exe
+ 2010-01-12 10:28 . 2009-06-04 08:56 48640 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ac3api.dll
+ 2010-01-12 10:28 . 2009-06-04 08:57 60928 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\a3d.dll
+ 2002-09-03 16:54 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2002-09-03 16:54 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2002-09-03 16:51 . 2010-01-13 04:13 72050 c:\windows\system32\perfc009.dat
- 2002-09-03 16:51 . 2009-12-01 07:29 72050 c:\windows\system32\perfc009.dat
- 2009-04-26 20:23 . 2008-04-14 00:12 16896 c:\windows\system32\msyuv.dll
+ 2009-04-26 20:23 . 2008-04-14 01:12 16896 c:\windows\system32\msyuv.dll
+ 2007-08-14 01:54 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 01:54 . 2009-08-29 08:08 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-01-22 09:41 . 2010-01-22 09:41 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2002-09-03 16:37 . 2009-08-29 08:08 25600 c:\windows\system32\jsproxy.dll
+ 2002-09-03 16:37 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
- 2001-08-17 22:36 . 2008-04-14 00:11 47616 c:\windows\system32\iyuv_32.dll
+ 2001-08-17 22:36 . 2008-04-14 01:11 47616 c:\windows\system32\iyuv_32.dll
+ 2009-12-02 02:07 . 2008-04-02 05:40 24720 c:\windows\system32\IVIresize.dll
+ 2004-08-04 07:56 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2002-09-03 16:33 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2002-09-03 16:33 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 32736 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\VX6KCamd.sys
+ 2010-01-22 21:20 . 2009-08-29 03:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2010-01-18 09:56 . 2009-07-24 23:05 30560 c:\windows\system32\DRVSTORE\nx6000_23E206C070453735F69348B4BF11A0FED7F1CBC1\nx6000.sys
+ 2010-01-22 21:20 . 2009-08-29 03:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-01-18 06:13 . 2009-12-02 13:19 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-01-22 21:23 . 2009-05-18 22:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2009-10-23 05:03 . 2009-09-26 02:50 24960 c:\windows\system32\drivers\vpn-x.sys
- 2009-10-23 05:03 . 2008-11-02 06:39 24960 c:\windows\system32\drivers\vpn-x.sys
+ 2009-12-02 02:56 . 2007-12-11 17:52 26784 c:\windows\system32\drivers\tbhsd.sys
- 2009-04-26 20:23 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2009-04-26 20:23 . 2008-04-13 19:45 49408 c:\windows\system32\drivers\stream.sys
+ 2009-04-02 22:30 . 2009-04-02 22:30 23152 c:\windows\system32\drivers\sshrmd.sys
+ 2009-04-02 22:30 . 2009-04-02 22:30 29808 c:\windows\system32\drivers\ssfs0bbc.sys
+ 2008-10-23 01:08 . 2008-10-23 01:08 92464 c:\windows\system32\drivers\SBREDrv.sys
+ 2009-09-23 17:41 . 2009-09-23 17:41 26176 c:\windows\system32\drivers\hamachi.sys
+ 2009-04-27 00:13 . 2009-05-18 22:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-04-26 20:22 . 2008-04-13 19:45 60160 c:\windows\system32\drivers\drmk.sys
- 2009-04-26 20:22 . 2008-04-13 18:45 60160 c:\windows\system32\drivers\drmk.sys
+ 2009-06-04 10:46 . 2009-06-04 10:46 72728 c:\windows\system32\drivers\CTHWIUT.sys
+ 2008-08-14 15:57 . 2008-08-14 15:57 74720 c:\windows\system32\drivers\adfs.sys
+ 2008-12-12 19:11 . 2008-12-12 19:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 19:18 . 2008-12-12 19:18 87336 c:\windows\system32\dns-sd.exe
+ 2009-06-21 06:20 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-21 06:20 . 2009-08-29 08:08 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-04-26 20:22 . 2008-04-14 01:12 23552 c:\windows\system32\dllcache\wdmaud.drv
- 2009-04-26 20:22 . 2008-04-14 00:12 23552 c:\windows\system32\dllcache\wdmaud.drv
- 2004-08-04 07:56 . 2008-04-14 00:12 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2004-08-04 07:56 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
- 2009-04-26 20:23 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2009-04-26 20:23 . 2008-04-13 19:45 49408 c:\windows\system32\dllcache\stream.sys
- 2002-09-03 16:54 . 2008-04-14 00:12 79872 c:\windows\system32\dllcache\raschap.dll
+ 2002-09-03 16:54 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2009-04-26 20:23 . 2008-04-14 01:12 16896 c:\windows\system32\dllcache\msyuv.dll
- 2009-04-26 20:23 . 2008-04-14 00:12 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2009-04-27 18:42 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-04-27 18:42 . 2009-08-29 08:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2002-09-03 16:37 . 2009-08-29 08:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2002-09-03 16:37 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2001-08-17 22:36 . 2008-04-14 00:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2001-08-17 22:36 . 2008-04-14 01:11 47616 c:\windows\system32\dllcache\iyuv_32.dll
+ 2004-08-04 07:56 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
- 2002-09-03 16:33 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2002-09-03 16:33 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-04-26 20:22 . 2008-04-13 18:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2009-04-26 20:22 . 2008-04-13 19:45 60160 c:\windows\system32\dllcache\drmk.sys
+ 2007-03-13 18:32 . 2007-03-13 18:32 89336 c:\windows\system32\ctpxst32.exe
+ 2009-06-04 08:50 . 2009-06-04 08:50 15360 c:\windows\system32\Ct20xspi.dll
- 2009-04-26 19:45 . 2009-11-27 11:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-26 19:45 . 2010-01-28 20:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-26 19:45 . 2010-01-28 20:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-04-26 19:45 . 2009-11-27 11:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-18 12:14 . 2010-01-28 20:45 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-11-05 06:56 . 2009-11-27 11:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-18 12:14 . 2010-01-28 20:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-12-05 22:52 . 2006-12-05 22:52 48400 c:\windows\system32\AddCat.exe
+ 2006-05-24 04:31 . 2009-06-04 08:56 48640 c:\windows\system32\ac3api.dll
+ 2009-12-08 22:09 . 2005-01-20 04:48 13312 c:\windows\PWLN\iPLATO_22.exe
+ 2009-12-08 22:09 . 2002-04-18 16:46 12288 c:\windows\PWLN\iPLATO.exe
+ 2005-09-23 11:41 . 2005-09-23 11:41 68608 c:\windows\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40 94208 c:\windows\Microsoft.NET\Framework\VJSharp\vjshost.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsvwaux.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslibcw.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 12288 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsjbc.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 57344 c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSharpCodeProvider.DLL
+ 2005-09-23 14:56 . 2005-09-23 14:56 16384 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjscor.dll
+ 2005-09-23 15:01 . 2005-09-23 15:01 13496 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjc.exe
+ 2005-09-23 14:56 . 2005-09-23 14:56 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.VisualJSharp.dll
+ 2005-09-23 14:36 . 2005-09-23 14:36 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.3082.dll
+ 2005-09-23 14:30 . 2005-09-23 14:30 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.2052.dll
+ 2005-09-23 14:47 . 2005-09-23 14:47 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1049.dll
+ 2005-09-23 14:47 . 2005-09-23 14:47 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1046.dll
+ 2005-09-23 14:45 . 2005-09-23 14:45 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1042.dll
+ 2005-09-23 14:42 . 2005-09-23 14:42 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1041.dll
+ 2005-09-23 14:40 . 2005-09-23 14:40 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1040.dll
+ 2005-09-23 14:38 . 2005-09-23 14:38 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1036.dll
+ 2005-09-23 11:48 . 2005-09-23 11:48 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1033.dll
+ 2005-09-23 14:34 . 2005-09-23 14:34 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1031.dll
+ 2005-09-23 14:32 . 2005-09-23 14:32 42496 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\vjscustom.1028.dll
+ 2005-09-23 14:36 . 2005-09-23 14:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.3082.dll
+ 2005-09-23 14:30 . 2005-09-23 14:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.2052.dll
+ 2005-09-23 14:47 . 2005-09-23 14:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1049.dll
+ 2005-09-23 14:47 . 2005-09-23 14:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1046.dll
+ 2005-09-23 14:44 . 2005-09-23 14:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1042.dll
+ 2005-09-23 14:42 . 2005-09-23 14:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1041.dll
+ 2005-09-23 14:40 . 2005-09-23 14:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1040.dll
+ 2005-09-23 14:38 . 2005-09-23 14:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1036.dll
+ 2005-09-23 11:46 . 2005-09-23 11:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1033.dll
+ 2005-09-23 14:34 . 2005-09-23 14:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1031.dll
+ 2005-09-23 14:32 . 2005-09-23 14:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.res.1028.dll
+ 2005-09-23 11:41 . 2005-09-23 11:41 39424 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjslibui.dll
+ 2005-09-23 11:40 . 2005-09-23 11:40 61952 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vjscui.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-12-02 07:13 . 2009-12-02 07:13 23552 c:\windows\Installer\f443e3.msi
+ 2010-01-18 09:51 . 2010-01-18 09:51 79360 c:\windows\Installer\c60b6e.msi
+ 2010-01-07 08:59 . 2010-01-07 08:59 26624 c:\windows\Installer\32a8971.msi
+ 2010-01-10 21:40 . 2010-01-10 21:40 20992 c:\windows\Installer\296e1a.msi
+ 2009-12-30 09:12 . 2009-12-30 09:12 22528 c:\windows\Installer\2697f947.msi
+ 2010-01-12 01:26 . 2010-01-12 01:26 27648 c:\windows\Installer\153f8cd.msi
+ 2010-01-19 23:09 . 2010-01-19 23:09 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F6617.exe
+ 2009-12-30 09:14 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-30 09:22 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-30 09:22 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-30 09:22 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-12-30 09:22 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-30 09:22 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2009-12-30 09:22 . 2009-12-30 09:22 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\ARPPRODUCTICON.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-01-22 21:20 . 2010-01-22 21:20 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2010-01-11 23:55 . 2010-01-11 23:55 22486 c:\windows\Installer\{49F09453-8205-48CF-ADE6-29CE6B509669}\Icon_SFTPBackup.exe
+ 2010-01-22 23:08 . 2010-01-22 23:08 10134 c:\windows\Installer\{3F5B6210-0903-4DC6-8034-8F488AA3A782}\ARPPRODUCTICON.exe
+ 2010-01-22 07:56 . 2010-01-22 07:56 10134 c:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe
+ 2010-01-17 06:46 . 2010-01-17 06:49 65536 c:\windows\Installer\{1D3573E4-B407-47C2-ACA5-6880048BF1EE}\NewShortcut21_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2010-01-17 06:49 . 2010-01-17 06:49 65536 c:\windows\Installer\{1D3573E4-B407-47C2-ACA5-6880048BF1EE}\NewShortcut2_339C927BB4B547F9804FDF51F01D2D57.exe
+ 2010-01-17 06:49 . 2010-01-17 06:49 65536 c:\windows\Installer\{1D3573E4-B407-47C2-ACA5-6880048BF1EE}\ARPPRODUCTICON.exe
+ 2010-01-22 21:22 . 2010-01-22 21:22 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
- 2009-04-26 20:22 . 2006-05-24 04:55 11776 c:\windows\INRES.DLL
+ 2009-06-04 08:59 . 2006-05-24 04:55 11776 c:\windows\INRES.DLL
+ 2010-01-22 11:00 . 2009-10-29 07:45 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2010-01-12 10:56 . 2010-01-12 10:56 23552 c:\windows\assembly\NativeImages_v2.0.50727_32\VjsWfcBrowserStubLib\c954f3e54c8ea28e46b0ccc69c3d7a67\VjsWfcBrowserStubLib.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 49664 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsvwaux\8f64febbb53b074b7d6fe3af2ceaebab\vjsvwaux.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslibcw\0292461f4f6d6afac3cabfb63c2f768a\vjslibcw.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 32768 c:\windows\assembly\NativeImages_v2.0.50727_32\vjsjbc\5b3b096a86d13e6d53b2028b96f0c901\vjsjbc.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\vjscor\68100b90f02ed0bdbb47d46d1c12ebb8\vjscor.ni.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 36864 c:\windows\assembly\GAC_32\vjsvwaux\2.0.0.0__b03f5f7f11d50a3a\vjsvwaux.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 28672 c:\windows\assembly\GAC_32\vjslibcw\2.0.0.0__b03f5f7f11d50a3a\vjslibcw.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 12288 c:\windows\assembly\GAC_32\vjsjbc\2.0.0.0__b03f5f7f11d50a3a\vjsjbc.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 57344 c:\windows\assembly\GAC_32\VJSharpCodeProvider\2.0.0.0__b03f5f7f11d50a3a\VJSharpCodeProvider.DLL
+ 2010-01-12 08:44 . 2010-01-12 08:44 16384 c:\windows\assembly\GAC_32\vjscor\2.0.0.0__b03f5f7f11d50a3a\vjscor.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 53248 c:\windows\assembly\GAC_32\Microsoft.Build.VisualJSharp\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.VisualJSharp.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-12-09 11:04 . 2008-04-14 00:12 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2009-12-09 11:04 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 11:04 . 2008-04-14 00:11 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE8\update\spcustom.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE8\spmsg.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 12800 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\xpshims.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 55296 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeedsbs.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 25600 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\jsproxy.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-12-09 11:03 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 11:03 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2001-08-17 22:36 . 2001-08-18 06:36 8192 c:\windows\system32\tsbyuv.dll
- 2001-08-17 22:36 . 2002-09-03 16:31 8192 c:\windows\system32\tsbyuv.dll
+ 2010-01-18 09:58 . 2008-04-14 01:11 4096 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\ksuser.dll
+ 2010-01-18 09:57 . 2002-09-03 16:31 8192 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\tsbyuv.dll
+ 2010-01-18 09:56 . 2008-04-14 01:11 4096 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\ksuser.dll
+ 2010-01-12 10:28 . 2009-06-04 08:33 2091 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\cts20x.dat
+ 2010-01-12 10:28 . 2009-06-04 08:55 2560 c:\windows\system32\ReinstallBackups\0027\DriverFiles\lang\i386\CtxfiRes.dll
+ 2010-01-12 10:28 . 2008-04-14 01:11 4096 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\ksuser.dll
+ 2010-01-12 10:28 . 2009-06-04 08:33 7680 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\enlocstr.exe
- 2009-04-26 20:23 . 2008-04-14 00:11 4096 c:\windows\system32\ksuser.dll
+ 2009-04-26 20:23 . 2008-04-14 01:11 4096 c:\windows\system32\ksuser.dll
+ 2007-08-24 03:30 . 2008-06-12 18:36 7680 c:\windows\system32\ff_vfw.dll
+ 2001-08-17 22:36 . 2001-08-18 06:36 8192 c:\windows\system32\dllcache\tsbyuv.dll
- 2001-08-17 22:36 . 2002-09-03 16:31 8192 c:\windows\system32\dllcache\tsbyuv.dll
- 2009-04-26 20:23 . 2008-04-14 00:11 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-04-26 20:23 . 2008-04-14 01:11 4096 c:\windows\system32\dllcache\ksuser.dll
+ 2009-06-04 08:55 . 2009-06-04 08:55 2560 c:\windows\system32\CtxfiRes.dll
+ 2009-12-08 22:09 . 2005-01-20 04:48 8192 c:\windows\PWLN\npiPLATO_22.dll
+ 2009-12-08 22:09 . 2002-04-18 16:39 8192 c:\windows\PWLN\npiPCD3.dll
+ 2005-09-23 11:41 . 2005-09-23 11:41 2560 c:\windows\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\VJSWfcBrowserStubLib.dll
+ 2010-01-12 08:45 . 2010-01-12 08:45 3774 c:\windows\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_EA8B51C7A39B7699D01082.exe
+ 2010-01-12 08:45 . 2010-01-12 08:45 3774 c:\windows\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_A57F1F257079FF2A40AB26.exe
+ 2010-01-12 08:45 . 2010-01-12 08:45 3774 c:\windows\Installer\{C194D333-B84A-4BB7-B35E-060732D98DC4}\_6FEFF9B68218417F98F549.exe
+ 2009-06-04 08:55 . 2006-06-12 03:33 3072 c:\windows\CTXFIRES.DLL
- 2009-04-26 20:22 . 2006-06-12 03:33 3072 c:\windows\CTXFIRES.DLL
+ 2010-01-12 08:44 . 2010-01-12 08:44 9728 c:\windows\assembly\GAC_32\VjsWfcBrowserStubLib\2.0.0.0__b03f5f7f11d50a3a\VJSWfcBrowserStubLib.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 10:54 . 2008-07-29 10:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2010-01-28 20:45 . 2010-01-28 20:45 110080 c:\windows\temp\VPN_F422\6B373776.dll
+ 2009-12-02 03:30 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll
+ 2008-12-03 22:11 . 2008-01-10 12:16 159839 c:\windows\system32\xvidvfw.dll
+ 2009-08-25 16:56 . 2008-01-10 12:15 755027 c:\windows\system32\xvidcore.dll
+ 2007-01-11 01:03 . 2007-01-11 01:03 493400 c:\windows\system32\XceedZip.dll
- 2009-10-23 03:35 . 2009-09-05 00:44 515416 c:\windows\system32\XAudio2_5.dll
+ 2009-10-23 03:35 . 2009-09-05 01:44 515416 c:\windows\system32\XAudio2_5.dll
+ 2009-06-25 00:22 . 2009-03-16 22:18 517448 c:\windows\system32\XAudio2_4.dll
- 2009-06-25 00:22 . 2009-03-16 21:18 517448 c:\windows\system32\XAudio2_4.dll
+ 2009-06-25 00:22 . 2008-10-27 18:04 514384 c:\windows\system32\XAudio2_3.dll
- 2009-06-25 00:22 . 2008-10-27 17:04 514384 c:\windows\system32\XAudio2_3.dll
- 2009-06-25 00:22 . 2008-07-31 17:40 509448 c:\windows\system32\XAudio2_2.dll
+ 2009-06-25 00:22 . 2008-07-31 18:40 509448 c:\windows\system32\XAudio2_2.dll
- 2009-06-05 16:03 . 2008-05-30 21:19 507400 c:\windows\system32\XAudio2_1.dll
+ 2009-06-05 16:03 . 2008-05-30 22:19 507400 c:\windows\system32\XAudio2_1.dll
+ 2009-06-05 16:03 . 2008-03-06 00:03 479752 c:\windows\system32\XAudio2_0.dll
- 2009-06-05 16:03 . 2008-03-05 23:03 479752 c:\windows\system32\XAudio2_0.dll
- 2009-10-23 03:35 . 2009-09-05 00:44 238936 c:\windows\system32\xactengine3_5.dll
+ 2009-10-23 03:35 . 2009-09-05 01:44 238936 c:\windows\system32\xactengine3_5.dll
- 2009-06-25 00:22 . 2009-03-16 21:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2009-06-25 00:22 . 2009-03-16 22:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2009-06-25 00:22 . 2008-10-27 18:04 235856 c:\windows\system32\xactengine3_3.dll
- 2009-06-25 00:22 . 2008-10-27 17:04 235856 c:\windows\system32\xactengine3_3.dll
+ 2009-06-25 00:22 . 2008-07-31 18:41 238088 c:\windows\system32\xactengine3_2.dll
- 2009-06-25 00:22 . 2008-07-31 17:41 238088 c:\windows\system32\xactengine3_2.dll
+ 2009-06-05 16:03 . 2008-05-30 22:18 238088 c:\windows\system32\xactengine3_1.dll
- 2009-06-05 16:03 . 2008-05-30 21:18 238088 c:\windows\system32\xactengine3_1.dll
+ 2009-06-05 16:03 . 2008-03-06 00:03 238088 c:\windows\system32\xactengine3_0.dll
- 2009-06-05 16:03 . 2008-03-05 23:03 238088 c:\windows\system32\xactengine3_0.dll
+ 2009-06-05 16:03 . 2007-07-20 08:57 267112 c:\windows\system32\xactengine2_9.dll
- 2009-06-05 16:03 . 2007-07-20 07:57 267112 c:\windows\system32\xactengine2_9.dll
- 2009-06-05 16:03 . 2007-06-21 03:46 266088 c:\windows\system32\xactengine2_8.dll
+ 2009-06-05 16:03 . 2007-06-21 04:46 266088 c:\windows\system32\xactengine2_8.dll
+ 2009-06-05 16:03 . 2007-04-05 02:55 261480 c:\windows\system32\xactengine2_7.dll
- 2009-06-05 16:03 . 2007-04-05 01:55 261480 c:\windows\system32\xactengine2_7.dll
- 2009-06-05 16:03 . 2007-01-24 22:27 255848 c:\windows\system32\xactengine2_6.dll
+ 2009-06-05 16:03 . 2007-01-24 23:27 255848 c:\windows\system32\xactengine2_6.dll
- 2009-06-02 06:55 . 2006-12-08 19:02 251672 c:\windows\system32\xactengine2_5.dll
+ 2009-06-02 06:55 . 2006-12-08 20:02 251672 c:\windows\system32\xactengine2_5.dll
+ 2009-06-02 06:55 . 2006-09-29 00:05 237848 c:\windows\system32\xactengine2_4.dll
- 2009-06-02 06:55 . 2006-09-28 23:05 237848 c:\windows\system32\xactengine2_4.dll
- 2009-06-02 06:55 . 2006-07-28 16:30 236824 c:\windows\system32\xactengine2_3.dll
+ 2009-06-02 06:55 . 2006-07-28 17:30 236824 c:\windows\system32\xactengine2_3.dll
- 2009-05-26 02:13 . 2006-05-31 14:24 230168 c:\windows\system32\xactengine2_2.dll
+ 2009-05-26 02:13 . 2006-05-31 15:24 230168 c:\windows\system32\xactengine2_2.dll
+ 2009-06-05 16:03 . 2007-10-22 11:39 267272 c:\windows\system32\xactengine2_10.dll
- 2009-06-05 16:03 . 2007-10-22 10:39 267272 c:\windows\system32\xactengine2_10.dll
- 2009-05-26 02:13 . 2006-03-31 19:39 229584 c:\windows\system32\xactengine2_1.dll
+ 2009-05-26 02:13 . 2006-03-31 20:39 229584 c:\windows\system32\xactengine2_1.dll
- 2009-05-26 02:13 . 2006-02-03 15:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2009-05-26 02:13 . 2006-02-03 16:42 230096 c:\windows\system32\xactengine2_0.dll
+ 2009-04-26 19:54 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2009-12-08 02:11 . 1998-06-18 08:00 102912 c:\windows\system32\VB6STKIT.DLL
+ 2009-12-02 03:30 . 2007-09-04 16:56 164352 c:\windows\system32\unrar.dll
+ 2009-03-27 00:09 . 2009-03-27 00:09 600217 c:\windows\system32\UDAAIM32.exe
- 2002-09-03 17:06 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2002-09-03 17:06 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2006-05-24 03:38 . 2009-06-04 08:36 108544 c:\windows\system32\sfms32.dll
+ 2010-01-18 09:58 . 2008-04-13 20:19 146048 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\portcls.sys
+ 2010-01-18 09:58 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0030\DriverFiles\i386\ks.sys
+ 2010-01-18 09:56 . 2008-04-13 18:46 121984 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\usbvideo.sys
+ 2010-01-18 09:56 . 2008-04-14 00:12 294912 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\msh263.drv
+ 2010-01-18 09:56 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0028\DriverFiles\i386\ks.sys
+ 2010-01-12 10:28 . 2009-06-04 10:47 158744 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctsfm2k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:47 130072 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctoss2k.sys
+ 2010-01-12 10:28 . 2009-06-04 08:59 181248 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctdvinst.dll
+ 2010-01-12 10:28 . 2009-06-04 10:47 347080 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctdvda2k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:47 526232 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctaud2k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:47 511000 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ctac32k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:46 171032 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\CT20XUT.sys
+ 2010-01-12 10:28 . 2009-06-04 08:36 275257 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0760W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 277688 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP073AW.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 277688 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0730W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 357983 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0679W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 357983 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0678W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275766 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP055AW.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 276094 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0550W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275508 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP046CW.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275508 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP046BW.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275508 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP046AW.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0469W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0468W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0466W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0465W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0464W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 276282 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0463W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0462W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:36 275836 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\Data\CTP0460W.DAT
+ 2010-01-12 10:28 . 2009-06-04 08:40 321512 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\ctdlang.dat
+ 2010-01-12 10:28 . 2008-04-13 20:19 146048 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\portcls.sys
+ 2010-01-12 10:28 . 2008-04-13 20:16 141056 c:\windows\system32\ReinstallBackups\0027\DriverFiles\i386\ks.sys
+ 2010-01-12 10:28 . 2009-03-27 00:09 600217 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\UDAAIM32.exe
+ 2010-01-12 10:28 . 2009-06-04 08:36 108544 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\sfms32.dll
+ 2010-01-12 10:28 . 2008-04-23 14:07 805400 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\oalinst.exe
+ 2010-01-12 10:28 . 2008-02-04 18:27 102400 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\cttele32.dll
+ 2010-01-12 10:28 . 2009-06-04 08:40 114688 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ctemupia.dll
+ 2010-01-12 10:28 . 2009-06-04 08:37 193024 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\ct_oal.dll
+ 2002-09-03 16:55 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
+ 2002-09-03 16:52 . 2010-01-13 04:13 443918 c:\windows\system32\perfh009.dat
- 2002-09-03 16:52 . 2009-12-01 07:29 443918 c:\windows\system32\perfh009.dat
+ 2002-09-03 16:50 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
- 2002-09-03 16:50 . 2009-08-29 08:08 206848 c:\windows\system32\occache.dll
+ 2002-09-03 16:50 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2002-09-03 16:50 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2002-09-03 16:46 . 2002-09-03 21:48 565760 c:\windows\system32\msvcp50.dll
- 2002-09-03 16:46 . 2002-09-03 20:48 565760 c:\windows\system32\msvcp50.dll
+ 2008-07-31 18:16 . 2008-07-31 18:16 947472 c:\windows\system32\msjava.dll
- 2002-08-29 03:41 . 2008-04-14 00:12 294912 c:\windows\system32\msh263.drv
+ 2002-08-29 03:41 . 2008-04-14 01:12 294912 c:\windows\system32\msh263.drv
+ 2007-08-14 01:54 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
- 2007-08-14 01:54 . 2009-08-29 08:08 594432 c:\windows\system32\msfeeds.dll
+ 2009-11-03 00:24 . 2009-11-03 00:24 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe
+ 2009-12-02 02:07 . 2008-04-02 05:40 209040 c:\windows\system32\IVIresizeW7.dll
+ 2009-12-02 02:07 . 2008-04-02 05:40 192656 c:\windows\system32\IVIresizePX.dll
+ 2009-12-02 02:07 . 2008-04-02 05:40 196752 c:\windows\system32\IVIresizeP6.dll
+ 2009-12-02 02:07 . 2008-04-02 05:40 196752 c:\windows\system32\IVIresizeM6.dll
+ 2009-12-02 02:07 . 2008-04-02 05:40 204944 c:\windows\system32\IVIresizeA6.dll
+ 2002-09-03 16:35 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
- 2002-09-03 16:35 . 2009-08-29 08:08 184320 c:\windows\system32\iepeers.dll
- 2002-09-03 16:34 . 2009-08-29 08:08 387584 c:\windows\system32\iedkcs32.dll
+ 2002-09-03 16:34 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2002-09-03 16:34 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
- 2002-09-03 16:34 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2009-04-27 00:13 . 2008-04-17 21:12 107368 c:\windows\system32\GEARAspi.dll
- 2009-04-27 00:13 . 2008-04-17 19:12 107368 c:\windows\system32\GEARAspi.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 623984 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\VX6KTUI.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 764256 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\vVX6000.exe
+ 2010-01-18 09:58 . 2009-07-24 23:05 577376 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\vVX6000.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 676704 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\LCCoin30.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 175456 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\cVX6000.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 101744 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\1033\VX6000.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 762208 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\vVX3000.exe
+ 2010-01-18 09:58 . 2009-07-24 23:05 227680 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\vVX3000.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 621424 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\TwainUI.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 676720 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\LCCoin30.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 175456 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\cVX3000.dll
+ 2010-01-18 09:58 . 2009-07-24 23:05 101232 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\1033\VX3000.dll
+ 2010-01-18 09:59 . 2009-07-24 23:05 762208 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\vVX1000.exe
+ 2010-01-18 09:59 . 2009-07-24 23:05 227680 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\vVX1000.dll
+ 2010-01-18 09:59 . 2009-07-24 23:05 621424 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\TwainUI.dll
+ 2010-01-18 09:59 . 2009-07-24 23:05 676720 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\LCCoin30.dll
+ 2010-01-18 09:59 . 2009-07-24 23:05 175456 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\cVX1000.dll
+ 2010-01-18 09:59 . 2009-07-24 23:05 101216 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\1033\VX1000.dll
+ 2010-01-18 09:56 . 2009-07-24 23:05 676704 c:\windows\system32\DRVSTORE\nx6000_23E206C070453735F69348B4BF11A0FED7F1CBC1\LCCoin30.dll
+ 2010-01-22 21:23 . 2008-04-17 21:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2004-08-04 06:10 . 2008-04-13 19:46 121984 c:\windows\system32\drivers\usbvideo.sys
- 2004-08-04 06:10 . 2008-04-13 18:46 121984 c:\windows\system32\drivers\usbvideo.sys
+ 2009-04-02 22:30 . 2009-04-02 22:30 176752 c:\windows\system32\drivers\ssidrv.sys
- 2009-04-26 20:22 . 2008-04-13 19:19 146048 c:\windows\system32\drivers\portcls.sys
+ 2009-04-26 20:22 . 2008-04-13 20:19 146048 c:\windows\system32\drivers\portcls.sys
- 2009-04-26 20:23 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys
+ 2009-04-26 20:23 . 2008-04-13 20:16 141056 c:\windows\system32\drivers\ks.sys
+ 2004-08-04 06:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2009-06-04 10:46 . 2009-06-04 10:46 171032 c:\windows\system32\drivers\CT20XUT.sys
+ 2002-09-03 17:12 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
- 2002-09-03 17:12 . 2009-08-29 08:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-04-26 19:54 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 06:10 . 2008-04-13 18:46 121984 c:\windows\system32\dllcache\usbvideo.sys
+ 2004-08-04 06:10 . 2008-04-13 19:46 121984 c:\windows\system32\dllcache\usbvideo.sys
+ 2002-09-03 17:06 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
- 2002-09-03 17:06 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2002-09-03 16:55 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2009-04-26 20:22 . 2008-04-13 19:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2009-04-26 20:22 . 2008-04-13 20:19 146048 c:\windows\system32\dllcache\portcls.sys
+ 2002-09-03 16:50 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
- 2002-09-03 16:50 . 2009-08-29 08:08 206848 c:\windows\system32\dllcache\occache.dll
- 2002-09-03 16:50 . 2008-04-14 00:12 270336 c:\windows\system32\dllcache\oakley.dll
+ 2002-09-03 16:50 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2002-09-03 16:46 . 2002-09-03 21:48 565760 c:\windows\system32\dllcache\msvcp50.dll
- 2002-09-03 16:46 . 2002-09-03 20:48 565760 c:\windows\system32\dllcache\msvcp50.dll
+ 2009-04-27 18:42 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-27 18:42 . 2009-08-29 08:08 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-04-26 20:23 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-04-26 20:23 . 2008-04-13 20:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2009-06-21 06:20 . 2009-12-21 19:14 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-21 06:20 . 2009-08-29 08:08 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2002-09-03 16:35 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
- 2002-09-03 16:35 . 2009-08-29 08:08 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2002-09-03 16:34 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2002-09-03 16:34 . 2009-08-29 08:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2002-09-03 16:34 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2002-09-03 16:34 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 06:00 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2002-09-03 16:26 . 2009-11-21 15:51 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2009-06-04 08:36 . 2009-06-04 08:36 275257 c:\windows\system32\Data\CTP0760W.DAT
+ 2009-06-04 08:36 . 2009-06-04 08:36 357983 c:\windows\system32\Data\CTP0678W.DAT
+ 2009-06-04 08:36 . 2009-06-04 08:36 275836 c:\windows\system32\Data\CTP0462W.DAT
- 2009-10-23 03:35 . 2009-09-05 00:29 235344 c:\windows\system32\d3dx11_42.dll
+ 2009-10-23 03:35 . 2009-09-05 01:29 235344 c:\windows\system32\d3dx11_42.dll
+ 2009-10-23 03:35 . 2009-09-05 01:29 453456 c:\windows\system32\d3dx10_42.dll
- 2009-10-23 03:35 . 2009-09-05 00:29 453456 c:\windows\system32\d3dx10_42.dll
+ 2009-06-25 00:22 . 2009-03-09 23:27 453456 c:\windows\system32\d3dx10_41.dll
- 2009-06-25 00:22 . 2009-03-09 22:27 453456 c:\windows\system32\d3dx10_41.dll
- 2009-06-25 00:22 . 2008-10-15 13:22 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-06-25 00:22 . 2008-10-15 14:22 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-06-25 00:22 . 2008-07-10 19:01 467984 c:\windows\system32\d3dx10_39.dll
- 2009-06-25 00:22 . 2008-07-10 18:01 467984 c:\windows\system32\d3dx10_39.dll
+ 2009-06-05 16:03 . 2008-05-30 22:11 467984 c:\windows\system32\d3dx10_38.dll
- 2009-06-05 16:03 . 2008-05-30 21:11 467984 c:\windows\system32\d3dx10_38.dll
+ 2009-06-05 16:03 . 2008-02-06 07:07 462864 c:\windows\system32\d3dx10_37.dll
- 2009-06-05 16:03 . 2008-02-06 06:07 462864 c:\windows\system32\d3dx10_37.dll
+ 2009-06-05 16:03 . 2007-10-02 17:56 444776 c:\windows\system32\d3dx10_36.dll
- 2009-06-05 16:03 . 2007-10-02 16:56 444776 c:\windows\system32\d3dx10_36.dll
- 2009-06-05 16:03 . 2007-07-20 01:14 444776 c:\windows\system32\d3dx10_35.dll
+ 2009-06-05 16:03 . 2007-07-20 02:14 444776 c:\windows\system32\d3dx10_35.dll
+ 2009-06-05 16:03 . 2007-05-17 00:45 443752 c:\windows\system32\d3dx10_34.dll
- 2009-06-05 16:03 . 2007-05-16 23:45 443752 c:\windows\system32\d3dx10_34.dll
+ 2009-12-08 02:11 . 2008-03-26 16:20 569344 c:\windows\system32\CkString.dll
+ 2009-12-08 02:11 . 2008-07-01 19:04 659456 c:\windows\system32\ChilkatCharset.dll
+ 2010-01-23 21:09 . 2010-01-23 21:09 473600 c:\windows\Replay Music\uninstall.exe
+ 2009-12-08 22:09 . 1999-06-25 17:55 149504 c:\windows\PWLN\UNWISE.EXE
+ 2009-12-08 22:09 . 2005-01-20 04:48 222208 c:\windows\PWLN\lll32_22.dll
+ 2009-12-08 22:09 . 2002-04-18 16:39 201216 c:\windows\PWLN\lll32.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 185856 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfccw.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 921600 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjssupuilib.dll
+ 2005-09-23 11:41 . 2005-09-23 11:41 176640 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsnativ.dll
+ 2005-09-23 15:57 . 2005-09-23 15:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\unicows.dll
+ 2005-09-23 15:01 . 2005-09-23 15:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
- 2009-05-26 02:13 . 2006-03-31 18:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 02:13 . 2006-03-31 19:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-26 02:13 . 2006-02-03 15:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-26 02:13 . 2006-02-03 14:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2005-12-06 00:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-12-06 01:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2005-09-28 21:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-09-28 22:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2005-07-23 00:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-07-23 01:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2005-05-26 22:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-05-26 23:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2005-02-06 02:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-02-06 03:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2009-05-03 21:18 . 2005-03-19 01:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
- 2009-05-03 21:18 . 2005-03-19 00:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2009-12-02 02:59 . 2009-12-02 02:59 293376 c:\windows\Installer\edcfe.msi
+ 2010-01-15 19:43 . 2010-01-15 19:43 251904 c:\windows\Installer\bfeb237.msi
+ 2010-01-14 19:05 . 2010-01-14 19:05 329728 c:\windows\Installer\6b582fe.msi
+ 2010-01-22 21:20 . 2010-01-22 21:20 796672 c:\windows\Installer\48b790.msi
+ 2010-01-19 02:39 . 2010-01-19 02:39 787968 c:\windows\Installer\45f9083.msi
+ 2010-01-12 08:45 . 2010-01-12 08:45 513536 c:\windows\Installer\2e4f9f9.msi
+ 2009-12-02 02:06 . 2009-12-02 02:06 353118 c:\windows\Installer\{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}\ARPPRODUCTICON.exe
+ 2010-01-19 23:09 . 2010-01-19 23:09 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}\IconCD95F66110.exe
+ 2010-01-22 21:23 . 2010-01-22 21:23 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-03 17:17 . 2009-12-03 17:17 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2010-01-11 23:55 . 2010-01-11 23:55 157733 c:\windows\Installer\{49F09453-8205-48CF-ADE6-29CE6B509669}\Icon_SmartFTP.exe
+ 2010-01-22 11:00 . 2009-10-29 07:45 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 11:00 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 11:00 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 11:00 . 2009-10-29 07:45 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 11:00 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2009-12-09 11:04 . 2009-08-29 08:08 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-09 11:04 . 2009-08-29 08:08 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-09 11:04 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2010-01-12 10:56 . 2010-01-12 10:56 452608 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfccw\6e77790c046264de703fce1632252a19\vjswfccw.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 112128 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSharpCodeProvider\f56c0624a96fb43d01aa30f6b50f84dc\VJSharpCodeProvider.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 102912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Vis#\9feb2dfb105da241cb1ee5ad4793e0e8\Microsoft.Build.VisualJSharp.ni.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 185856 c:\windows\assembly\GAC_32\vjswfccw\2.0.0.0__b03f5f7f11d50a3a\vjswfccw.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 921600 c:\windows\assembly\GAC_32\VJSSupUILib\2.0.0.0__b03f5f7f11d50a3a\vjssupuilib.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2002-09-03 16:26 . 2009-11-21 15:51 471552 c:\windows\AppPatch\aclayers.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 11:03 . 2008-04-14 00:12 270336 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 11:04 . 2008-04-14 00:12 150016 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-12-09 11:03 . 2008-12-16 12:30 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 11:03 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-12-09 11:04 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 11:04 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-12-09 11:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE8\update\updspapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE8\update\update.exe
+ 2009-12-09 11:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE8\spuninst.exe
+ 2009-12-08 20:57 . 2009-10-29 07:45 916480 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 206848 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\occache.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 594432 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeeds.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 246272 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieproxy.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 184320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iepeers.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 387584 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iedkcs32.dll
+ 2009-12-08 20:57 . 2009-10-28 14:10 173056 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe
+ 2009-12-09 11:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 11:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 11:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 11:03 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-08 20:56 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 11:03 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 11:03 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 11:04 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 11:04 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
- 2008-07-29 15:05 . 2008-07-29 15:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2010-01-28 20:45 . 2010-01-28 20:45 2240512 c:\windows\temp\VPN_F422\9218E5A4.dll
+ 2010-01-28 20:45 . 2010-01-28 20:45 1185288 c:\windows\temp\.unicode_cache_ce363914.dat
+ 2002-09-03 17:08 . 2009-12-21 19:14 1208832 c:\windows\system32\urlmon.dll
- 2002-09-03 17:08 . 2009-08-29 08:08 1208832 c:\windows\system32\urlmon.dll
+ 2010-01-12 10:28 . 2009-06-04 10:48 1177624 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\ha20x2k.sys
+ 2010-01-12 10:28 . 2009-06-04 10:46 1324056 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Win2K_XP\i386\CTEXFIFX.sys
+ 2010-01-12 10:28 . 2009-06-04 08:49 1213440 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\CTxfispi.exe
+ 2002-09-03 16:44 . 2009-12-21 19:14 5942784 c:\windows\system32\mshtml.dll
- 2007-08-14 01:34 . 2009-08-29 08:08 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-14 01:34 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2009-04-26 12:39 . 2009-12-30 21:32 2246832 c:\windows\system32\FNTCACHE.DAT
+ 2010-01-18 09:58 . 2009-07-24 23:05 2074464 c:\windows\system32\DRVSTORE\VX6000_5C0CDC0078409FEC570D6372F5EB357455EB8EE2\VX6000Xp.sys
+ 2010-01-18 09:58 . 2009-07-24 23:05 1961328 c:\windows\system32\DRVSTORE\VX3000_6C95F4BC624AEB43738799E849876D07257EB50C\VX3000.sys
+ 2010-01-18 09:59 . 2009-07-24 23:05 1961072 c:\windows\system32\DRVSTORE\VX1000_2661FC2A266662B5100DCF0E70196236782FBEF1\VX1000.sys
+ 2010-01-22 21:20 . 2009-08-29 03:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2010-01-22 21:20 . 2009-08-29 03:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2009-06-04 10:46 . 2009-06-04 10:46 1324056 c:\windows\system32\drivers\CTEXFIFX.sys
- 2002-09-03 17:08 . 2009-08-29 08:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2002-09-03 17:08 . 2009-12-21 19:14 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2002-09-03 16:44 . 2009-12-21 19:14 5942784 c:\windows\system32\dllcache\mshtml.dll
- 2009-04-27 18:42 . 2009-08-29 08:08 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-27 18:42 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-10-23 03:35 . 2009-09-05 00:29 1892184 c:\windows\system32\D3DX9_42.dll
+ 2009-10-23 03:35 . 2009-09-05 01:29 1892184 c:\windows\system32\D3DX9_42.dll
- 2009-06-25 00:22 . 2009-03-09 22:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2009-06-25 00:22 . 2009-03-09 23:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2009-06-25 00:22 . 2008-10-15 14:22 4379984 c:\windows\system32\D3DX9_40.dll
- 2009-06-25 00:22 . 2008-10-15 13:22 4379984 c:\windows\system32\D3DX9_40.dll
+ 2009-06-25 00:22 . 2008-07-10 19:00 3851784 c:\windows\system32\D3DX9_39.dll
- 2009-06-25 00:22 . 2008-07-10 18:00 3851784 c:\windows\system32\D3DX9_39.dll
+ 2009-06-05 16:03 . 2008-05-30 22:11 3850760 c:\windows\system32\D3DX9_38.dll
- 2009-06-05 16:03 . 2008-05-30 21:11 3850760 c:\windows\system32\D3DX9_38.dll
- 2009-06-05 16:03 . 2008-03-05 22:56 3786760 c:\windows\system32\D3DX9_37.dll
+ 2009-06-05 16:03 . 2008-03-05 23:56 3786760 c:\windows\system32\D3DX9_37.dll
- 2009-06-05 16:03 . 2007-10-12 22:14 3734536 c:\windows\system32\d3dx9_36.dll
+ 2009-06-05 16:03 . 2007-10-12 23:14 3734536 c:\windows\system32\d3dx9_36.dll
- 2009-06-05 16:03 . 2007-07-20 01:14 3727720 c:\windows\system32\d3dx9_35.dll
+ 2009-06-05 16:03 . 2007-07-20 02:14 3727720 c:\windows\system32\d3dx9_35.dll
- 2009-06-05 16:03 . 2007-05-16 23:45 3497832 c:\windows\system32\d3dx9_34.dll
+ 2009-06-05 16:03 . 2007-05-17 00:45 3497832 c:\windows\system32\d3dx9_34.dll
+ 2009-06-02 06:55 . 2006-11-29 21:06 3426072 c:\windows\system32\d3dx9_32.dll
- 2009-06-02 06:55 . 2006-11-29 20:06 3426072 c:\windows\system32\d3dx9_32.dll
- 2009-06-02 06:55 . 2006-09-28 23:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-06-02 06:55 . 2006-09-29 00:05 2414360 c:\windows\system32\d3dx9_31.dll
+ 2009-05-26 02:13 . 2006-02-03 16:43 2332368 c:\windows\system32\d3dx9_29.dll
- 2009-05-26 02:13 . 2006-02-03 15:43 2332368 c:\windows\system32\d3dx9_29.dll
+ 2009-05-03 21:18 . 2005-12-06 02:09 2323664 c:\windows\system32\d3dx9_28.dll
- 2009-05-03 21:18 . 2005-12-06 01:09 2323664 c:\windows\system32\d3dx9_28.dll
+ 2009-05-03 21:18 . 2005-07-23 03:59 2319568 c:\windows\system32\d3dx9_27.dll
- 2009-05-03 21:18 . 2005-07-23 02:59 2319568 c:\windows\system32\d3dx9_27.dll
- 2009-05-03 21:18 . 2005-05-26 22:34 2297552 c:\windows\system32\d3dx9_26.dll
+ 2009-05-03 21:18 . 2005-05-26 23:34 2297552 c:\windows\system32\d3dx9_26.dll
- 2009-05-03 21:18 . 2005-03-19 00:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-05-03 21:18 . 2005-03-19 01:19 2337488 c:\windows\system32\d3dx9_25.dll
+ 2009-05-03 21:18 . 2005-02-06 03:45 2222800 c:\windows\system32\d3dx9_24.dll
- 2009-05-03 21:18 . 2005-02-06 02:45 2222800 c:\windows\system32\d3dx9_24.dll
+ 2009-10-23 03:35 . 2009-09-05 01:29 5501792 c:\windows\system32\d3dcsx_42.dll
- 2009-10-23 03:35 . 2009-09-05 00:29 5501792 c:\windows\system32\d3dcsx_42.dll
- 2009-10-23 03:35 . 2009-09-05 00:29 1974616 c:\windows\system32\D3DCompiler_42.dll
+ 2009-10-23 03:35 . 2009-09-05 01:29 1974616 c:\windows\system32\D3DCompiler_42.dll
+ 2009-06-25 00:22 . 2009-03-09 23:27 1846632 c:\windows\system32\D3DCompiler_41.dll
- 2009-06-25 00:22 . 2009-03-09 22:27 1846632 c:\windows\system32\D3DCompiler_41.dll
+ 2009-06-25 00:22 . 2008-10-15 14:22 2036576 c:\windows\system32\D3DCompiler_40.dll
- 2009-06-25 00:22 . 2008-10-15 13:22 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2009-06-25 00:22 . 2008-07-10 19:00 1493528 c:\windows\system32\D3DCompiler_39.dll
- 2009-06-25 00:22 . 2008-07-10 18:00 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2009-06-05 16:03 . 2008-05-30 22:11 1491992 c:\windows\system32\D3DCompiler_38.dll
- 2009-06-05 16:03 . 2008-05-30 21:11 1491992 c:\windows\system32\D3DCompiler_38.dll
+ 2009-06-05 16:03 . 2008-03-05 23:56 1420824 c:\windows\system32\D3DCompiler_37.dll
- 2009-06-05 16:03 . 2008-03-05 22:56 1420824 c:\windows\system32\D3DCompiler_37.dll
- 2009-06-05 16:03 . 2007-10-12 22:14 1374232 c:\windows\system32\D3DCompiler_36.dll
+ 2009-06-05 16:03 . 2007-10-12 23:14 1374232 c:\windows\system32\D3DCompiler_36.dll
- 2009-06-05 16:03 . 2007-07-20 01:14 1358192 c:\windows\system32\D3DCompiler_35.dll
+ 2009-06-05 16:03 . 2007-07-20 02:14 1358192 c:\windows\system32\D3DCompiler_35.dll
- 2009-06-05 16:03 . 2007-05-16 23:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2009-06-05 16:03 . 2007-05-17 00:45 1124720 c:\windows\system32\D3DCompiler_34.dll
+ 2009-12-08 02:11 . 2008-03-13 06:55 1294336 c:\windows\system32\ChilkatXml.dll
+ 2009-12-08 02:11 . 2009-03-22 03:40 1310720 c:\windows\system32\ChilkatUpload.dll
+ 2009-12-08 02:11 . 2008-03-13 06:54 1085440 c:\windows\system32\ChilkatSocket.dll
+ 2009-12-08 02:11 . 2008-07-01 17:00 1642496 c:\windows\system32\ChilkatMail_v7_9.dll
+ 2009-12-08 02:11 . 2007-12-28 21:16 1122304 c:\windows\system32\ChilkatHttp.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 1196032 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfchtml.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 3411968 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjswfc.dll
+ 2005-09-23 14:56 . 2005-09-23 14:56 3661824 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjslib.dll
+ 2005-09-23 12:49 . 2005-09-23 12:49 1290240 c:\windows\Microsoft.NET\Framework\v2.0.50727\vjsc.dll
+ 2005-09-23 15:48 . 2005-09-23 15:48 1886720 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\jsredist.msi
+ 2009-05-03 21:18 . 2004-12-01 23:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2004-12-01 22:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2009-05-03 21:18 . 2004-09-29 19:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-05-03 21:18 . 2004-09-29 20:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-02 07:14 . 2009-12-02 07:14 3174400 c:\windows\Installer\f4447a.msi
+ 2009-12-02 07:12 . 2009-12-02 07:12 3831808 c:\windows\Installer\f44207.msi
+ 2009-12-02 07:08 . 2009-12-02 07:08 3273216 c:\windows\Installer\f43f40.msi
+ 2010-01-18 09:59 . 2010-01-18 09:59 1049088 c:\windows\Installer\c60b75.msi
+ 2010-01-22 23:08 . 2010-01-22 23:08 2981376 c:\windows\Installer\9bba9.msi
+ 2010-01-13 03:59 . 2010-01-13 03:59 3300352 c:\windows\Installer\8c0e55a.msi
+ 2009-12-03 17:17 . 2009-12-03 17:17 2406912 c:\windows\Installer\734b1aa.msi
+ 2010-01-17 06:49 . 2010-01-17 06:49 2373120 c:\windows\Installer\56b7a8b.msi
+ 2010-01-22 21:23 . 2010-01-22 21:23 4454912 c:\windows\Installer\48bd68.msi
+ 2010-01-22 21:22 . 2010-01-22 21:22 1659392 c:\windows\Installer\48ba33.msi
+ 2010-01-22 21:21 . 2010-01-22 21:21 9473024 c:\windows\Installer\48ba2c.msi
+ 2010-01-22 21:20 . 2010-01-22 21:20 1549312 c:\windows\Installer\48b79e.msi
+ 2010-01-22 21:20 . 2010-01-22 21:20 3310592 c:\windows\Installer\48b797.msi
+ 2009-12-02 02:06 . 2009-12-02 02:06 4852224 c:\windows\Installer\3fa3640.msi
+ 2010-01-19 23:09 . 2010-01-19 23:09 1544192 c:\windows\Installer\3f44aa.msi
+ 2010-01-19 00:26 . 2010-01-19 00:26 1497600 c:\windows\Installer\3e46d95.msi
+ 2009-12-23 12:19 . 2009-12-23 12:19 3573248 c:\windows\Installer\3290038.msi
+ 2009-12-23 12:17 . 2009-12-23 12:17 3085824 c:\windows\Installer\328fa01.msi
+ 2009-12-23 12:16 . 2009-12-23 12:16 3285504 c:\windows\Installer\328f9cd.msi
+ 2009-12-23 12:15 . 2009-12-23 12:15 3096064 c:\windows\Installer\328f3df.msi
+ 2009-12-23 12:15 . 2009-12-23 12:15 4908544 c:\windows\Installer\328f3c7.msi
+ 2009-12-23 12:14 . 2009-12-23 12:14 4915200 c:\windows\Installer\328f3ba.msi
+ 2009-12-23 12:14 . 2009-12-23 12:14 3076608 c:\windows\Installer\328f3ae.msi
+ 2009-12-23 12:14 . 2009-12-23 12:14 3076608 c:\windows\Installer\328f393.msi
+ 2009-12-23 12:14 . 2009-12-23 12:14 3117056 c:\windows\Installer\328f34f.msi
+ 2009-12-23 12:13 . 2009-12-23 12:13 3095552 c:\windows\Installer\328f18d.msi
+ 2009-12-23 12:13 . 2009-12-23 12:13 3073024 c:\windows\Installer\328f184.msi
+ 2009-12-23 12:12 . 2009-12-23 12:12 3073536 c:\windows\Installer\328f17c.msi
+ 2009-12-23 12:12 . 2009-12-23 12:12 3074048 c:\windows\Installer\328f173.msi
+ 2009-12-23 12:12 . 2009-12-23 12:12 3073024 c:\windows\Installer\328f16a.msi
+ 2009-12-23 12:11 . 2009-12-23 12:11 3073536 c:\windows\Installer\328f161.msi
+ 2009-12-23 12:11 . 2009-12-23 12:11 3186176 c:\windows\Installer\328f157.msi
+ 2009-12-23 12:10 . 2009-12-23 12:10 3110912 c:\windows\Installer\328f02f.msi
+ 2009-12-23 12:10 . 2009-12-23 12:10 3087360 c:\windows\Installer\328f026.msi
+ 2009-12-23 12:10 . 2009-12-23 12:10 3178496 c:\windows\Installer\328f013.msi
+ 2009-12-23 12:09 . 2009-12-23 12:09 3075072 c:\windows\Installer\328ed46.msi
+ 2009-12-23 12:08 . 2009-12-23 12:08 3089408 c:\windows\Installer\328ed35.msi
+ 2009-12-23 12:08 . 2009-12-23 12:08 3078656 c:\windows\Installer\328ed2b.msi
+ 2009-12-23 12:08 . 2009-12-23 12:08 3146240 c:\windows\Installer\328ed21.msi
+ 2009-12-23 12:07 . 2009-12-23 12:07 3150848 c:\windows\Installer\328eaf8.msi
+ 2009-12-23 12:07 . 2009-12-23 12:07 3083776 c:\windows\Installer\328eacc.msi
+ 2009-12-23 12:07 . 2009-12-23 12:07 3076096 c:\windows\Installer\328eac2.msi
+ 2009-12-23 12:07 . 2009-12-23 12:07 3079680 c:\windows\Installer\328eab6.msi
+ 2009-12-23 12:06 . 2009-12-23 12:06 3094016 c:\windows\Installer\328eaaa.msi
+ 2009-12-23 12:06 . 2009-12-23 12:06 3073024 c:\windows\Installer\328ea20.msi
+ 2009-12-23 12:05 . 2009-12-23 12:05 3228160 c:\windows\Installer\328ea16.msi
+ 2009-12-23 12:05 . 2009-12-23 12:05 3070976 c:\windows\Installer\328e981.msi
+ 2009-12-23 12:04 . 2009-12-23 12:04 3174400 c:\windows\Installer\328e976.msi
+ 2009-11-21 07:36 . 2009-11-21 07:36 5002752 c:\windows\Installer\30cbc77.msp
+ 2009-10-16 15:09 . 2009-10-16 15:09 2518016 c:\windows\Installer\30cbc5f.msp
+ 2010-01-12 08:44 . 2010-01-12 08:44 1886208 c:\windows\Installer\2e4f90c.msi
+ 2009-12-30 09:22 . 2009-12-30 09:22 1262080 c:\windows\Installer\269803d7.msi
+ 2010-01-18 06:10 . 2010-01-18 06:10 1874944 c:\windows\Installer\1ace4a2.msi
+ 2009-12-03 22:15 . 2009-12-03 22:15 5004288 c:\windows\Installer\18d6e17.msp
+ 2010-01-18 05:23 . 2010-01-18 05:23 3576320 c:\windows\Installer\18010bb.msi
+ 2010-01-18 05:22 . 2010-01-18 05:22 3182592 c:\windows\Installer\18010b3.msi
+ 2010-01-22 07:56 . 2010-01-22 07:56 1473024 c:\windows\Installer\11738a4.msi
+ 2010-01-12 00:14 . 2010-01-12 00:14 4057088 c:\windows\Installer\100e44a.msi
+ 2010-01-12 00:10 . 2010-01-12 00:10 3174400 c:\windows\Installer\100e442.msi
+ 2010-01-11 23:55 . 2010-01-11 23:55 1082368 c:\windows\Installer\100e43b.msi
- 2009-04-27 00:52 . 2009-11-27 11:04 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-27 00:52 . 2010-01-13 11:10 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-04-27 00:52 . 2009-11-27 11:04 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-06 11:26 . 2009-03-06 11:26 5291376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\IPEDITOR.DLL
+ 2010-01-22 11:00 . 2009-10-29 07:45 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-09 11:04 . 2009-10-22 09:19 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2010-01-12 10:56 . 2010-01-12 10:56 3262976 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfchtml\216ca98a4efca342e522d957dd2653b6\vjswfchtml.ni.dll
+ 2010-01-12 10:56 . 2010-01-12 10:56 7011328 c:\windows\assembly\NativeImages_v2.0.50727_32\vjswfc\0c8826e751ea73415a3b592e7ddac29d\vjswfc.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 2559488 c:\windows\assembly\NativeImages_v2.0.50727_32\VJSSupUILib\da6b517467c4be642f06b679f70dac42\VJSSupUILib.ni.dll
+ 2010-01-12 09:37 . 2010-01-12 09:37 7982592 c:\windows\assembly\NativeImages_v2.0.50727_32\vjslib\1c7f0f95670f0397ffe5c1874fb6af3e\vjslib.ni.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 1196032 c:\windows\assembly\GAC_32\vjswfchtml\2.0.0.0__b03f5f7f11d50a3a\vjswfchtml.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 3411968 c:\windows\assembly\GAC_32\vjswfc\2.0.0.0__b03f5f7f11d50a3a\vjswfc.dll
+ 2010-01-12 08:44 . 2010-01-12 08:44 3661824 c:\windows\assembly\GAC_32\vjslib\2.0.0.0__b03f5f7f11d50a3a\vjslib.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-12 08:31 . 2010-01-12 08:31 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-29 03:47 . 2009-10-29 03:47 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 1209344 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\urlmon.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 5944320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
+ 2009-12-08 20:57 . 2009-10-29 07:45 1986048 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iertutil.dll
+ 2010-01-12 10:28 . 2009-05-18 22:34 22691984 c:\windows\system32\ReinstallBackups\0027\DriverFiles\Common\i386\AppSetup.exe
+ 2009-04-27 18:39 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
+ 2007-08-14 01:54 . 2009-12-21 19:14 11070464 c:\windows\system32\ieframe.dll
+ 2009-04-27 18:42 . 2009-12-21 19:14 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2010-01-22 11:00 . 2009-10-29 07:45 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2009-12-09 11:04 . 2009-08-29 08:08 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2010-01-07 17:09 . 2010-01-07 17:09 17520640 c:\windows\Downloaded Installations\{4CA2468D-98F2-4244-8E6A-2CBAC64C5003}\Find Duplicate Files Easily.msi
+ 2009-10-29 21:15 . 2009-10-29 21:15 11070464 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 22:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-04-06 21:26 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
backup=c:\windows\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Kyle^Start Menu^Programs^Startup^GigaTribe.lnk]
backup=c:\windows\pss\GigaTribe.lnkStartup
path=c:\documents and settings\Kyle\Start Menu\Programs\Startup\GigaTribe.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Kyle^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kyle^Start Menu^Programs^Startup^Neverwinter Nights_ Platinum Edition Registration.lnk]
backup=c:\windows\pss\Neverwinter Nights_ Platinum Edition Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kyle^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
path=c:\documents and settings\Kyle\Start Menu\Programs\Startup\PacketiX VPN Client Task Tray.lnk
backup=c:\windows\pss\PacketiX VPN Client Task Tray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Kyle^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 20:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2009-10-28 14:38 50536 ----a-w- c:\program files\AOL 9.5a\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-11-05 01:07 49152 ----a-w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-06-12 14:50 318272 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 17:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-05-24 04:20 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-05-14 22:47 2029640 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMPro8Agent]
2008-07-28 17:05 189056 ----a-w- c:\program files\Genie-Soft\GBMPro8\GBMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\AOL\1240792393\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-07-11 12:06 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2002-09-03 16:24 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2005-07-23 06:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2002-09-03 16:25 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-14 20:34 13877248 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-05 02:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-07-14 20:34 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-07-09 07:03 1657376 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2002-09-03 16:26 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2002-09-03 16:26 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDListener]
2009-02-28 09:01 111216 ----a-w- c:\program files\Registry Defense\RDListener.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2008-07-08 23:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2009-12-15 22:53 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]
2009-03-17 21:46 681256 ----a-w- c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2009-04-06 21:32 6345840 ----a-w- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-07 23:03 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-26 22:24 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-06-23 18:01 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 09:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 19:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-11-20 18:57 2590456 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
2008-08-07 00:31 233576 ------w- c:\program files\Creative\Volume Panel\VolPanlu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ThreatFire"=2 (0x2)
"SBAMSvc"=2 (0x2)
"gupdate1c9e3f3554e6e32"=2 (0x2)
"ekrn"=2 (0x2)
"AOL ACS"=2 (0x2)
"nTuneService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"ACDaemon"=3 (0x3)
"a2free"=2 (0x2)
"SandraAgentSrv"=3 (0x3)
"ose"=3 (0x3)
"npggsvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"WebClient"=2 (0x2)
"RasMan"=2 (0x2)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"napagent"=3 (0x3)
"Imapi Helper"=3 (0x3)
"PavPrSrv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"NtmsSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1240792393\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\u-lan.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Documents and Settings\\Kyle\\Desktop\\Back Up (Data)\\GigaTribe\\gigatribe.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TrueGames\\Mytheon\\launcher.ui.exe"=
"c:\\Program Files\\TrueGames\\Mytheon\\mytheonclientr.exe"=
"c:\\Program Files\\PacketiX VPN Client English\\vpnclient.exe"=
"c:\\Program Files\\PacketiX VPN Client English\\vpncmgr.exe"=
"c:\\Program Files\\PacketiX VPN Client English\\vpncmd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"25000:UDP"= 25000:UDP:U-LAN Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/17/2010 10:13 PM 64288]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [6/10/2008 2:33 AM 150568]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/26/2009 4:21 PM 691696]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/2/2009 2:30 PM 29808]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 2:47 PM 107256]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [1/22/2010 3:08 PM 108296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 72944]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [1/17/2010 2:25 PM 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/22/2008 5:08 PM 92464]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/3/2002 9:05 AM 14336]
R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [1/18/2010 4:13 PM 2211328]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [10/19/2009 11:12 AM 12672]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 5:19 AM 1181328]
R2 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client English\vpnclient.exe [5/15/2008 2:50 PM 2478080]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [1/22/2010 3:09 PM 1181040]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\Hide My IP 2009\HideMyIpSrv.exe [1/15/2010 1:07 PM 2396464]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/13/2009 5:46 PM 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0028.sys [1/18/2010 3:29 PM 22000]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [1/23/2010 1:19 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [1/23/2010 1:19 PM 3768]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [1/17/2010 2:26 PM 69936]
S3 BCASPROT;Advanced System Protector;c:\program files\Systweak\Advanced System Protector\sasprot32.sys [4/26/2009 4:34 PM 6656]
S3 CJELUWGV;CJELUWGV;c:\docume~1\Kyle\LOCALS~1\Temp\CJELUWGV.exe --> c:\docume~1\Kyle\LOCALS~1\Temp\CJELUWGV.exe [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [1/10/2010 12:52 PM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM 72728]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Kyle\LOCALS~1\Temp\ASB1B.tmp --> c:\docume~1\Kyle\LOCALS~1\Temp\ASB1B.tmp [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [1/18/2010 1:56 AM 30560]
S3 portio32;portio32;c:\windows\system32\drivers\portio32.sys --> c:\windows\system32\drivers\portio32.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 7408]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [1/23/2010 1:19 PM 200704]
S3 UVPMOACD;UVPMOACD;c:\docume~1\Kyle\LOCALS~1\Temp\UVPMOACD.exe --> c:\docume~1\Kyle\LOCALS~1\Temp\UVPMOACD.exe [?]
S3 vpn-x;VPN-X Virtual Network Interface Card(NIC);c:\windows\system32\drivers\vpn-x.sys [10/22/2009 9:03 PM 24960]
S4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [7/4/2009 2:20 PM 1858144]
S4 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [5/14/2009 2:47 PM 731840]
S4 gupdate1c9e3f3554e6e32;Google Update Service (gupdate1c9e3f3554e6e32);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 6:30 PM 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [3/17/2009 1:26 PM 894248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
2007-09-19 18:32 7680 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 12:14]

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 12:14]

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 12:14]

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 12:14]

2010-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 12:14]

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 02:30]

2010-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 02:30]

2010-01-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 22:56]

2009-04-27 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-04-27 22:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\windows\system32\HMIPCore.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} - hxxp://www.packetix.net/en/special/files/vpn2_5350_en/vpnweb.cab
FF - ProfilePath - c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, false);FF - user.js: protocol-handler.warn-external.dnUpdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Kyle\LOCALS~1\Temp\ASB1B.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-1637723038-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91C82F3C-C5A1-9937-886B-F5FCC3F2FF03}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abidebggpfmplpibcookpaecjdehblpgnl"=hex:64,62,6c,70,63,6d,6d,68,6a,6d,6a,69,
61,6b,67,6f,6f,6e,69,6c,63,6a,66,69,66,6b,6f,6c,65,68,6a,67,6b,62,6a,62,62,\
"bbidebggpfmplpibcolkgofeadgjfphhjmee"=hex:61,62,6f,63,61,62,6b,62,65,6e,68,6c,
6c,6d,70,67,69,65,61,65,65,65,61,62,62,6e,65,67,6d,67,6d,67,66,62,00,62

[HKEY_USERS\S-1-5-21-1202660629-1637723038-839522115-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,7f,a1,5d,10,85,d4,89,55,38,c6,f8,3a,db,86,f4,f8,81,fd,f2,4e,a2,44,
64,df,a9,81,9c,15,77,a0,d9,7d,d6,e3,a0,af,41,32,30,bb,7b,62,92,4c,b0,65,98,\
"??"=hex:8b,13,e4,a3,85,70,29,fd,38,55,c5,8d,9c,25,9d,72

[HKEY_USERS\S-1-5-21-1202660629-1637723038-839522115-1006\Software\SecuROM\License information*]
"datasecu"=hex:f7,ae,8c,4a,9e,a8,2d,c7,a4,55,32,d9,0a,a7,ea,a9,a2,e1,6e,18,36,
97,d0,87,35,2b,3d,43,ed,24,c3,98,8b,76,0a,19,7e,57,4c,68,9e,01,fc,b1,c4,0a,\
"rkeysecu"=hex:76,1e,c2,f1,40,2a,9c,a7,8e,35,dd,fd,87,97,0e,a0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3760)
c:\windows\system32\WININET.dll
c:\program files\Xfire\xfire_toucan_41060.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Xfire\Xfire.exe
c:\program files\Windows Live\Messenger\msnmsgr.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2010-01-28 13:13:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 21:13
ComboFix2.txt 2010-01-10 11:30
ComboFix3.txt 2009-12-01 09:51
ComboFix4.txt 2009-10-18 14:46
ComboFix5.txt 2010-01-28 20:32

Pre-Run: 62,839,246,848 bytes free
Post-Run: 62,783,045,632 bytes free

- - End Of File - - 88332ADF67A53E9105075FB1E113EDC0


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:08 AM

Posted 28 January 2010 - 04:18 PM

Hi,

Please uninstall ASK Toolbar through Add/Remove Programs.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 29 January 2010 - 02:39 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3654
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/28/2010 3:10:11 PM
mbam-log-2010-01-28 (15-10-11).txt

Scan type: Quick Scan
Objects scanned: 150736
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e4e374256c9fbf43ae6218ca06025e79
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-18 10:03:12
# local_time=2010-01-18 02:03:12 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 1751552 1751552 0 0
# compatibility_mode=512 16777215 100 0 16110878 16110878 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777191 100 0 4436941 4436941 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8201 39157246 100 100 10884572 21369037 0 0
# scanned=55202
# found=1
# cleaned=1
# scan_time=12692
C:\Documents and Settings\Kyle\Application Data\Sun\Java\Deployment\cache\6.0\18\6eb74992-5a37f343 Java/TrojanDownloader.OpenStream.NAF trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e4e374256c9fbf43ae6218ca06025e79
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-29 04:53:50
# local_time=2010-01-28 08:53:50 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 2675606 2675606 0 0
# compatibility_mode=512 16777215 100 0 17034932 17034932 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777191 100 0 5360995 5360995 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8201 39157246 100 100 11808626 22293091 0 0
# scanned=338964
# found=1
# cleaned=1
# scan_time=20449
C:\Documents and Settings\Kyle\Desktop\Sharecash Uploads\Combat Arms\Combat Arms Dll Injection.rar probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C






OTL logfile created on: 1/28/2010 11:06:13 PM - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Kyle\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 60.60 Gb Free Space | 20.33% Space Free | Partition Type: NTFS
Drive D: | 598.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 111.80 Gb Total Space | 16.09 Gb Free Space | 14.39% Space Free | Partition Type: NTFS
Drive I: | 37.24 Gb Total Space | 3.82 Gb Free Space | 10.27% Space Free | Partition Type: NTFS

Computer Name: KYLE-19YYAR8X0D
Current User Name: Kyle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/28 21:01:27 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\My Documents\Downloads\OTL(2).exe
PRC - [2010/01/27 04:13:47 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/27 04:13:32 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/21 17:33:00 | 03,188,624 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2010/01/20 20:44:16 | 00,215,128 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2010/01/10 22:30:34 | 00,180,224 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\LinkBuilderPro FreeEdition\LinkBuilderPRO.exe
PRC - [2010/01/05 20:54:25 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/03 09:17:17 | 00,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/30 16:44:31 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/11/28 09:39:24 | 02,396,464 | ---- | M] () -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
PRC - [2009/11/26 14:24:03 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/28 15:19:22 | 02,211,328 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/24 15:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/14 12:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/06/02 18:30:34 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/05/25 05:21:40 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/06/09 10:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/13 16:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/03 09:08:01 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/28 21:01:27 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kyle\My Documents\Downloads\OTL(2).exe
MOD - [2010/01/21 17:33:08 | 00,942,480 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_41060.dll
MOD - [2009/10/28 06:38:47 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2008/04/13 16:12:10 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WRConsumerService)
SRV - File not found [On_Demand | Stopped] -- -- (UVPMOACD)
SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Auto | Stopped] -- -- (FlexService)
SRV - File not found [On_Demand | Stopped] -- -- (CJELUWGV)
SRV - File not found [Disabled | Stopped] -- -- (ACDaemon)
SRV - [2010/01/27 10:38:42 | 02,431,024 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3647.dll -- (Akamai)
SRV - [2010/01/27 04:13:32 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/20 20:44:16 | 00,215,128 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/01/10 12:52:04 | 00,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/11/30 16:44:31 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/11/28 09:39:24 | 02,396,464 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2009/11/26 14:24:03 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/10/28 15:19:22 | 02,211,328 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009/10/09 12:09:44 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/24 15:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/14 15:16:00 | 03,194,176 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/14 12:34:58 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2009/06/02 18:30:34 | 00,133,104 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9e3f3554e6e32) Google Update Service (gupdate1c9e3f3554e6e32)
SRV - [2009/05/25 05:26:40 | 00,303,376 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/05/17 00:10:54 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 14:47:54 | 00,731,840 | ---- | M] (ESET) [Disabled | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/17 13:26:48 | 00,894,248 | ---- | M] (Sunbelt Software) [Disabled | Stopped] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009/02/23 11:43:54 | 00,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/07 17:21:00 | 00,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/11 15:33:12 | 00,200,704 | ---- | M] (SoundMovieServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/06/09 10:37:44 | 00,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/09/04 18:25:44 | 00,131,072 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/23 04:50:35 | 00,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (ssidrv)
DRV - File not found [Kernel | Unknown | Running] -- -- (sshrmd)
DRV - File not found [Kernel | Unknown | Running] -- -- (ssfs0bbc)
DRV - File not found [Kernel | Disabled | Running] -- -- (pwipf6)
DRV - [2010/01/20 20:44:25 | 00,138,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/01/18 15:29:33 | 00,022,000 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Neo_0028.sys -- (Neo_VPN)
DRV - [2010/01/12 00:44:08 | 00,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/02 05:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/27 02:56:37 | 00,296,976 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/11/27 02:56:37 | 00,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/09/25 18:50:24 | 00,024,960 | ---- | M] (BirdsSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpn-x.sys -- (vpn-x) VPN-X Virtual Network Interface Card(NIC)
DRV - [2009/09/23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/28 19:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/05 05:16:44 | 00,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2009/07/24 15:05:24 | 00,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/14 10:54:00 | 07,741,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/23 10:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 10:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 10:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/09 10:53:26 | 00,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/06/09 10:53:25 | 00,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/06/04 02:46:56 | 01,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 02:46:56 | 01,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 02:46:42 | 00,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 02:46:42 | 00,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 02:46:34 | 00,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 02:46:34 | 00,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/16 20:59:44 | 00,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/05/14 14:49:26 | 00,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 14:49:26 | 00,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 14:49:22 | 00,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 14:47:14 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/13 17:46:52 | 00,031,760 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/04/26 16:37:26 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/03/27 00:16:28 | 00,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/03/04 23:30:16 | 00,069,936 | ---- | M] (Sunbelt Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2009/02/24 17:42:14 | 00,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2008/11/19 19:22:36 | 00,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/11/11 15:05:18 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/11 15:05:16 | 00,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/10/22 17:08:38 | 00,092,464 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/09/12 09:38:30 | 00,013,360 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/08/05 18:28:46 | 00,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Systweak\Advanced System Protector\sasprot32.sys -- (BCASPROT)
DRV - [2008/06/10 02:33:10 | 00,150,568 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys -- (mv61xx)
DRV - [2008/04/13 11:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/20 02:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/17 16:14:06 | 00,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/12/11 09:52:12 | 00,026,784 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/09/04 18:26:32 | 00,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/11/10 14:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/11/01 23:50:52 | 00,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/05/23 19:41:07 | 00,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/05/23 19:41:04 | 00,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/05/23 19:40:21 | 01,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/05/23 19:38:30 | 00,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/05/23 19:38:08 | 00,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/05/23 19:38:01 | 00,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/05/23 19:37:44 | 00,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 01:06:04 | 00,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/07/22 22:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/22 22:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/08/12 18:56:20 | 00,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/07/14 09:51:24 | 00,019,968 | ---- | M] (Winford Engineering) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\portio32.dll -- (portio32)
DRV - [2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/16 16:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/09/03 08:53:10 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/09/03 08:31:57 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\S-1-5-21-1202660629-1637723038-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\S-1-5-21-1202660629-1637723038-839522115-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50ffTB50CL-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: foxyproxy-basic@eric.h.jung:1.4
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {289F3A4A-F3FF-4173-B994-DBC887E9C468}:0.3.5
FF - prefs.js..extensions.enabledItems: dave2x@download:0.5.9
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/28 22:04:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/22 13:22:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009/10/05 20:29:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/26 15:03:06 | 00,000,000 | ---D | M]

[2009/04/26 16:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Extensions
[2009/04/26 16:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/28 22:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions
[2010/01/19 20:11:45 | 00,000,000 | ---D | M] (Objection) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{289F3A4A-F3FF-4173-B994-DBC887E9C468}
[2010/01/14 02:07:25 | 00,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009/04/26 16:10:01 | 00,000,000 | ---D | M] (FoxGame) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2009/04/26 18:34:28 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{b8ccaffc-1f41-45bf-ad7a-1c730d9a4656}
[2009/08/21 10:45:29 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/21 10:45:27 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/17 22:11:57 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/09/11 17:40:36 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/10/19 21:56:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\dave2x@download
[2010/01/14 02:07:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\foxyproxy-basic@eric.h.jung
[2010/01/17 22:20:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\fsonlinescanner@f-secure.com
[2010/01/01 14:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\extensions\illimitux@illimitux.net
[2009/11/24 21:13:20 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\searchplugins\aol-search.xml
[2009/04/27 10:02:57 | 00,002,399 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\Mozilla\Firefox\Profiles\05ynilll.default\searchplugins\daemon-search.xml
[2010/01/28 22:31:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/26 15:03:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/11/26 14:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru-trash
[2010/01/15 13:08:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2009/09/13 21:10:06 | 00,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2009/07/02 23:34:44 | 00,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 06:42:14 | 00,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2002/04/18 08:39:16 | 00,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npipcd3.dll
[2005/01/19 20:48:22 | 00,008,192 | ---- | M] (PLATO Learning, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npiPLATO_22.dll

O1 HOSTS File: ([2010/01/28 22:11:43 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKLM..\RunOnce: [UninstallLockedSOSFiles] C:\DOCUME~1\Kyle\LOCALS~1\Temp\UninstallLockedSOSFiles.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1202660629-1637723038-839522115-1006\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1240775643447 (WUWebControl Class)
O16 - DPF: {7CF3E7C4-6112-4D72-A0CD-D0AD7EEB5467} http://www.packetix.net/en/special/files/v...0_en/vpnweb.cab (VpnWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/26 11:44:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/01 02:44:44 | 01,187,840 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/11/01 02:44:45 | 00,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{52e681cc-c0c3-11de-8d51-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{52e681cc-c0c3-11de-8d51-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{52e681cc-c0c3-11de-8d51-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2005/11/01 02:44:44 | 01,187,840 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative32) - C:\WINDOWS\System32\sasnative32.exe ()
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/26 04:36:18 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17454785745649664)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/28 22:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/01/28 22:17:24 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/28 22:11:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/01/27 19:45:06 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Kyle\Recent
[2010/01/26 12:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\TrueGames
[2010/01/25 21:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\XR Video Tutorial
[2010/01/25 12:20:51 | 00,000,000 | ---D | C] -- C:\Converted
[2010/01/24 18:58:50 | 00,000,000 | ---D | C] -- C:\Program Files\DupeEliminator
[2010/01/23 13:19:11 | 00,200,704 | ---- | C] (SoundMovieServer) -- C:\WINDOWS\System32\snmvtsvc.exe
[2010/01/23 13:19:11 | 00,023,096 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTAudio.sys
[2010/01/23 13:19:11 | 00,023,096 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\SndTAudio.sys
[2010/01/23 13:19:11 | 00,010,936 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\SndTVideo.dll
[2010/01/23 13:19:11 | 00,003,768 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\SndTVideo.sys
[2010/01/23 13:19:11 | 00,003,768 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\SndTVideo.sys
[2010/01/23 13:19:10 | 00,000,000 | ---D | C] -- C:\Program Files\SoundTaxi
[2010/01/23 13:10:07 | 00,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2010/01/23 13:09:14 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Music 3
[2010/01/23 13:09:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Music
[2010/01/22 15:08:38 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2010/01/22 13:23:02 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/22 13:23:01 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/22 13:23:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/22 13:22:22 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/01/22 13:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/22 13:20:51 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/01/22 13:20:32 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/01/22 13:20:32 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2010/01/22 13:20:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/01/22 03:00:30 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/21 23:56:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/01/21 23:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/01/21 23:34:28 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/20 20:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Attribute Manager
[2010/01/20 18:42:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Wallpaper Pack Keygen
[2010/01/19 15:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/01/18 21:27:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\PayPal Limitation Guide
[2010/01/18 18:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\LogMeIn Hamachi
[2010/01/18 18:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/01/18 16:13:25 | 00,025,216 | ---- | C] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2010/01/18 16:13:24 | 00,000,000 | ---D | C] -- C:\Program Files\S.A.D
[2010/01/18 16:06:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\JonDo
[2010/01/18 15:59:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\GPass
[2010/01/18 15:29:33 | 00,022,000 | ---- | C] (SoftEther Corporation) -- C:\WINDOWS\System32\drivers\Neo_0028.sys
[2010/01/18 15:28:45 | 00,081,920 | ---- | C] (SoftEther Corporation) -- C:\WINDOWS\System32\vpncmd.exe
[2010/01/18 15:28:38 | 00,000,000 | ---D | C] -- C:\Program Files\PacketiX VPN Client English
[2010/01/18 01:56:41 | 00,676,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin30.dll
[2010/01/18 01:56:41 | 00,030,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nx6000.sys
[2010/01/18 01:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2010/01/17 22:38:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/01/17 22:17:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/01/17 22:13:43 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/17 22:12:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\QuickScan
[2010/01/17 22:11:01 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/17 22:10:52 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/17 22:06:22 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/17 14:27:33 | 00,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2010/01/17 14:26:59 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/01/17 14:25:01 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/01/17 02:59:23 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/01/17 02:59:23 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/01/17 02:58:19 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/01/17 02:58:19 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/01/17 02:58:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/01/17 02:58:13 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/01/16 22:49:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\Sunbelt
[2010/01/16 22:46:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/01/15 16:18:59 | 00,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2010/01/15 14:55:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\rt_dominion_v1.5.1
[2010/01/15 13:08:02 | 00,200,704 | ---- | C] (My Privacy Tools, Inc.) -- C:\WINDOWS\System32\HMIPCore.dll
[2010/01/15 13:07:42 | 00,000,000 | ---D | C] -- C:\Program Files\Hide My IP 2009
[2010/01/15 12:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\ubot
[2010/01/15 12:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\u-bot
[2010/01/15 12:28:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\Xenocode
[2010/01/15 11:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\DupeFree Pro
[2010/01/15 00:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\as
[2010/01/15 00:09:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\LinkBuilderPro FreeEdition
[2010/01/14 22:19:08 | 00,000,000 | ---D | C] -- C:\Program Files\IBP 11
[2010/01/14 19:00:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\IBP
[2010/01/14 18:59:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\IBP 11.6
[2010/01/14 18:38:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Backlink Service Creation Videos
[2010/01/14 11:32:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\PRbackLink-Pack
[2010/01/14 11:05:15 | 00,000,000 | ---D | C] -- C:\Program Files\FBP - Facebook Blaster Pro
[2010/01/14 00:23:23 | 00,000,000 | ---D | C] -- C:\Program Files\Super AlexaBooster
[2010/01/13 13:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Joomla
[2010/01/12 23:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Vince Delmonte Site Script-image
[2010/01/12 02:41:18 | 00,010,240 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\CTDCRES.DLL
[2010/01/12 00:45:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Media Center Programs
[2010/01/12 00:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/01/11 21:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\GlobalSCAPE
[2010/01/11 21:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\GlobalSCAPE
[2010/01/11 21:38:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2010/01/11 18:33:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\My Documents\Micro Niche Finder
[2010/01/11 18:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Micro Niche Finder Service
[2010/01/11 18:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Micro Niche Finder
[2010/01/11 18:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2010/01/11 18:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\Micro Niche Finder
[2010/01/11 16:16:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\SmartFTP
[2010/01/11 15:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\SmartFTP Client
[2010/01/11 02:18:07 | 01,089,536 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Documents and Settings\Kyle\libeay32.dll
[2010/01/11 02:18:07 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Documents and Settings\Kyle\ssleay32.dll
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Testview
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\proxyc
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Projects
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\ProjectFill
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Plugins
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Logs
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Links
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Langpack
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\img
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\FieldsForAI
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\DeCaptcha
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Debug
[2010/01/11 02:18:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Antispam
[2010/01/10 12:57:22 | 00,102,400 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\cttele32.dll
[2010/01/10 12:57:10 | 00,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/01/10 12:53:39 | 22,691,984 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\AppSetup.exe
[2010/01/10 12:52:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2010/01/10 12:42:57 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/01/10 12:35:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2010/01/09 16:08:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\Gas Powered Games
[2010/01/09 15:06:20 | 00,000,000 | ---D | C] -- C:\AMusic
[2010/01/09 13:22:30 | 00,000,000 | ---D | C] -- C:\temp
[2010/01/07 15:28:17 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2010/01/07 15:26:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\LimeWire Pro
[2010/01/07 09:10:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\StreamingFileProcessing
[2010/01/07 09:10:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\Find Duplicate Files Easily
[2010/01/07 03:50:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Desktop\Here
[2010/01/05 20:43:08 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/01/05 20:43:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/01/05 20:43:07 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/01/05 00:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Uploads
[2010/01/05 00:53:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\New Folder
[2010/01/04 16:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\temp
[2009/12/31 20:53:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Application Data\RegistryDefense
[2009/12/31 20:53:47 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Defense
[2009/12/30 13:32:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/30 01:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kyle\Local Settings\Application Data\Temp
[2009/11/10 23:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AOL
[2009/10/21 18:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/10/21 18:51:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/21 18:51:17 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/19 19:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\NVIDIA Corporation
[2009/07/04 23:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009/06/06 08:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/02 18:31:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/30 06:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/26 16:37:26 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Kyle\Application Data\pcouffin.sys
[2009/04/26 16:36:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2009/04/26 16:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/04/26 12:22:49 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/04/26 12:13:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kyle\*.tmp files -> C:\Documents and Settings\Kyle\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/28 23:16:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/28 23:13:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/28 23:13:57 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/28 23:13:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/28 23:13:55 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/28 23:13:54 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/28 23:08:32 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/28 22:27:26 | 16,515,072 | ---- | M] () -- C:\Documents and Settings\Kyle\ntuser.dat
[2010/01/28 22:14:44 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[2010/01/28 22:11:43 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/28 22:06:47 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\winscp.rnd
[2010/01/28 21:57:46 | 00,238,831 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/01/28 21:56:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/28 21:56:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/28 13:04:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/28 13:03:52 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/28 12:43:43 | 00,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2010/01/28 12:43:43 | 00,055,020 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2010/01/28 12:43:43 | 00,055,020 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2010/01/28 12:43:43 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/01/28 12:43:43 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/01/28 12:43:37 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Kyle\ntuser.ini
[2010/01/28 07:33:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/27 15:40:14 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/26 14:27:33 | 00,088,237 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Website re-Write Content..docx
[2010/01/26 12:59:17 | 00,001,686 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mytheon.lnk
[2010/01/25 21:18:28 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 13:00:04 | 00,000,800 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/25 13:00:04 | 00,000,293 | RHS- | M] () -- C:\boot.ini
[2010/01/24 20:31:26 | 00,001,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MarkelSoft Dupe Eliminator for iTunes.lnk
[2010/01/24 15:47:28 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\mcs.rma
[2010/01/24 15:47:28 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\7A03F6
[2010/01/23 13:19:13 | 00,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SoundTaxi.lnk
[2010/01/23 13:10:07 | 00,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL
[2010/01/22 00:00:00 | 00,608,256 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\blackra1n.exe
[2010/01/21 17:33:06 | 00,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/21 15:20:14 | 00,137,044 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\TransferPage.jpg
[2010/01/21 15:18:05 | 00,000,365 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\5-0.gif
[2010/01/20 20:44:25 | 00,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/20 20:44:16 | 00,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/20 20:44:16 | 00,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/01/20 20:35:44 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 20:31:52 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Attribute Manager.lnk
[2010/01/20 18:55:34 | 00,386,525 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Transfer Page.png
[2010/01/20 17:00:58 | 00,077,832 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\account managmentt.JPG
[2010/01/18 16:13:32 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberGhost VPN.lnk
[2010/01/18 15:29:33 | 00,022,000 | ---- | M] (SoftEther Corporation) -- C:\WINDOWS\System32\drivers\Neo_0028.sys
[2010/01/18 15:28:45 | 00,081,920 | ---- | M] (SoftEther Corporation) -- C:\WINDOWS\System32\vpncmd.exe
[2010/01/17 22:09:15 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\housecall.guid.cache
[2010/01/15 13:11:23 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2010/01/15 13:07:42 | 00,000,685 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Hide My IP.lnk
[2010/01/14 19:00:46 | 00,000,635 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Shortcut to IBP.exe.lnk
[2010/01/13 17:05:19 | 00,546,816 | ---- | M] () -- C:\Documents and Settings\Kyle\My Documents\Muscle Building 3.msam
[2010/01/13 01:53:35 | 00,329,728 | ---- | M] () -- C:\Documents and Settings\Kyle\My Documents\World Class Body.msam
[2010/01/12 20:13:50 | 00,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/12 20:13:50 | 00,443,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/12 20:13:50 | 00,072,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/12 19:59:06 | 03,300,352 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\hamachi.msi
[2010/01/12 18:53:07 | 00,788,480 | ---- | M] () -- C:\Documents and Settings\Kyle\My Documents\Muscle building 2.msam
[2010/01/12 02:28:27 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/01/12 02:28:27 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/01/12 02:09:45 | 00,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/01/12 00:45:56 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Forged Alliance.lnk
[2010/01/12 00:44:08 | 00,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/11 21:07:48 | 00,600,411 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\adword_guide.pdf
[2010/01/11 20:23:17 | 00,798,720 | ---- | M] () -- C:\Documents and Settings\Kyle\My Documents\Muscle Building.msam
[2010/01/11 18:39:36 | 00,543,744 | ---- | M] () -- C:\Documents and Settings\Kyle\My Documents\NicheFInder.msam
[2010/01/11 18:31:33 | 00,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder.lnk
[2010/01/07 18:56:20 | 00,000,064 | ---- | M] () -- C:\Documents and Settings\Kyle\settings.ini
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 15:28:20 | 00,001,586 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\LimeWire PRO 5.4.6.lnk
[2010/01/07 00:59:35 | 00,001,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TidySongs.lnk
[2010/01/05 19:58:06 | 00,097,406 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Account Transfer.JPG
[2010/01/05 19:57:46 | 00,097,406 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Account Transfer Page.JPG
[2010/01/05 14:40:01 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\pcouffin.cat
[2010/01/05 14:40:00 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Kyle\Application Data\pcouffin.sys
[2010/01/05 14:40:00 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Kyle\Application Data\pcouffin.inf
[2009/12/31 20:53:49 | 00,000,783 | ---- | M] () -- C:\Documents and Settings\Kyle\Desktop\Registry Defense.lnk
[2009/12/30 13:32:34 | 02,246,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/30 01:22:34 | 00,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Kyle\*.tmp files -> C:\Documents and Settings\Kyle\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/28 22:14:44 | 00,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
[2010/01/26 14:23:37 | 00,088,237 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Website re-Write Content..docx
[2010/01/26 12:59:17 | 00,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mytheon.lnk
[2010/01/24 18:59:24 | 00,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MarkelSoft Dupe Eliminator for iTunes.lnk
[2010/01/23 13:19:13 | 00,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoundTaxi.lnk
[2010/01/23 13:19:11 | 00,019,099 | ---- | C] () -- C:\WINDOWS\System32\SndTAudio.inf
[2010/01/23 13:19:11 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\SndTVideo.inf
[2010/01/23 13:19:11 | 00,002,539 | ---- | C] () -- C:\WINDOWS\System32\SndTVideo.cat
[2010/01/23 13:19:11 | 00,002,100 | ---- | C] () -- C:\WINDOWS\System32\SndTAudio.cat
[2010/01/23 13:10:16 | 00,001,356 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\ReplayMusicLog.log
[2010/01/22 13:23:33 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/01/22 13:20:56 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/22 00:00:00 | 00,608,256 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\blackra1n.exe
[2010/01/21 17:33:06 | 00,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/01/21 15:18:04 | 00,000,365 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\5-0.gif
[2010/01/21 15:04:06 | 00,137,044 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\TransferPage.jpg
[2010/01/20 20:31:52 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Attribute Manager.lnk
[2010/01/20 18:55:34 | 00,386,525 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Transfer Page.png
[2010/01/20 17:00:58 | 00,077,832 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\account managmentt.JPG
[2010/01/18 16:13:32 | 00,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberGhost VPN.lnk
[2010/01/18 09:09:41 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/18 01:56:41 | 00,524,128 | ---- | C] () -- C:\WINDOWS\System32\LcProxy.ax
[2010/01/17 22:19:34 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/17 22:14:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/17 22:14:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/17 22:14:05 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/17 22:13:54 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/17 22:09:15 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\housecall.guid.cache
[2010/01/15 16:19:01 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\winscp.rnd
[2010/01/15 13:11:12 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/01/15 13:07:42 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Hide My IP.lnk
[2010/01/14 19:00:46 | 00,000,635 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Shortcut to IBP.exe.lnk
[2010/01/13 16:21:11 | 00,546,816 | ---- | C] () -- C:\Documents and Settings\Kyle\My Documents\Muscle Building 3.msam
[2010/01/13 00:02:57 | 00,329,728 | ---- | C] () -- C:\Documents and Settings\Kyle\My Documents\World Class Body.msam
[2010/01/12 19:59:04 | 03,300,352 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\hamachi.msi
[2010/01/12 17:39:42 | 00,788,480 | ---- | C] () -- C:\Documents and Settings\Kyle\My Documents\Muscle building 2.msam
[2010/01/12 02:43:46 | 00,064,900 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2010/01/12 02:43:46 | 00,055,020 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2010/01/12 02:43:46 | 00,055,020 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
[2010/01/12 02:43:46 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/01/12 02:43:46 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2010/01/12 02:42:01 | 00,003,128 | R--- | C] () -- C:\WINDOWS\System32\XFi.bmp
[2010/01/12 02:42:01 | 00,000,766 | R--- | C] () -- C:\WINDOWS\System32\SBXFi.ico
[2010/01/12 02:41:18 | 00,086,445 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/01/12 02:41:18 | 00,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/01/12 02:09:45 | 00,003,304 | ---- | C] () -- C:\bootsqm.dat
[2010/01/12 00:45:56 | 00,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Forged Alliance.lnk
[2010/01/11 21:07:44 | 00,600,411 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\adword_guide.pdf
[2010/01/11 19:45:27 | 00,798,720 | ---- | C] () -- C:\Documents and Settings\Kyle\My Documents\Muscle Building.msam
[2010/01/11 18:31:33 | 00,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Micro Niche Finder.lnk
[2010/01/11 17:39:29 | 00,543,744 | ---- | C] () -- C:\Documents and Settings\Kyle\My Documents\NicheFInder.msam
[2010/01/11 02:18:07 | 00,701,051 | ---- | C] () -- C:\Documents and Settings\Kyle\forums.uadrive
[2010/01/11 02:18:07 | 00,265,725 | ---- | C] () -- C:\Documents and Settings\Kyle\reg.uadrive
[2010/01/11 02:18:07 | 00,001,250 | ---- | C] () -- C:\Documents and Settings\Kyle\xpostmask.ini
[2010/01/11 02:18:07 | 00,001,211 | ---- | C] () -- C:\Documents and Settings\Kyle\xuser.ini
[2010/01/11 02:18:07 | 00,001,035 | ---- | C] () -- C:\Documents and Settings\Kyle\masspm.ini
[2010/01/11 02:18:07 | 00,000,895 | ---- | C] () -- C:\Documents and Settings\Kyle\autofill.ini
[2010/01/11 02:18:07 | 00,000,428 | ---- | C] () -- C:\Documents and Settings\Kyle\proxy.ini
[2010/01/11 02:18:07 | 00,000,096 | ---- | C] () -- C:\Documents and Settings\Kyle\config.ini
[2010/01/07 18:56:20 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\Kyle\settings.ini
[2010/01/07 15:28:20 | 00,001,586 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\LimeWire PRO 5.4.6.lnk
[2010/01/07 00:59:21 | 00,001,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TidySongs.lnk
[2010/01/05 19:58:06 | 00,097,406 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Account Transfer.JPG
[2009/12/31 20:53:49 | 00,000,783 | ---- | C] () -- C:\Documents and Settings\Kyle\Desktop\Registry Defense.lnk
[2009/12/30 01:22:34 | 00,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/12/09 03:20:15 | 00,748,400 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/07 18:12:26 | 00,004,873 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vsrenaae.pyv
[2009/12/01 19:30:18 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/01 18:07:11 | 00,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/12/01 18:07:11 | 00,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/12/01 18:07:11 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/12/01 18:07:11 | 00,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/12/01 18:07:11 | 00,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/12/01 18:07:11 | 00,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/11/23 14:08:15 | 00,004,985 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ojvzdisj.xda
[2009/11/21 14:56:19 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\fusioncache.dat
[2009/10/19 18:39:23 | 00,000,064 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.ldb
[2009/10/19 13:25:26 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009/10/19 13:25:26 | 00,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009/10/19 13:25:23 | 00,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009/10/19 13:25:23 | 00,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009/09/18 18:25:39 | 00,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/09/18 18:25:39 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\PnkBstrK.sys
[2009/09/03 08:41:48 | 00,000,075 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/27 11:04:44 | 00,557,003 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/08/27 11:04:32 | 00,811,835 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/08/27 11:03:52 | 04,456,201 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/08/25 10:07:36 | 00,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/08/25 09:38:04 | 00,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/08/25 08:56:56 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/25 08:37:02 | 00,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/08/11 16:25:28 | 00,870,128 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\mcs.rma
[2009/08/11 16:25:28 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\7A03F6
[2009/07/04 14:54:05 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2009/06/24 20:59:04 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2009/06/24 20:59:04 | 00,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2009/06/09 10:53:26 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/06/09 10:53:25 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/06/04 00:55:20 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/06/04 00:55:20 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/06/02 09:15:44 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/06/02 09:15:18 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/06/02 09:15:04 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/06/02 09:14:56 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/06/02 09:14:30 | 00,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/06/02 09:13:58 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/06/02 09:13:50 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/06/02 09:11:26 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/05/16 07:27:45 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/05/14 18:22:58 | 00,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/05/08 12:00:35 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/08 11:33:03 | 00,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/28 10:29:18 | 00,000,317 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/04/27 17:05:45 | 00,000,261 | ---- | C] () -- C:\WINDOWS\WPE PRO - modified.INI
[2009/04/26 16:40:41 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/04/26 16:38:01 | 00,001,041 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\vso_ts_preview.xml
[2009/04/26 16:37:29 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\pcouffin.log
[2009/04/26 16:37:26 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\pcouffin.cat
[2009/04/26 16:37:26 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Kyle\Application Data\pcouffin.inf
[2009/04/26 16:21:34 | 00,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/26 16:13:24 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/26 12:23:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/26 12:05:47 | 00,030,460 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/04/26 11:51:06 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/04/26 11:51:02 | 00,030,157 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/04/26 11:51:02 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/03/27 09:03:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/27 09:03:00 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/27 09:03:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/27 09:03:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/10 14:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 14:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 14:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 14:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 14:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 14:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 14:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 14:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 14:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 14:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 14:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 14:11:50 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/09 13:48:46 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2008/10/09 13:48:46 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2007/10/13 01:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/08/23 19:30:00 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/07/10 09:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/03/12 11:01:30 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2006/11/17 23:24:06 | 00,066,046 | ---- | C] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico
[2006/05/23 21:00:48 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/07/26 13:13:12 | 00,000,214 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 05:10:50 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/12/01 23:35:11 | 01,228,240 | ---- | M] (Adobe Systems Incorporated) -- C:\ADBEPHSPCS4_LS1.exe


< MD5 for: AGP440.SYS >
[2009/04/26 13:47:57 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/26 17:33:57 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/26 13:47:57 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/04/26 17:33:57 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 09:04:09 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2009/04/26 13:47:57 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/26 17:33:57 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/26 13:47:57 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/04/26 17:33:57 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 08:27:33 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\System32\DRIVERS\atapi.sys
[2002/09/03 08:27:33 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2002/08/29 00:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: LOGEVENT.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 512 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 181 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB5259D1
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D06A4C76
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >


#12 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 29 January 2010 - 07:07 PM

Upone looking at Dxdiag I have found that I have 17 Sound Drivers, I believe this could be a problem.

#13 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 29 January 2010 - 07:36 PM

Alright Sound Drivers situation is fixed I uninstalled them, but I am still having same problems as before.

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:08 AM

Posted 30 January 2010 - 09:58 AM

Which problems?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 insaniak

insaniak
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 January 2010 - 02:57 PM

black when right click and freezing randomly




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users