Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Nexplore Pop-Up / Malware (Logs Are Attached)


  • This topic is locked This topic is locked
27 replies to this topic

#1 MovieMaker5087

MovieMaker5087

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 January 2010 - 06:10 PM

Hello Bleeping Computer community,

I have guest visited your extremely helpful site before numerous of times with help in removing various trojan's and malware files that have snuck themselves into my laptop. However, this time around, I find myself needing your help directly, hence why I'm now a registered member.

I'm having the same problem the user who created this thread was having:

http://www.bleepingcomputer.com/forums/t/219566/nexplore-popup-antivirusspyware-removal/

However, I only have it half bad - I'm just getting the Nexplore pop-up's, and it's the most annoying thing too. I don't use Internet Explorer, but rather Google Chrome, and I realized that after both McAfee and Windows Defender had found a trojan file in my system 32 folder (after of course both programs had told me that they had removed it), Internet Explorer started to pop up all by itself, but it loaded up EXTREMELY slowly, and it opened up four windows at once. It would always lock up, and it was only in the end that I was able to screen capture what it was it was trying to load. Here are those screen caps:

http://i19.photobucket.com/albums/b179/Mov...r5087/IEBug.png
http://i19.photobucket.com/albums/b179/Mov...5087/IEBug2.png
http://i19.photobucket.com/albums/b179/Mov...5087/IEBug3.png

The last image I did not zoom in on - IE bugged out like that, and I found it to be very odd for it to do so.

IE would load up shortly after I had rebooted my computer, and to get Malawarebytes to do its scan, I had to do it in safe-mode. It found two errors, and I had the program remove them, but the IE bug still kept happening, and I still kept getting pop-ups for this Nexplore site. I will post both Malawarebytes logs, both from when it found the two infected files, and from today, when it found no infected files.

Anyways, reading that thread, and the Preperation Guide for posting in this particular forum, here are all the logs I've collected. I hope they are the right ones, and that someone can help me with my problem and get rid of this annoying pop-up.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Seth at 15:33:11.84 on Sun 01/24/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3317.2051 [GMT -5:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\MPS\mps.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Seth\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\seth\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [hazarelog] Rundll32.exe "c:\progra~2\giribemi\giribemi.dll",a
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\seth\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\seth\appdata\roaming\mozilla\firefox\profiles\p5aobwuo.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\users\seth\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2008-6-24 57344]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2007-2-28 554600]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-2-28 349784]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2007-2-28 239200]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-2-28 144960]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-2-28 71496]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-2-28 34120]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-2-28 168392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-11-13 21504]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-2-28 624720]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-2-28 31944]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-2-28 35048]

=============== Created Last 30 ================

2010-01-23 21:46:55 0 d-----w- c:\users\seth\appdata\roaming\Malwarebytes
2010-01-23 21:46:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 21:46:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 21:46:48 0 d-----w- c:\programdata\Malwarebytes
2010-01-23 21:46:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 20:54:34 0 d-----w- c:\programdata\pokupibo
2010-01-23 20:54:33 0 d-----w- c:\programdata\giribemi
2010-01-23 20:48:48 0 d-----w- c:\programdata\povorika
2010-01-23 20:48:48 0 d-----w- c:\programdata\higahayi
2010-01-23 20:48:48 0 d-----w- c:\programdata\bojahapo
2010-01-22 08:13:20 0 d-----w- c:\program files\DivX
2010-01-22 08:13:20 0 d-----w- c:\program files\common files\DivX Shared
2010-01-22 06:03:26 834048 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 06:03:14 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-21 03:58:50 0 d-----w- c:\users\seth\appdata\roaming\GeoVid
2010-01-21 03:58:35 77824 ----a-w- c:\windows\system32\xvid.ax
2010-01-21 03:58:35 765952 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-21 03:58:35 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-21 03:58:35 0 d-----w- c:\programdata\GeoVid
2010-01-21 03:58:35 0 d-----w- c:\program files\common files\GeoVid
2010-01-21 03:58:34 1712128 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-21 03:58:34 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-01-21 03:58:34 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2010-01-21 03:58:33 60416 ----a-w- c:\windows\system32\dsetup.dll
2010-01-21 03:58:32 0 d-----w- c:\program files\GeoVid
2010-01-21 03:17:20 0 d-----w- C:\Multimedia Files
2010-01-21 03:17:14 0 d-----w- c:\program files\Microsoft GIF Animator
2010-01-13 01:39:58 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 01:39:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-08 20:09:13 0 d-----w- c:\windows\system32\Adobe

==================== Find3M ====================

2010-01-22 02:58:18 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-22 02:58:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-11-17 01:58:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 01:58:22 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-15 15:31:28 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-14 17:14:20 174 --sha-w- c:\program files\desktop.ini
2009-11-14 00:57:28 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-11-14 00:57:27 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-11-13 02:12:13 37888 ----a-w- c:\windows\system32\printcom.dll
2009-11-13 02:11:51 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-13 02:11:30 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-11-13 02:11:03 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-11-12 22:10:49 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-12 22:09:18 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-12 22:07:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 22:07:59 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-12 10:18:47 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-11-12 10:18:46 272896 ----a-w- c:\windows\system32\polstore.dll
2009-11-12 10:13:38 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-11-12 10:13:38 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-11-12 10:13:38 17920 ----a-w- c:\windows\system32\netevent.dll
2009-11-12 10:13:38 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-11-12 10:13:38 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-11-12 10:13:38 10240 ----a-w- c:\windows\system32\finger.exe
2009-11-12 10:13:37 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-11-12 10:13:37 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-11-12 10:13:37 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-11-12 10:09:48 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-11-12 10:09:47 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-11-12 10:09:47 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-11-12 10:09:47 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-11-12 10:09:47 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-11-12 10:09:47 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-11-12 10:09:44 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2009-11-12 10:08:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-11-12 10:08:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-12 10:08:31 23552 ----a-w- c:\windows\system32\lpk.dll
2009-11-12 10:08:31 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-11-12 10:07:19 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-11-12 10:05:05 98816 ----a-w- c:\windows\system32\mfps.dll
2009-11-12 10:05:05 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-11-12 10:05:05 2868224 ----a-w- c:\windows\system32\mf.dll
2009-11-12 10:05:04 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-11-12 10:05:04 2048 ----a-w- c:\windows\system32\mferror.dll
2009-11-12 09:59:53 72704 ----a-w- c:\windows\system32\admparse.dll
2009-11-12 09:59:48 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-11-12 09:58:13 71680 ----a-w- c:\windows\system32\atl.dll
2009-11-12 09:53:21 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-12 09:53:21 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-11-12 09:49:08 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-11-12 09:48:09 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-11-12 09:48:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-11-12 09:48:09 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-11-12 09:46:14 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-11-12 09:36:31 623616 ----a-w- c:\windows\system32\localspl.dll
2009-11-12 09:35:29 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-11-12 09:35:29 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-11-12 09:35:29 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-11-12 09:35:29 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-11-12 09:35:28 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-12 09:35:28 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-11-12 09:29:57 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-11-12 09:29:56 9728 ----a-w- c:\windows\system32\lsass.exe
2009-11-12 09:29:56 72704 ----a-w- c:\windows\system32\secur32.dll
2009-11-12 09:29:56 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-11-12 09:29:55 270848 ----a-w- c:\windows\system32\schannel.dll
2009-11-12 09:29:55 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-11-12 09:26:59 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2009-11-12 09:23:31 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-11-12 09:01:05 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-12 08:39:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-11-12 08:39:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-11-12 08:39:54 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-11-12 08:37:59 84480 ----a-w- c:\windows\system32\INETRES.dll
2009-11-12 08:37:34 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-11-12 08:35:47 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-11-12 08:34:04 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 08:33:30 2048 ----a-w- c:\windows\system32\msxml6r.dll
2009-11-12 08:32:19 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-11-12 08:30:22 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-11-12 08:30:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-12 08:30:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-11-12 08:30:19 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:33:43.29 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 January 2010 - 06:13 PM

Here are the Malawayrebytes' logs. The first log is when the program found the two infected files, which was yesterday:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

1/23/2010 5:44:37 PM
mbam-log-2010-01-23 (17-44-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 239657
Time elapsed: 41 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\namiwurodi (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\povorika\povorika.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Now here is the log when I had the program re-scan my laptop today:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/24/2010 3:14:17 PM
mbam-log-2010-01-24 (15-14-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 244233
Time elapsed: 1 hour(s), 8 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 January 2010 - 06:20 PM

Here are the two RSIT logs. Due to their length, I'll post each one seperately as it's own post. The first one I'm going to post is the one that was created as "log.txt":

Logfile of random's system information tool 1.06 (written by random/random)
Run by Seth at 2010-01-24 15:57:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 95 GB (63%) free of 151 GB
Total RAM: 3317 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3695309410-1559170151-3847321732-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3695309410-1559170151-3847321732-1000UA.job
C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\program files\mcafee\virusscan\scriptcl.dll [2006-10-26 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-02-13 405504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904]
"NDSTray.exe"=NDSTray.exe []
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2006-12-20 411768]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2006-12-07 55416]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2007-01-19 448632]
"MskAgentexe"=C:\Program Files\McAfee\MSK\MskAgent.exe [2006-11-03 161360]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2006-11-10 417792]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\Users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 135664]
"hazarelog"=c:\progra~2\giribemi\giribemi.dll [ 0-179-00 96256]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Air Mouse.lnk - C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe

C:\Users\Seth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ed28fdd-cfd4-11de-82fd-00a0d1730d80}]
shell\AutoRun\command - F:\setup.exe


======List of files/folders created in the last 3 months======

2010-01-24 15:57:54 ----D---- C:\rsit
2010-01-24 15:57:54 ----D---- C:\Program Files\trend micro
2010-01-24 15:51:12 ----A---- C:\RootRepeal report 01-24-10 (15-51-12).txt
2010-01-23 16:59:46 ----A---- C:\Windows\ntbtlog.txt
2010-01-23 16:46:55 ----D---- C:\Users\Seth\AppData\Roaming\Malwarebytes
2010-01-23 16:46:48 ----D---- C:\ProgramData\Malwarebytes
2010-01-23 16:46:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-23 15:54:34 ----D---- C:\ProgramData\pokupibo
2010-01-23 15:54:33 ----D---- C:\ProgramData\giribemi
2010-01-23 15:48:48 ----D---- C:\ProgramData\povorika
2010-01-23 15:48:48 ----D---- C:\ProgramData\higahayi
2010-01-23 15:48:48 ----D---- C:\ProgramData\bojahapo
2010-01-22 03:13:20 ----D---- C:\Program Files\DivX
2010-01-22 03:13:20 ----D---- C:\Program Files\Common Files\DivX Shared
2010-01-22 01:03:26 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 01:03:26 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 01:03:26 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 01:03:24 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 01:03:19 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 01:03:14 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 01:03:14 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 01:03:08 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-20 22:58:50 ----D---- C:\Users\Seth\AppData\Roaming\GeoVid
2010-01-20 22:58:35 ----D---- C:\ProgramData\GeoVid
2010-01-20 22:58:35 ----D---- C:\Program Files\Common Files\GeoVid
2010-01-20 22:58:35 ----A---- C:\Windows\system32\xvidvfw.dll
2010-01-20 22:58:35 ----A---- C:\Windows\system32\xvidcore.dll
2010-01-20 22:58:34 ----A---- C:\Windows\system32\mfc71u.dll
2010-01-20 22:58:34 ----A---- C:\Windows\system32\mfc71.dll
2010-01-20 22:58:34 ----A---- C:\Windows\system32\gdiplus.dll
2010-01-20 22:58:33 ----A---- C:\Windows\system32\dsetup.dll
2010-01-20 22:58:32 ----D---- C:\Program Files\GeoVid
2010-01-20 22:17:20 ----D---- C:\Multimedia Files
2010-01-20 22:17:14 ----D---- C:\Program Files\Microsoft GIF Animator
2010-01-12 20:39:58 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 20:39:58 ----A---- C:\Windows\system32\fontsub.dll
2010-01-08 15:09:13 ----D---- C:\Windows\system32\Adobe
2009-12-21 18:03:57 ----D---- C:\Users\Seth\AppData\Roaming\Greyfirst
2009-12-20 00:10:47 ----D---- C:\Users\Seth\AppData\Roaming\vlc
2009-12-17 17:41:19 ----D---- C:\Windows\lhsp
2009-12-17 17:41:15 ----D---- C:\Program Files\CFS-Technologies
2009-12-16 03:06:43 ----D---- C:\Program Files\Cepstral
2009-12-14 00:30:05 ----D---- C:\Windows\Minidump
2009-12-13 19:42:15 ----D---- C:\Users\Seth\AppData\Roaming\Publish Providers
2009-12-13 19:41:58 ----AD---- C:\ProgramData\TEMP
2009-12-13 19:41:57 ----D---- C:\Users\Seth\AppData\Roaming\Sony
2009-12-13 19:37:01 ----D---- C:\Program Files\Vstplugins
2009-12-13 19:36:55 ----D---- C:\ProgramData\Sony
2009-12-13 19:36:36 ----D---- C:\Program Files\Sony
2009-12-09 03:07:27 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 03:07:02 ----A---- C:\Windows\system32\httpapi.dll
2009-12-08 16:50:34 ----A---- C:\Windows\system32\winhttp.dll
2009-12-08 16:49:38 ----A---- C:\Windows\system32\rastls.dll
2009-12-01 03:46:36 ----D---- C:\Program Files\DietMP3
2009-12-01 03:25:25 ----D---- C:\Program Files\Lame for Audacity
2009-12-01 01:46:27 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-30 17:19:41 ----D---- C:\Program Files\Audacity
2009-11-27 02:35:32 ----D---- C:\Users\Seth\AppData\Roaming\BitTorrent
2009-11-27 02:35:25 ----D---- C:\Program Files\BitTorrent
2009-11-25 14:43:23 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 14:35:01 ----D---- C:\Downloads
2009-11-25 03:37:48 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 03:37:48 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 16:49:53 ----D---- C:\ProgramData\Adobe
2009-11-23 16:49:48 ----D---- C:\Program Files\Common Files\Adobe
2009-11-23 16:41:21 ----D---- C:\Users\Seth\AppData\Roaming\AdobeUM
2009-11-17 16:54:13 ----D---- C:\Program Files\Celtx
2009-11-16 22:22:00 ----A---- C:\Windows\system32\javaws.exe
2009-11-16 22:22:00 ----A---- C:\Windows\system32\javaw.exe
2009-11-16 22:22:00 ----A---- C:\Windows\system32\java.exe
2009-11-16 20:58:34 ----D---- C:\Program Files\Windows Portable Devices
2009-11-16 20:39:32 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-16 20:39:26 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-16 20:39:26 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-16 20:38:01 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-16 20:37:52 ----A---- C:\Windows\system32\cdd.dll
2009-11-16 20:37:44 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-16 20:37:44 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-16 20:37:42 ----A---- C:\Windows\system32\d2d1.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-16 20:37:41 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\FntCache.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\dxgi.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-16 20:37:41 ----A---- C:\Windows\system32\DWrite.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\d3d11.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-16 20:37:41 ----A---- C:\Windows\system32\d3d10.dll
2009-11-16 20:36:57 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-16 20:36:56 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-16 20:36:56 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-16 20:36:32 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-16 20:36:13 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-16 20:36:11 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-16 20:36:11 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-16 20:36:10 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-16 20:33:38 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-16 20:33:33 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-16 20:33:33 ----A---- C:\Windows\system32\oleacc.dll
2009-11-15 10:37:12 ----D---- C:\Windows\system32\eu-ES
2009-11-15 10:37:12 ----D---- C:\Windows\system32\ca-ES
2009-11-15 10:37:11 ----D---- C:\Windows\system32\vi-VN
2009-11-15 09:52:46 ----D---- C:\Windows\system32\EventProviders
2009-11-14 20:34:18 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-11-14 20:34:13 ----A---- C:\Windows\system32\SLsvc.exe
2009-11-14 20:34:13 ----A---- C:\Windows\system32\SLCExt.dll
2009-11-14 20:34:11 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-11-14 20:34:11 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-11-14 20:34:10 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-11-14 20:34:07 ----A---- C:\Windows\system32\mssrch.dll
2009-11-14 20:34:05 ----A---- C:\Windows\system32\tquery.dll
2009-11-14 20:34:04 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-11-14 20:34:03 ----A---- C:\Windows\system32\scavenge.dll
2009-11-14 20:34:03 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-11-14 20:34:03 ----A---- C:\Windows\system32\RMActivate.exe
2009-11-14 20:34:02 ----A---- C:\Windows\system32\msi.dll
2009-11-14 20:34:00 ----A---- C:\Windows\system32\secproc_isv.dll
2009-11-14 20:34:00 ----A---- C:\Windows\system32\imapi2fs.dll
2009-11-14 20:33:59 ----A---- C:\Windows\system32\WscEapPr.dll
2009-11-14 20:33:59 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-11-14 20:33:59 ----A---- C:\Windows\system32\sysmain.dll
2009-11-14 20:33:58 ----A---- C:\Windows\system32\icardagt.exe
2009-11-14 20:33:57 ----A---- C:\Windows\system32\EhStorShell.dll
2009-11-14 20:33:57 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-11-14 20:33:55 ----A---- C:\Windows\system32\spreview.exe
2009-11-14 20:33:55 ----A---- C:\Windows\system32\spinstall.exe
2009-11-14 20:33:55 ----A---- C:\Windows\system32\drmv2clt.dll
2009-11-14 20:33:54 ----A---- C:\Windows\system32\spwizui.dll
2009-11-14 20:33:54 ----A---- C:\Windows\system32\shell32.dll
2009-11-14 20:33:54 ----A---- C:\Windows\system32\secproc.dll
2009-11-14 20:33:54 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-11-14 20:33:52 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-11-14 20:33:52 ----A---- C:\Windows\system32\p2psvc.dll
2009-11-14 20:33:52 ----A---- C:\Windows\system32\mssvp.dll
2009-11-14 20:33:51 ----A---- C:\Windows\system32\mssphtb.dll
2009-11-14 20:33:51 ----A---- C:\Windows\system32\mssph.dll
2009-11-14 20:33:51 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-11-14 20:33:51 ----A---- C:\Windows\system32\mscoree.dll
2009-11-14 20:33:51 ----A---- C:\Windows\system32\imapi2.dll
2009-11-14 20:33:50 ----A---- C:\Windows\system32\sdohlp.dll
2009-11-14 20:33:49 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-11-14 20:33:49 ----A---- C:\Windows\system32\esent.dll
2009-11-14 20:33:49 ----A---- C:\Windows\system32\DevicePairing.dll
2009-11-14 20:33:48 ----A---- C:\Windows\system32\wevtsvc.dll
2009-11-14 20:33:48 ----A---- C:\Windows\system32\sperror.dll
2009-11-14 20:33:48 ----A---- C:\Windows\system32\SLC.dll
2009-11-14 20:33:48 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-11-14 20:33:48 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-11-14 20:33:48 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-11-14 20:33:48 ----A---- C:\Windows\system32\korwbrkr.dll
2009-11-14 20:33:48 ----A---- C:\Windows\system32\IasMigReader.exe
2009-11-14 20:33:47 ----A---- C:\Windows\system32\msshsq.dll
2009-11-14 20:33:46 ----A---- C:\Windows\system32\msjet40.dll
2009-11-14 20:33:45 ----A---- C:\Windows\system32\MPSSVC.dll
2009-11-14 20:33:44 ----A---- C:\Windows\system32\Query.dll
2009-11-14 20:33:44 ----A---- C:\Windows\system32\qmgr.dll
2009-11-14 20:33:43 ----A---- C:\Windows\system32\P2PGraph.dll
2009-11-14 20:33:43 ----A---- C:\Windows\system32\ole32.dll
2009-11-14 20:33:43 ----A---- C:\Windows\system32\msexch40.dll
2009-11-14 20:33:43 ----A---- C:\Windows\system32\diagperf.dll
2009-11-14 20:33:42 ----A---- C:\Windows\system32\winload.exe
2009-11-14 20:33:42 ----A---- C:\Windows\system32\srchadmin.dll
2009-11-14 20:33:41 ----A---- C:\Windows\system32\uDWM.dll
2009-11-14 20:33:41 ----A---- C:\Windows\system32\mmc.exe
2009-11-14 20:33:41 ----A---- C:\Windows\system32\mblctr.exe
2009-11-14 20:33:41 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-11-14 20:33:41 ----A---- C:\Windows\system32\EncDec.dll
2009-11-14 20:33:41 ----A---- C:\Windows\system32\dfsr.exe
2009-11-14 20:33:40 ----A---- C:\Windows\system32\riched20.dll
2009-11-14 20:33:40 ----A---- C:\Windows\system32\RacEngn.dll
2009-11-14 20:33:40 ----A---- C:\Windows\system32\fdBth.dll
2009-11-14 20:33:39 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-11-14 20:33:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-11-14 20:33:39 ----A---- C:\Windows\system32\kernel32.dll
2009-11-14 20:33:38 ----A---- C:\Windows\system32\spoolss.dll
2009-11-14 20:33:38 ----A---- C:\Windows\system32\schedsvc.dll
2009-11-14 20:33:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-11-14 20:33:38 ----A---- C:\Windows\system32\milcore.dll
2009-11-14 20:33:38 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-11-14 20:33:38 ----A---- C:\Windows\system32\CertEnroll.dll
2009-11-14 20:33:37 ----A---- C:\Windows\system32\msjtes40.dll
2009-11-14 20:33:37 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-11-14 20:33:36 ----A---- C:\Windows\system32\WinSAT.exe
2009-11-14 20:33:36 ----A---- C:\Windows\system32\msvcp60.dll
2009-11-14 20:33:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-11-14 20:33:36 ----A---- C:\Windows\system32\gpedit.dll
2009-11-14 20:33:35 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-11-14 20:33:35 ----A---- C:\Windows\system32\Magnify.exe
2009-11-14 20:33:35 ----A---- C:\Windows\system32\es.dll
2009-11-14 20:33:35 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-11-14 20:33:34 ----A---- C:\Windows\system32\mstext40.dll
2009-11-14 20:33:34 ----A---- C:\Windows\system32\advapi32.dll
2009-11-14 20:33:33 ----A---- C:\Windows\system32\WebClnt.dll
2009-11-14 20:33:33 ----A---- C:\Windows\system32\slwmi.dll
2009-11-14 20:33:33 ----A---- C:\Windows\system32\msexcl40.dll
2009-11-14 20:33:33 ----A---- C:\Windows\system32\comsvcs.dll
2009-11-14 20:33:32 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-11-14 20:33:32 ----A---- C:\Windows\system32\vssapi.dll
2009-11-14 20:33:32 ----A---- C:\Windows\system32\msxbde40.dll
2009-11-14 20:33:31 ----A---- C:\Windows\system32\NetProjW.dll
2009-11-14 20:33:31 ----A---- C:\Windows\system32\msfeeds.dll
2009-11-14 20:33:31 ----A---- C:\Windows\system32\authui.dll
2009-11-14 20:33:30 ----A---- C:\Windows\system32\vbscript.dll
2009-11-14 20:33:30 ----A---- C:\Windows\system32\propsys.dll
2009-11-14 20:33:30 ----A---- C:\Windows\system32\PresentationHost.exe
2009-11-14 20:33:30 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-14 20:33:30 ----A---- C:\Windows\system32\newdev.dll
2009-11-14 20:33:30 ----A---- C:\Windows\system32\msrepl40.dll
2009-11-14 20:33:30 ----A---- C:\Windows\system32\iasrecst.dll
2009-11-14 20:33:29 ----A---- C:\Windows\system32\rpcss.dll
2009-11-14 20:33:29 ----A---- C:\Windows\system32\iedkcs32.dll
2009-11-14 20:33:29 ----A---- C:\Windows\system32\gpsvc.dll
2009-11-14 20:33:29 ----A---- C:\Windows\system32\eudcedit.exe
2009-11-14 20:33:29 ----A---- C:\Windows\system32\crypt32.dll
2009-11-14 20:33:29 ----A---- C:\Windows\explorer.exe
2009-11-14 20:33:28 ----A---- C:\Windows\system32\setupapi.dll
2009-11-14 20:33:28 ----A---- C:\Windows\system32\mspbde40.dll
2009-11-14 20:33:28 ----A---- C:\Windows\system32\d3d9.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\shlwapi.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\msrd3x40.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\msltus40.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\mfc42.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-11-14 20:33:27 ----A---- C:\Windows\system32\davclnt.dll
2009-11-14 20:33:26 ----A---- C:\Windows\system32\wevtapi.dll
2009-11-14 20:33:26 ----A---- C:\Windows\system32\photowiz.dll
2009-11-14 20:33:26 ----A---- C:\Windows\system32\nlhtml.dll
2009-11-14 20:33:26 ----A---- C:\Windows\system32\msdtctm.dll
2009-11-14 20:33:26 ----A---- C:\Windows\system32\browseui.dll
2009-11-14 20:33:25 ----A---- C:\Windows\system32\user32.dll
2009-11-14 20:33:25 ----A---- C:\Windows\system32\samsrv.dll
2009-11-14 20:33:25 ----A---- C:\Windows\system32\ci.dll
2009-11-14 20:33:24 ----A---- C:\Windows\system32\win32spl.dll
2009-11-14 20:33:24 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-11-14 20:33:24 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-11-14 20:33:24 ----A---- C:\Windows\system32\quartz.dll
2009-11-14 20:33:24 ----A---- C:\Windows\system32\oleaut32.dll
2009-11-14 20:33:23 ----A---- C:\Windows\system32\netshell.dll
2009-11-14 20:33:22 ----A---- C:\Windows\system32\xmlfilter.dll
2009-11-14 20:33:22 ----A---- C:\Windows\system32\mswstr10.dll
2009-11-14 20:33:22 ----A---- C:\Windows\system32\compcln.exe
2009-11-14 20:33:22 ----A---- C:\Windows\system32\audiosrv.dll
2009-11-14 20:33:22 ----A---- C:\Windows\system32\apds.dll
2009-11-14 20:33:21 ----A---- C:\Windows\system32\msvcrt.dll
2009-11-14 20:33:21 ----A---- C:\Windows\system32\msctf.dll
2009-11-14 20:33:21 ----A---- C:\Windows\system32\gdi32.dll
2009-11-14 20:33:21 ----A---- C:\Windows\system32\emdmgmt.dll
2009-11-14 20:33:20 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-11-14 20:33:19 ----A---- C:\Windows\system32\VSSVC.exe
2009-11-14 20:33:19 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-11-14 20:33:19 ----A---- C:\Windows\system32\SLUI.exe
2009-11-14 20:33:19 ----A---- C:\Windows\system32\msrd2x40.dll
2009-11-14 20:33:19 ----A---- C:\Windows\system32\mfc42u.dll
2009-11-14 20:33:19 ----A---- C:\Windows\system32\eapphost.dll
2009-11-14 20:33:18 ----A---- C:\Windows\system32\propdefs.dll
2009-11-14 20:33:18 ----A---- C:\Windows\system32\odbc32.dll
2009-11-14 20:33:17 ----A---- C:\Windows\system32\winresume.exe
2009-11-14 20:33:16 ----A---- C:\Windows\system32\shdocvw.dll
2009-11-14 20:33:15 ----A---- C:\Windows\system32\wevtutil.exe
2009-11-14 20:33:15 ----A---- C:\Windows\system32\mssitlb.dll
2009-11-14 20:33:15 ----A---- C:\Windows\system32\dbgeng.dll
2009-11-14 20:33:14 ----A---- C:\Windows\system32\WsmSvc.dll
2009-11-14 20:33:14 ----A---- C:\Windows\system32\usp10.dll
2009-11-14 20:33:14 ----A---- C:\Windows\system32\swprv.dll
2009-11-14 20:33:14 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-11-14 20:33:13 ----A---- C:\Windows\system32\vds.exe
2009-11-14 20:33:13 ----A---- C:\Windows\system32\mshtmled.dll
2009-11-14 20:33:13 ----A---- C:\Windows\system32\drvinst.exe
2009-11-14 20:33:12 ----A---- C:\Windows\system32\netlogon.dll
2009-11-14 20:33:12 ----A---- C:\Windows\system32\msscb.dll
2009-11-14 20:33:12 ----A---- C:\Windows\system32\msctfp.dll
2009-11-14 20:33:12 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-11-14 20:33:12 ----A---- C:\Windows\system32\devmgr.dll
2009-11-14 20:33:12 ----A---- C:\Windows\system32\adsldpc.dll
2009-11-14 20:33:11 ----A---- C:\Windows\system32\Wldap32.dll
2009-11-14 20:33:11 ----A---- C:\Windows\system32\wcnwiz.dll
2009-11-14 20:33:11 ----A---- C:\Windows\system32\evr.dll
2009-11-14 20:33:11 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-11-14 20:33:10 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-11-14 20:33:09 ----A---- C:\Windows\system32\wercon.exe
2009-11-14 20:33:09 ----A---- C:\Windows\system32\services.exe
2009-11-14 20:33:09 ----A---- C:\Windows\system32\iertutil.dll
2009-11-14 20:33:08 ----A---- C:\Windows\system32\wcncsvc.dll
2009-11-14 20:33:08 ----A---- C:\Windows\system32\mimefilt.dll
2009-11-14 20:33:08 ----A---- C:\Windows\system32\comdlg32.dll
2009-11-14 20:33:08 ----A---- C:\Windows\system32\adtschema.dll
2009-11-14 20:33:07 ----A---- C:\Windows\system32\msjter40.dll
2009-11-14 20:33:07 ----A---- C:\Windows\system32\msdtcprx.dll
2009-11-14 20:33:07 ----A---- C:\Windows\system32\msdrm.dll
2009-11-14 20:33:07 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-11-14 20:33:07 ----A---- C:\Windows\system32\certcli.dll
2009-11-14 20:33:06 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-11-14 20:33:06 ----A---- C:\Windows\system32\taskeng.exe
2009-11-14 20:33:06 ----A---- C:\Windows\system32\rtffilt.dll
2009-11-14 20:33:06 ----A---- C:\Windows\system32\reg.exe
2009-11-14 20:33:06 ----A---- C:\Windows\system32\mswdat10.dll
2009-11-14 20:33:06 ----A---- C:\Windows\system32\dnsapi.dll
2009-11-14 20:33:06 ----A---- C:\Windows\system32\certutil.exe
2009-11-14 20:33:05 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-11-14 20:33:05 ----A---- C:\Windows\system32\w32time.dll
2009-11-14 20:33:05 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-11-14 20:33:04 ----A---- C:\Windows\system32\msshooks.dll
2009-11-14 20:33:04 ----A---- C:\Windows\system32\msscntrs.dll
2009-11-14 20:33:04 ----A---- C:\Windows\system32\bthserv.dll
2009-11-14 20:33:04 ----A---- C:\Windows\system32\bcrypt.dll
2009-11-14 20:33:03 ----A---- C:\Windows\system32\rsaenh.dll
2009-11-14 20:33:03 ----A---- C:\Windows\system32\msihnd.dll
2009-11-14 20:33:02 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-11-14 20:33:02 ----A---- C:\Windows\system32\msstrc.dll
2009-11-14 20:33:02 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-11-14 20:33:01 ----A---- C:\Windows\system32\netapi32.dll
2009-11-14 20:33:01 ----A---- C:\Windows\system32\inetpp.dll
2009-11-14 20:33:01 ----A---- C:\Windows\system32\inetcomm.dll
2009-11-14 20:33:01 ----A---- C:\Windows\system32\dfshim.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\termsrv.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\profsvc.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\mtxclu.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\mscories.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\hidserv.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\fundisc.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-11-14 20:33:00 ----A---- C:\Windows\system32\cryptsvc.dll
2009-11-14 20:32:59 ----A---- C:\Windows\system32\shsvcs.dll
2009-11-14 20:32:59 ----A---- C:\Windows\system32\msiexec.exe
2009-11-14 20:32:59 ----A---- C:\Windows\system32\imapi.dll
2009-11-14 20:32:57 ----A---- C:\Windows\system32\wdc.dll
2009-11-14 20:32:57 ----A---- C:\Windows\system32\rasmans.dll
2009-11-14 20:32:57 ----A---- C:\Windows\system32\iassdo.dll
2009-11-14 20:32:57 ----A---- C:\Windows\system32\chsbrkr.dll
2009-11-14 20:32:56 ----A---- C:\Windows\system32\spoolsv.exe
2009-11-14 20:32:56 ----A---- C:\Windows\system32\pnidui.dll
2009-11-14 20:32:56 ----A---- C:\Windows\system32\icardres.dll
2009-11-14 20:32:56 ----A---- C:\Windows\system32\autofmt.exe
2009-11-14 20:32:54 ----A---- C:\Windows\system32\wersvc.dll
2009-11-14 20:32:54 ----A---- C:\Windows\system32\slmgr.vbs
2009-11-14 20:32:54 ----A---- C:\Windows\system32\scrrun.dll
2009-11-14 20:32:54 ----A---- C:\Windows\system32\PSHED.DLL
2009-11-14 20:32:54 ----A---- C:\Windows\system32\pdh.dll
2009-11-14 20:32:54 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-11-14 20:32:54 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-11-14 20:32:54 ----A---- C:\Windows\system32\azroles.dll
2009-11-14 20:32:53 ----A---- C:\Windows\system32\wmpmde.dll
2009-11-14 20:32:53 ----A---- C:\Windows\system32\winlogon.exe
2009-11-14 20:32:53 ----A---- C:\Windows\system32\SyncCenter.dll
2009-11-14 20:32:53 ----A---- C:\Windows\system32\pidgenx.dll
2009-11-14 20:32:52 ----A---- C:\Windows\system32\SLUINotify.dll
2009-11-14 20:32:52 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-11-14 20:32:51 ----A---- C:\Windows\system32\ncrypt.dll
2009-11-14 20:32:51 ----A---- C:\Windows\system32\comuid.dll
2009-11-14 20:32:51 ----A---- C:\Windows\system32\certmgr.dll
2009-11-14 20:32:50 ----A---- C:\Windows\system32\sethc.exe
2009-11-14 20:32:50 ----A---- C:\Windows\system32\kd1394.dll
2009-11-14 20:32:49 ----A---- C:\Windows\system32\wisptis.exe
2009-11-14 20:32:49 ----A---- C:\Windows\system32\untfs.dll
2009-11-14 20:32:49 ----A---- C:\Windows\system32\spp.dll
2009-11-14 20:32:49 ----A---- C:\Windows\system32\scrobj.dll
2009-11-14 20:32:49 ----A---- C:\Windows\system32\rtutils.dll
2009-11-14 20:32:49 ----A---- C:\Windows\system32\iassam.dll
2009-11-14 20:32:48 ----A---- C:\Windows\system32\taskcomp.dll
2009-11-14 20:32:48 ----A---- C:\Windows\system32\dwm.exe
2009-11-14 20:32:48 ----A---- C:\Windows\system32\autochk.exe
2009-11-14 20:32:47 ----A---- C:\Windows\system32\printui.dll
2009-11-14 20:32:47 ----A---- C:\Windows\system32\iasnap.dll
2009-11-14 20:32:46 ----A---- C:\Windows\system32\winsrv.dll
2009-11-14 20:32:46 ----A---- C:\Windows\system32\autoconv.exe
2009-11-14 20:32:45 ----A---- C:\Windows\system32\wow32.dll
2009-11-14 20:32:45 ----A---- C:\Windows\system32\userenv.dll
2009-11-14 20:32:45 ----A---- C:\Windows\system32\onex.dll
2009-11-14 20:32:45 ----A---- C:\Windows\system32\kdcom.dll
2009-11-14 20:32:45 ----A---- C:\Windows\system32\cscript.exe
2009-11-14 20:32:45 ----A---- C:\Windows\system32\basecsp.dll
2009-11-14 20:32:45 ----A---- C:\Windows\system32\audiodg.exe
2009-11-14 20:32:44 ----A---- C:\Windows\system32\osk.exe
2009-11-14 20:32:44 ----A---- C:\Windows\system32\mswsock.dll
2009-11-14 20:32:43 ----A---- C:\Windows\system32\winmm.dll
2009-11-14 20:32:43 ----A---- C:\Windows\system32\spcmsg.dll
2009-11-14 20:32:43 ----A---- C:\Windows\system32\RelMon.dll
2009-11-14 20:32:43 ----A---- C:\Windows\system32\kdusb.dll
2009-11-14 20:32:42 ----A---- C:\Windows\system32\WinSCard.dll
2009-11-14 20:32:42 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-11-14 20:32:42 ----A---- C:\Windows\system32\rdpencom.dll
2009-11-14 20:32:42 ----A---- C:\Windows\system32\offfilt.dll
2009-11-14 20:32:42 ----A---- C:\Windows\system32\msftedit.dll
2009-11-14 20:32:42 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-11-14 20:32:40 ----A---- C:\Windows\system32\wsepno.dll
2009-11-14 20:32:40 ----A---- C:\Windows\system32\WerFault.exe
2009-11-14 20:32:40 ----A---- C:\Windows\system32\Utilman.exe
2009-11-14 20:32:40 ----A---- C:\Windows\system32\stobject.dll
2009-11-14 20:32:40 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-11-14 20:32:40 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-11-14 20:32:40 ----A---- C:\Windows\system32\mfplat.dll
2009-11-14 20:32:40 ----A---- C:\Windows\system32\diskraid.exe
2009-11-14 20:32:40 ----A---- C:\Windows\system32\apphelp.dll
2009-11-14 20:32:39 ----A---- C:\Windows\system32\SndVol.exe
2009-11-14 20:32:39 ----A---- C:\Windows\system32\prnntfy.dll
2009-11-14 20:32:39 ----A---- C:\Windows\system32\msnetobj.dll
2009-11-14 20:32:39 ----A---- C:\Windows\system32\mscms.dll
2009-11-14 20:32:39 ----A---- C:\Windows\system32\mcmde.dll
2009-11-14 20:32:39 ----A---- C:\Windows\system32\adsmsext.dll
2009-11-14 20:32:38 ----A---- C:\Windows\system32\wscript.exe
2009-11-14 20:32:38 ----A---- C:\Windows\system32\wiaservc.dll
2009-11-14 20:32:38 ----A---- C:\Windows\system32\sysclass.dll
2009-11-14 20:32:38 ----A---- C:\Windows\system32\odbccp32.dll
2009-11-14 20:32:38 ----A---- C:\Windows\system32\iasdatastore.dll
2009-11-14 20:32:37 ----A---- C:\Windows\system32\ulib.dll
2009-11-14 20:32:37 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-11-14 20:32:37 ----A---- C:\Windows\system32\dsound.dll
2009-11-14 20:32:37 ----A---- C:\Windows\system32\cryptui.dll
2009-11-14 20:32:36 ----A---- C:\Windows\system32\wscntfy.dll
2009-11-14 20:32:36 ----A---- C:\Windows\system32\rastapi.dll
2009-11-14 20:32:36 ----A---- C:\Windows\system32\pnpsetup.dll
2009-11-14 20:32:36 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-11-14 20:32:36 ----A---- C:\Windows\system32\fdProxy.dll
2009-11-14 20:32:35 ----A---- C:\Windows\system32\wscsvc.dll
2009-11-14 20:32:35 ----A---- C:\Windows\system32\wlangpui.dll
2009-11-14 20:32:35 ----A---- C:\Windows\system32\vdsdyn.dll
2009-11-14 20:32:35 ----A---- C:\Windows\system32\logman.exe
2009-11-14 20:32:35 ----A---- C:\Windows\system32\iashlpr.dll
2009-11-14 20:32:35 ----A---- C:\Windows\system32\gpapi.dll
2009-11-14 20:32:35 ----A---- C:\Windows\system32\diskpart.exe
2009-11-14 20:32:35 ----A---- C:\Windows\system32\brcpl.dll
2009-11-14 20:32:34 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-11-14 20:32:34 ----A---- C:\Windows\system32\regsvc.dll
2009-11-14 20:32:34 ----A---- C:\Windows\system32\rasapi32.dll
2009-11-14 20:32:34 ----A---- C:\Windows\system32\ntprint.dll
2009-11-14 20:32:32 ----A---- C:\Windows\system32\wusa.exe
2009-11-14 20:32:32 ----A---- C:\Windows\system32\mscorier.dll
2009-11-14 20:32:32 ----A---- C:\Windows\system32\iasrad.dll
2009-11-14 20:32:31 ----A---- C:\Windows\system32\zipfldr.dll
2009-11-14 20:32:31 ----A---- C:\Windows\system32\wshext.dll
2009-11-14 20:32:31 ----A---- C:\Windows\system32\wpccpl.dll
2009-11-14 20:32:31 ----A---- C:\Windows\system32\netcenter.dll
2009-11-14 20:32:31 ----A---- C:\Windows\system32\findstr.exe
2009-11-14 20:32:30 ----A---- C:\Windows\system32\webcheck.dll
2009-11-14 20:32:30 ----A---- C:\Windows\system32\rasdlg.dll
2009-11-14 20:32:29 ----A---- C:\Windows\system32\wsnmp32.dll
2009-11-14 20:32:29 ----A---- C:\Windows\system32\wer.dll
2009-11-14 20:32:29 ----A---- C:\Windows\system32\themecpl.dll
2009-11-14 20:32:29 ----A---- C:\Windows\system32\iassvcs.dll
2009-11-14 20:32:28 ----A---- C:\Windows\system32\uxsms.dll
2009-11-14 20:32:28 ----A---- C:\Windows\system32\tsbyuv.dll
2009-11-14 20:32:28 ----A---- C:\Windows\system32\srvsvc.dll
2009-11-14 20:32:28 ----A---- C:\Windows\system32\mssprxy.dll
2009-11-14 20:32:27 ----A---- C:\Windows\system32\slcc.dll
2009-11-14 20:32:27 ----A---- C:\Windows\system32\scansetting.dll
2009-11-14 20:32:27 ----A---- C:\Windows\system32\ntmarta.dll
2009-11-14 20:32:27 ----A---- C:\Windows\system32\msutb.dll
2009-11-14 20:32:27 ----A---- C:\Windows\system32\mstlsapi.dll
2009-11-14 20:32:27 ----A---- C:\Windows\system32\iasads.dll
2009-11-14 20:32:26 ----A---- C:\Windows\system32\powrprof.dll
2009-11-14 20:32:26 ----A---- C:\Windows\system32\powercpl.dll
2009-11-14 20:32:26 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-11-14 20:32:26 ----A---- C:\Windows\system32\networkmap.dll
2009-11-14 20:32:26 ----A---- C:\Windows\system32\mstsc.exe
2009-11-14 20:32:26 ----A---- C:\Windows\system32\iasacct.dll
2009-11-14 20:32:26 ----A---- C:\Windows\system32\authz.dll
2009-11-14 20:32:25 ----A---- C:\Windows\system32\systemcpl.dll
2009-11-14 20:32:25 ----A---- C:\Windows\system32\sud.dll
2009-11-14 20:32:25 ----A---- C:\Windows\system32\newdev.exe
2009-11-14 20:32:25 ----A---- C:\Windows\system32\dot3svc.dll
2009-11-14 20:32:25 ----A---- C:\Windows\system32\connect.dll
2009-11-14 20:32:24 ----A---- C:\Windows\system32\themeui.dll
2009-11-14 20:32:24 ----A---- C:\Windows\system32\samlib.dll
2009-11-14 20:32:24 ----A---- C:\Windows\system32\pcaui.dll
2009-11-14 20:32:24 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-11-14 20:32:23 ----A---- C:\Windows\system32\wlanpref.dll
2009-11-14 20:32:23 ----A---- C:\Windows\system32\usercpl.dll
2009-11-14 20:32:23 ----A---- C:\Windows\system32\qdvd.dll
2009-11-14 20:32:23 ----A---- C:\Windows\system32\mmci.dll
2009-11-14 20:32:23 ----A---- C:\Windows\system32\autoplay.dll
2009-11-14 20:32:22 ----A---- C:\Windows\system32\wpcao.dll
2009-11-14 20:32:22 ----A---- C:\Windows\system32\vdsutil.dll
2009-11-14 20:32:22 ----A---- C:\Windows\system32\rpchttp.dll
2009-11-14 20:32:22 ----A---- C:\Windows\system32\regapi.dll
2009-11-14 20:32:22 ----A---- C:\Windows\system32\msinfo32.exe
2009-11-14 20:32:22 ----A---- C:\Windows\system32\ieaksie.dll
2009-11-14 20:32:21 ----A---- C:\Windows\system32\tapisrv.dll
2009-11-14 20:32:21 ----A---- C:\Windows\system32\scksp.dll
2009-11-14 20:32:21 ----A---- C:\Windows\system32\feclient.dll
2009-11-14 20:32:20 ----A---- C:\Windows\system32\scesrv.dll
2009-11-14 20:32:20 ----A---- C:\Windows\system32\psisdecd.dll
2009-11-14 20:32:20 ----A---- C:\Windows\system32\oleprn.dll
2009-11-14 20:32:20 ----A---- C:\Windows\system32\mpr.dll
2009-11-14 20:32:20 ----A---- C:\Windows\system32\imm32.dll
2009-11-14 20:32:20 ----A---- C:\Windows\system32\AudioSes.dll
2009-11-14 20:32:19 ----A---- C:\Windows\system32\wscisvif.dll
2009-11-14 20:32:19 ----A---- C:\Windows\system32\sdclt.exe
2009-11-14 20:32:19 ----A---- C:\Windows\system32\rekeywiz.exe
2009-11-14 20:32:19 ----A---- C:\Windows\system32\iaspolcy.dll
2009-11-14 20:32:19 ----A---- C:\Windows\system32\Faultrep.dll
2009-11-14 20:32:19 ----A---- C:\Windows\system32\dot3msm.dll
2009-11-14 20:32:19 ----A---- C:\Windows\system32\DeviceEject.exe
2009-11-14 20:32:18 ----A---- C:\Windows\system32\qedit.dll
2009-11-14 20:32:18 ----A---- C:\Windows\system32\perfdisk.dll
2009-11-14 20:32:18 ----A---- C:\Windows\system32\ncryptui.dll
2009-11-14 20:32:18 ----A---- C:\Windows\system32\dpapimig.exe
2009-11-14 20:32:17 ----A---- C:\Windows\system32\TSTheme.exe
2009-11-14 20:32:17 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-11-14 20:32:17 ----A---- C:\Windows\system32\scecli.dll
2009-11-14 20:32:17 ----A---- C:\Windows\system32\rasplap.dll
2009-11-14 20:32:17 ----A---- C:\Windows\system32\rasgcw.dll
2009-11-14 20:32:17 ----A---- C:\Windows\system32\pnpui.dll
2009-11-14 20:32:17 ----A---- C:\Windows\system32\hdwwiz.exe
2009-11-14 20:32:17 ----A---- C:\Windows\system32\extmgr.dll
2009-11-14 20:32:17 ----A---- C:\Windows\system32\certreq.exe
2009-11-14 20:32:16 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-11-14 20:32:16 ----A---- C:\Windows\system32\spwinsat.dll
2009-11-14 20:32:16 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-11-14 20:32:16 ----A---- C:\Windows\system32\cmmon32.exe
2009-11-14 20:32:15 ----A---- C:\Windows\system32\whealogr.dll
2009-11-14 20:32:15 ----A---- C:\Windows\system32\tcpmon.dll
2009-11-14 20:32:15 ----A---- C:\Windows\system32\srcore.dll
2009-11-14 20:32:15 ----A---- C:\Windows\system32\fdWSD.dll
2009-11-14 20:32:14 ----A---- C:\Windows\system32\SnippingTool.exe
2009-11-14 20:32:14 ----A---- C:\Windows\system32\SCardSvr.dll
2009-11-14 20:32:14 ----A---- C:\Windows\system32\raschap.dll
2009-11-14 20:32:14 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-11-14 20:32:14 ----A---- C:\Windows\system32\fontext.dll
2009-11-14 20:32:14 ----A---- C:\Windows\system32\conime.exe
2009-11-14 20:32:14 ----A---- C:\Windows\system32\cmdial32.dll
2009-11-14 20:32:13 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-11-14 20:32:13 ----A---- C:\Windows\system32\wlanui.dll
2009-11-14 20:32:13 ----A---- C:\Windows\system32\wiaaut.dll
2009-11-14 20:32:13 ----A---- C:\Windows\system32\rasppp.dll
2009-11-14 20:32:13 ----A---- C:\Windows\system32\PnPutil.exe
2009-11-14 20:32:12 ----A---- C:\Windows\system32\shwebsvc.dll
2009-11-14 20:32:12 ----A---- C:\Windows\system32\dsprop.dll
2009-11-14 20:32:12 ----A---- C:\Windows\system32\dimsroam.dll
2009-11-14 20:32:11 ----A---- C:\Windows\system32\oobefldr.dll
2009-11-14 20:32:11 ----A---- C:\Windows\system32\occache.dll
2009-11-14 20:32:10 ----A---- C:\Windows\system32\shsetup.dll
2009-11-14 20:32:10 ----A---- C:\Windows\system32\rasmontr.dll
2009-11-14 20:32:10 ----A---- C:\Windows\system32\mscandui.dll
2009-11-14 20:32:10 ----A---- C:\Windows\system32\modemui.dll
2009-11-14 20:32:10 ----A---- C:\Windows\system32\chtbrkr.dll
2009-11-14 20:32:09 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-11-14 20:32:09 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-11-14 20:32:09 ----A---- C:\Windows\system32\rdpwsx.dll
2009-11-14 20:32:09 ----A---- C:\Windows\system32\dataclen.dll
2009-11-14 20:32:09 ----A---- C:\Windows\system32\blackbox.dll
2009-11-14 20:32:08 ----A---- C:\Windows\system32\smss.exe
2009-11-14 20:32:08 ----A---- C:\Windows\system32\credui.dll
2009-11-14 20:32:07 ----A---- C:\Windows\system32\WSDMon.dll
2009-11-14 20:32:07 ----A---- C:\Windows\system32\wmpeffects.dll
2009-11-14 20:32:07 ----A---- C:\Windows\system32\netplwiz.dll
2009-11-14 20:32:07 ----A---- C:\Windows\system32\mstime.dll
2009-11-14 20:32:07 ----A---- C:\Windows\system32\certprop.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\wpcsvc.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\networkexplorer.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\msscp.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\msrating.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\logagent.exe
2009-11-14 20:32:06 ----A---- C:\Windows\system32\InkEd.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\ifmon.dll
2009-11-14 20:32:06 ----A---- C:\Windows\system32\gpresult.exe
2009-11-14 20:32:06 ----A---- C:\Windows\system32\cipher.exe
2009-11-14 20:32:05 ----A---- C:\Windows\system32\wscapi.dll
2009-11-14 20:32:05 ----A---- C:\Windows\system32\msimtf.dll
2009-11-14 20:32:04 ----A---- C:\Windows\system32\thawbrkr.dll
2009-11-14 20:32:04 ----A---- C:\Windows\system32\softkbd.dll
2009-11-14 20:32:04 ----A---- C:\Windows\system32\sendmail.dll
2009-11-14 20:32:03 ----A---- C:\Windows\system32\olepro32.dll
2009-11-14 20:32:03 ----A---- C:\Windows\system32\msctfui.dll
2009-11-14 20:32:03 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-11-14 20:32:03 ----A---- C:\Windows\system32\dmsynth.dll
2009-11-14 20:32:02 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-11-14 20:32:01 ----A---- C:\Windows\system32\version.dll
2009-11-14 20:32:01 ----A---- C:\Windows\system32\puiapi.dll
2009-11-14 20:32:01 ----A---- C:\Windows\system32\mprapi.dll
2009-11-14 20:32:01 ----A---- C:\Windows\system32\input.dll
2009-11-14 20:32:01 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-11-14 20:32:00 ----A---- C:\Windows\system32\wshbth.dll
2009-11-14 20:32:00 ----A---- C:\Windows\system32\SLLUA.exe
2009-11-14 20:32:00 ----A---- C:\Windows\system32\msisip.dll
2009-11-14 20:32:00 ----A---- C:\Windows\system32\fc.exe
2009-11-14 20:31:58 ----A---- C:\Windows\system32\msjint40.dll
2009-11-14 20:31:58 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-11-14 20:31:58 ----A---- C:\Windows\system32\fdSSDP.dll
2009-11-14 20:31:58 ----A---- C:\Windows\system32\dmusic.dll
2009-11-14 20:31:58 ----A---- C:\Windows\system32\cscapi.dll
2009-11-14 20:31:57 ----A---- C:\Windows\system32\l2nacp.dll
2009-11-14 20:31:57 ----A---- C:\Windows\system32\ftp.exe
2009-11-14 20:31:57 ----A---- C:\Windows\system32\eapp3hst.dll
2009-11-14 20:31:56 ----A---- C:\Windows\system32\wsdchngr.dll
2009-11-14 20:31:56 ----A---- C:\Windows\system32\cscdll.dll
2009-11-14 20:31:55 ----A---- C:\Windows\system32\Storprop.dll
2009-11-14 20:31:55 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-11-14 20:31:55 ----A---- C:\Windows\system32\rasdial.exe
2009-11-14 20:31:55 ----A---- C:\Windows\system32\rasdiag.dll
2009-11-14 20:31:55 ----A---- C:\Windows\system32\fdWCN.dll
2009-11-14 20:31:55 ----A---- C:\Windows\system32\dot3cfg.dll
2009-11-14 20:31:55 ----A---- C:\Windows\system32\bthudtask.exe
2009-11-14 20:31:55 ----A---- C:\Windows\system32\bthci.dll
2009-11-14 20:31:54 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-11-14 20:31:54 ----A---- C:\Windows\system32\ipconfig.exe
2009-11-14 20:31:54 ----A---- C:\Windows\system32\eappcfg.dll
2009-11-14 20:31:53 ----A---- C:\Windows\system32\tscupgrd.exe
2009-11-14 20:31:53 ----A---- C:\Windows\system32\slcinst.dll
2009-11-14 20:31:53 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-11-14 20:31:53 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-11-14 20:31:52 ----A---- C:\Windows\system32\ocsetup.exe
2009-11-14 20:31:52 ----A---- C:\Windows\system32\nslookup.exe
2009-11-14 20:31:52 ----A---- C:\Windows\system32\hbaapi.dll
2009-11-14 20:31:52 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-11-14 20:31:52 ----A---- C:\Windows\system32\fdeploy.dll
2009-11-14 20:31:52 ----A---- C:\Windows\system32\eappgnui.dll
2009-11-14 20:31:51 ----A---- C:\Windows\system32\mmcico.dll
2009-11-14 20:31:50 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-11-14 20:31:49 ----A---- C:\Windows\system32\gpupdate.exe
2009-11-14 20:31:47 ----A---- C:\Windows\system32\NcdProp.dll
2009-11-14 20:31:47 ----A---- C:\Windows\system32\iscsilog.dll
2009-11-14 20:31:47 ----A---- C:\Windows\system32\csrstub.exe
2009-11-14 20:31:47 ----A---- C:\Windows\system32\cbsra.exe
2009-11-14 20:31:47 ----A---- C:\Windows\system32\bitsigd.dll
2009-11-14 20:31:45 ----A---- C:\Windows\system32\vdmdbg.dll
2009-11-14 20:31:45 ----A---- C:\Windows\system32\odbcconf.dll
2009-11-14 20:31:44 ----A---- C:\Windows\system32\winrnr.dll
2009-11-14 20:31:44 ----A---- C:\Windows\system32\slwga.dll
2009-11-14 20:31:44 ----A---- C:\Windows\system32\inetppui.dll
2009-11-14 20:31:42 ----A---- C:\Windows\system32\midimap.dll
2009-11-14 20:31:36 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-11-14 20:31:35 ----A---- C:\Windows\system32\msimsg.dll
2009-11-14 20:31:08 ----A---- C:\Windows\system32\SmiEngine.dll
2009-11-14 20:31:06 ----A---- C:\Windows\system32\wdscore.dll
2009-11-14 20:31:06 ----A---- C:\Windows\system32\PkgMgr.exe
2009-11-14 20:31:01 ----A---- C:\Windows\system32\drvstore.dll
2009-11-14 13:03:33 ----D---- C:\Program Files\Safari
2009-11-14 03:48:54 ----D---- C:\PerfLogs
2009-11-13 18:19:55 ----A---- C:\Windows\system32\imagesp1.dll
2009-11-13 18:19:51 ----A---- C:\Windows\system32\sstpsvc.dll
2009-11-13 18:19:49 ----A---- C:\Windows\system32\winrscmd.dll
2009-11-13 18:19:46 ----A---- C:\Windows\system32\iesetup.dll
2009-11-13 18:19:40 ----A---- C:\Windows\system32\xpssvcs.dll
2009-11-13 18:19:37 ----A---- C:\Windows\system32\spwizimg.dll
2009-11-13 18:19:37 ----A---- C:\Windows\system32\lpremove.exe
2009-11-13 18:19:37 ----A---- C:\Windows\bfsvc.exe
2009-11-13 18:19:36 ----A---- C:\Windows\system32\ntdll.dll
2009-11-13 18:19:34 ----A---- C:\Windows\system32\recdisc.exe
2009-11-13 18:19:34 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-11-13 18:19:33 ----A---- C:\Windows\system32\CompMgmtLauncher.exe
2009-11-13 18:19:30 ----A---- C:\Windows\system32\msvbvm60.dll
2009-11-13 18:19:27 ----A---- C:\Windows\system32\MSMPEG2ADEC.DLL
2009-11-13 18:19:26 ----A---- C:\Windows\system32\xolehlp.dll
2009-11-13 18:19:24 ----A---- C:\Windows\system32\SSShim.dll
2009-11-13 18:19:23 ----A---- C:\Windows\system32\nlmgp.dll
2009-11-13 18:19:23 ----A---- C:\Windows\system32\DfsShlEx.dll
2009-11-13 18:19:22 ----A---- C:\Windows\system32\clusapi.dll
2009-11-13 18:19:20 ----A---- C:\Windows\system32\winrsmgr.dll
2009-11-13 18:19:18 ----A---- C:\Windows\system32\vdsbas.dll
2009-11-13 18:19:18 ----A---- C:\Windows\system32\comctl32.dll
2009-11-13 18:19:16 ----A---- C:\Windows\system32\XPSSHHDR.dll
2009-11-13 18:19:16 ----A---- C:\Windows\system32\msdtckrm.dll
2009-11-13 18:19:15 ----A---- C:\Windows\system32\wecutil.exe
2009-11-13 18:19:15 ----A---- C:\Windows\system32\sbe.dll
2009-11-13 18:19:15 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-11-13 18:19:14 ----A---- C:\Windows\system32\sdengin2.dll
2009-11-13 18:19:14 ----A---- C:\Windows\system32\gacinstall.dll
2009-11-13 18:19:14 ----A---- C:\Windows\system32\cmipnpinstall.dll
2009-11-13 18:19:14 ----A---- C:\Windows\system32\cmicryptinstall.dll
2009-11-13 18:19:13 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2009-11-13 18:19:11 ----A---- C:\Windows\system32\sqlceqp30.dll
2009-11-13 18:19:11 ----A---- C:\Windows\system32\lsm.exe
2009-11-13 18:19:11 ----A---- C:\Windows\system32\FirewallAPI.dll
2009-11-13 18:19:10 ----A---- C:\Windows\system32\wecsvc.dll
2009-11-13 18:19:10 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-11-13 18:19:09 ----A---- C:\Windows\system32\thumbcache.dll
2009-11-13 18:19:07 ----A---- C:\Windows\system32\authfwcfg.dll
2009-11-13 18:19:06 ----A---- C:\Windows\system32\dmvdsitf.dll
2009-11-13 18:19:04 ----A---- C:\Windows\system32\wevtfwd.dll
2009-11-13 18:19:04 ----A---- C:\Windows\system32\uexfat.dll
2009-11-13 18:19:02 ----A---- C:\Windows\system32\sqlcese30.dll
2009-11-13 18:19:02 ----A---- C:\Windows\system32\DfrgNtfs.exe
2009-11-13 18:18:57 ----A---- C:\Windows\system32\mssha.dll
2009-11-13 18:18:56 ----A---- C:\Windows\system32\WsmAuto.dll
2009-11-13 18:18:56 ----A---- C:\Windows\system32\nlasvc.dll
2009-11-13 18:18:56 ----A---- C:\Windows\system32\dfrgui.exe
2009-11-13 18:18:55 ----A---- C:\Windows\system32\BFE.DLL
2009-11-13 18:18:54 ----A---- C:\Windows\system32\WsmWmiPl.dll
2009-11-13 18:18:54 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-11-13 18:18:54 ----A---- C:\Windows\system32\ddraw.dll
2009-11-13 18:18:53 ----A---- C:\Windows\system32\objsel.dll
2009-11-13 18:18:52 ----A---- C:\Windows\system32\QAGENT.DLL
2009-11-13 18:18:52 ----A---- C:\Windows\system32\dbghelp.dll
2009-11-13 18:18:51 ----A---- C:\Windows\system32\icm32.dll
2009-11-13 18:18:50 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-11-13 18:18:50 ----A---- C:\Windows\system32\iprtrmgr.dll
2009-11-13 18:18:48 ----A---- C:\Windows\system32\taskschd.dll
2009-11-13 18:18:48 ----A---- C:\Windows\system32\bcdedit.exe
2009-11-13 18:18:47 ----A---- C:\Windows\system32\AudioEng.dll
2009-11-13 18:18:46 ----A---- C:\Windows\system32\winsta.dll
2009-11-13 18:18:46 ----A---- C:\Windows\system32\netprofm.dll
2009-11-13 18:18:45 ----A---- C:\Windows\system32\netcfgx.dll
2009-11-13 18:18:44 ----A---- C:\Windows\system32\lpksetup.exe
2009-11-13 18:18:44 ----A---- C:\Windows\system32\cdosys.dll
2009-11-13 18:18:42 ----A---- C:\Windows\system32\msdtcuiu.dll
2009-11-13 18:18:42 ----A---- C:\Windows\system32\mprddm.dll
2009-11-13 18:18:41 ----A---- C:\Windows\system32\eapsvc.dll
2009-11-13 18:18:41 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-11-13 18:18:40 ----A---- C:\Windows\system32\bcdsrv.dll
2009-11-13 18:18:39 ----A---- C:\Windows\system32\msidcrl30.dll
2009-11-13 18:18:38 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-11-13 18:18:37 ----A---- C:\Windows\system32\pla.dll
2009-11-13 18:18:36 ----A---- C:\Windows\system32\dot3gpui.dll
2009-11-13 18:18:35 ----A---- C:\Windows\system32\comsnap.dll
2009-11-13 18:18:34 ----A---- C:\Windows\system32\cryptnet.dll
2009-11-13 18:18:33 ----A---- C:\Windows\system32\synceng.dll
2009-11-13 18:18:32 ----A---- C:\Windows\system32\msconfig.exe
2009-11-13 18:18:32 ----A---- C:\Windows\system32\cmifw.dll
2009-11-13 18:18:30 ----A---- C:\Windows\system32\uxtheme.dll
2009-11-13 18:18:30 ----A---- C:\Windows\system32\tdh.dll
2009-11-13 18:18:29 ----A---- C:\Windows\system32\SessEnv.dll
2009-11-13 18:18:29 ----A---- C:\Windows\system32\dot3api.dll
2009-11-13 18:18:29 ----A---- C:\Windows\system32\dmdskmgr.dll
2009-11-13 18:18:29 ----A---- C:\Windows\system32\cmd.exe
2009-11-13 18:18:29 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2009-11-13 18:18:27 ----A---- C:\Windows\system32\WUDFx.dll
2009-11-13 18:18:27 ----A---- C:\Windows\system32\wlancfg.dll
2009-11-13 18:18:27 ----A---- C:\Windows\system32\msdtcVSp1res.dll
2009-11-13 18:18:27 ----A---- C:\Windows\system32\loadperf.dll
2009-11-13 18:18:26 ----A---- C:\Windows\system32\rdpdd.dll
2009-11-13 18:18:26 ----A---- C:\Windows\system32\localsec.dll
2009-11-13 18:18:26 ----A---- C:\Windows\system32\comres.dll
2009-11-13 18:18:25 ----A---- C:\Windows\system32\rstrui.exe
2009-11-13 18:18:25 ----A---- C:\Windows\system32\hnetcfg.dll
2009-11-13 18:18:24 ----A---- C:\Windows\system32\wsqmcons.exe
2009-11-13 18:18:24 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-11-13 18:18:24 ----A---- C:\Windows\system32\WinSATAPI.dll
2009-11-13 18:18:24 ----A---- C:\Windows\system32\NAPMONTR.DLL
2009-11-13 18:18:23 ----A---- C:\Windows\system32\RDPENCDD.dll
2009-11-13 18:18:23 ----A---- C:\Windows\system32\profprov.dll
2009-11-13 18:18:23 ----A---- C:\Windows\system32\filemgmt.dll
2009-11-13 18:18:22 ----A---- C:\Windows\system32\MuiUnattend.exe
2009-11-13 18:18:21 ----A---- C:\Windows\system32\wsecedit.dll
2009-11-13 18:18:21 ----A---- C:\Windows\system32\tracerpt.exe
2009-11-13 18:18:21 ----A---- C:\Windows\system32\dwmredir.dll
2009-11-13 18:18:20 ----A---- C:\Windows\system32\wininit.exe
2009-11-13 18:18:20 ----A---- C:\Windows\system32\QSHVHOST.DLL
2009-11-13 18:18:19 ----A---- C:\Windows\system32\azroleui.dll
2009-11-13 18:18:18 ----A---- C:\Windows\system32\mcbuilder.exe
2009-11-13 18:18:18 ----A---- C:\Windows\system32\iashost.exe
2009-11-13 18:18:18 ----A---- C:\Windows\HelpPane.exe
2009-11-13 18:18:17 ----A---- C:\Windows\system32\srrstr.dll
2009-11-13 18:18:17 ----A---- C:\Windows\system32\spwizeng.dll
2009-11-13 18:18:16 ----A---- C:\Windows\system32\wecapi.dll
2009-11-13 18:18:16 ----A---- C:\Windows\system32\unbcl.dll
2009-11-13 18:18:16 ----A---- C:\Windows\system32\shrink.dll
2009-11-13 18:18:16 ----A---- C:\Windows\system32\msra.exe
2009-11-13 18:18:16 ----A---- C:\Windows\system32\lltdsvc.dll
2009-11-13 18:18:15 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-11-13 18:18:14 ----A---- C:\Windows\system32\msdri.dll
2009-11-13 18:18:13 ----A---- C:\Windows\system32\framedynos.dll
2009-11-13 18:18:12 ----A---- C:\Windows\system32\vsstrace.dll
2009-11-13 18:18:12 ----A---- C:\Windows\system32\ntvdm.exe
2009-11-13 18:18:12 ----A---- C:\Windows\system32\advpack.dll
2009-11-13 18:18:11 ----A---- C:\Windows\system32\ntlanman.dll
2009-11-13 18:18:09 ----A---- C:\Windows\system32\netman.dll
2009-11-13 18:18:09 ----A---- C:\Windows\system32\framedyn.dll
2009-11-13 18:18:09 ----A---- C:\Windows\system32\dssenh.dll
2009-11-13 18:18:08 ----A---- C:\Windows\system32\WlanMM.dll
2009-11-13 18:18:08 ----A---- C:\Windows\system32\adsnt.dll
2009-11-13 18:18:07 ----A---- C:\Windows\system32\WsmProv.dll
2009-11-13 18:18:07 ----A---- C:\Windows\system32\WLanConn.dll
2009-11-13 18:18:07 ----A---- C:\Windows\system32\sxs.dll
2009-11-13 18:18:07 ----A---- C:\Windows\system32\KMSVC.DLL
2009-11-13 18:18:07 ----A---- C:\Windows\system32\IPBusEnum.dll
2009-11-13 18:18:06 ----A---- C:\Windows\system32\WUDFHost.exe
2009-11-13 18:18:06 ----A---- C:\Windows\system32\VAN.dll
2009-11-13 18:18:06 ----A---- C:\Windows\system32\umb.dll
2009-11-13 18:18:06 ----A---- C:\Windows\system32\ncsi.dll
2009-11-13 18:18:05 ----A---- C:\Windows\system32\ie4uinit.exe
2009-11-13 18:18:04 ----A---- C:\Windows\system32\puiobj.dll
2009-11-13 18:18:04 ----A---- C:\Windows\system32\netid.dll
2009-11-13 18:18:04 ----A---- C:\Windows\system32\catsrvut.dll
2009-11-13 18:18:03 ----A---- C:\Windows\system32\MdSched.exe
2009-11-13 18:18:03 ----A---- C:\Windows\system32\dps.dll
2009-11-13 18:18:01 ----A---- C:\Windows\system32\ws2_32.dll
2009-11-13 18:18:01 ----A---- C:\Windows\system32\spbcd.dll
2009-11-13 18:18:01 ----A---- C:\Windows\system32\setbcdlocale.dll
2009-11-13 18:18:01 ----A---- C:\Windows\system32\ntdsapi.dll
2009-11-13 18:18:00 ----A---- C:\Windows\system32\winrs.exe
2009-11-13 18:18:00 ----A---- C:\Windows\system32\odbcjt32.dll
2009-11-13 18:18:00 ----A---- C:\Windows\system32\NAPSTAT.EXE
2009-11-13 18:17:57 ----A---- C:\Windows\system32\schtasks.exe
2009-11-13 18:17:57 ----A---- C:\Windows\system32\netdiagfx.dll
2009-11-13 18:17:57 ----A---- C:\Windows\system32\dmdlgs.dll
2009-11-13 18:17:57 ----A---- C:\Windows\system32\dhcpsapi.dll
2009-11-13 18:17:57 ----A---- C:\Windows\system32\catsrv.dll
2009-11-13 18:17:57 ----A---- C:\Windows\system32\activeds.dll
2009-11-13 18:17:56 ----A---- C:\Windows\system32\TSpkg.dll
2009-11-13 18:17:56 ----A---- C:\Windows\system32\dfrgfat.exe
2009-11-13 18:17:55 ----A---- C:\Windows\system32\wvc.dll
2009-11-13 18:17:55 ----A---- C:\Windows\system32\winrm.vbs
2009-11-13 18:17:55 ----A---- C:\Windows\system32\qwave.dll
2009-11-13 18:17:55 ----A---- C:\Windows\system32\FirewallControlPanel.exe
2009-11-13 18:17:53 ----A---- C:\Windows\system32\netcorehc.dll
2009-11-13 18:17:53 ----A---- C:\Windows\system32\NAPHLPR.DLL
2009-11-13 18:17:53 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-11-13 18:17:53 ----A---- C:\Windows\system32\msacm32.dll
2009-11-13 18:17:52 ----A---- C:\Windows\system32\adsldp.dll
2009-11-13 18:17:50 ----A---- C:\Windows\system32\ntshrui.dll
2009-11-13 18:17:50 ----A---- C:\Windows\system32\msdt.dll
2009-11-13 18:17:50 ----A---- C:\Windows\system32\els.dll
2009-11-13 18:17:50 ----A---- C:\Windows\system32\clbcatq.dll
2009-11-13 18:17:49 ----A---- C:\Windows\system32\QUTIL.DLL
2009-11-13 18:17:48 ----A---- C:\Windows\system32\sdrsvc.dll
2009-11-13 18:17:48 ----A---- C:\Windows\system32\net1.exe
2009-11-13 18:17:48 ----A---- C:\Windows\system32\ipnathlp.dll
2009-11-13 18:17:47 ----A---- C:\Windows\system32\Defrag.exe
2009-11-13 18:17:46 ----A---- C:\Windows\system32\nci.dll
2009-11-13 18:17:45 ----A---- C:\Windows\system32\upnphost.dll
2009-11-13 18:17:45 ----A---- C:\Windows\system32\mprmsg.dll
2009-11-13 18:17:44 ----A---- C:\Windows\system32\rasman.dll
2009-11-13 18:17:44 ----A---- C:\Windows\system32\P2P.dll
2009-11-13 18:17:44 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-11-13 18:17:44 ----A---- C:\Windows\system32\fde.dll
2009-11-13 18:17:44 ----A---- C:\Windows\system32\CompatUI.dll
2009-11-13 18:17:44 ----A---- C:\Windows\system32\ActiveContentWizard.dll
2009-11-13 18:17:43 ----A---- C:\Windows\system32\rascfg.dll
2009-11-13 18:17:43 ----A---- C:\Windows\system32\loghours.dll
2009-11-13 18:17:42 ----A---- C:\Windows\system32\Wpc.dll
2009-11-13 18:17:42 ----A---- C:\Windows\system32\MigAutoPlay.exe
2009-11-13 18:17:42 ----A---- C:\Windows\system32\DFDWiz.exe
2009-11-13 18:17:41 ----A---- C:\Windows\system32\setupcl.exe
2009-11-13 18:17:41 ----A---- C:\Windows\system32\mprdim.dll
2009-11-13 18:17:39 ----A---- C:\Windows\system32\rtm.dll
2009-11-13 18:17:39 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2009-11-13 18:17:36 ----A---- C:\Windows\system32\wdi.dll
2009-11-13 18:17:36 ----A---- C:\Windows\system32\ifsutil.dll
2009-11-13 18:17:36 ----A---- C:\Windows\system32\actxprxy.dll
2009-11-13 18:17:35 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-11-13 18:17:35 ----A---- C:\Windows\system32\mswmdm.dll
2009-11-13 18:17:34 ----A---- C:\Windows\system32\usbmon.dll
2009-11-13 18:17:34 ----A---- C:\Windows\system32\imagehlp.dll
2009-11-13 18:17:34 ----A---- C:\Windows\system32\BOOTVID.DLL
2009-11-13 18:17:33 ----A---- C:\Windows\system32\wlandlg.dll
2009-11-13 18:17:33 ----A---- C:\Windows\system32\vssadmin.exe
2009-11-13 18:17:33 ----A---- C:\Windows\system32\mycomput.dll
2009-11-13 18:17:33 ----A---- C:\Windows\system32\msls31.dll
2009-11-13 18:17:32 ----A---- C:\Windows\system32\uudf.dll
2009-11-13 18:17:31 ----A---- C:\Windows\system32\mspaint.exe
2009-11-13 18:17:30 ----A---- C:\Windows\system32\mstask.dll
2009-11-13 18:17:29 ----A---- C:\Windows\system32\termmgr.dll
2009-11-13 18:17:29 ----A---- C:\Windows\system32\ssdpsrv.dll
2009-11-13 18:17:29 ----A---- C:\Windows\system32\mtxoci.dll
2009-11-13 18:17:29 ----A---- C:\Windows\system32\duser.dll
2009-11-13 18:17:28 ----A---- C:\Windows\system32\cic.dll
2009-11-13 18:17:27 ----A---- C:\Windows\system32\Robocopy.exe
2009-11-13 18:17:27 ----A---- C:\Windows\system32\AzSqlExt.dll
2009-11-13 18:17:24 ----A---- C:\Windows\system32\WUDFPlatform.dll
2009-11-13 18:17:24 ----A---- C:\Windows\system32\sdshext.dll
2009-11-13 18:17:24 ----A---- C:\Windows\system32\msdt.exe
2009-11-13 18:17:23 ----A---- C:\Windows\system32\verifier.exe
2009-11-13 18:17:23 ----A---- C:\Windows\system32\msdtclog.dll
2009-11-13 18:17:22 ----A---- C:\Windows\system32\d3d8.dll
2009-11-13 18:17:21 ----A---- C:\Windows\system32\wintrust.dll
2009-11-13 18:17:21 ----A---- C:\Windows\system32\oledlg.dll
2009-11-13 18:17:21 ----A---- C:\Windows\system32\dxtmsft.dll
2009-11-13 18:17:21 ----A---- C:\Windows\system32\clfsw32.dll
2009-11-13 18:17:20 ----A---- C:\Windows\system32\vdsldr.exe
2009-11-13 18:17:20 ----A---- C:\Windows\system32\mmcbase.dll
2009-11-13 18:17:19 ----A---- C:\Windows\system32\mlang.dll
2009-11-13 18:17:19 ----A---- C:\Windows\system32\icfupgd.dll
2009-11-13 18:17:19 ----A---- C:\Windows\system32\icardie.dll
2009-11-13 18:17:18 ----A---- C:\Windows\system32\rasqec.dll
2009-11-13 18:17:18 ----A---- C:\Windows\system32\ncobjapi.dll
2009-11-13 18:17:18 ----A---- C:\Windows\system32\msaatext.dll
2009-11-13 18:17:17 ----A---- C:\Windows\system32\syssetup.dll
2009-11-13 18:17:16 ----A---- C:\Windows\system32\wtsapi32.dll
2009-11-13 18:17:16 ----A---- C:\Windows\system32\unlodctr.exe
2009-11-13 18:17:16 ----A---- C:\Windows\system32\lodctr.exe
2009-11-13 18:17:15 ----A---- C:\Windows\system32\Mcx2Svc.dll
2009-11-13 18:17:15 ----A---- C:\Windows\system32\cabinet.dll
2009-11-13 18:17:14 ----A---- C:\Windows\system32\trkwks.dll
2009-11-13 18:17:13 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2009-11-13 18:17:13 ----A---- C:\Windows\system32\unattend.dll
2009-11-13 18:17:13 ----A---- C:\Windows\system32\ogldrv.dll
2009-11-13 18:17:13 ----A---- C:\Windows\system32\lnkstub.exe
2009-11-13 18:17:13 ----A---- C:\Windows\system32\cabview.dll
2009-11-13 18:17:12 ----A---- C:\Windows\system32\wermgr.exe
2009-11-13 18:17:12 ----A---- C:\Windows\system32\dfdts.dll
2009-11-13 18:17:10 ----A---- C:\Windows\system32\sdspres.dll
2009-11-13 18:17:10 ----A---- C:\Windows\system32\p2pcollab.dll
2009-11-13 18:17:10 ----A---- C:\Windows\system32\dispdiag.exe
2009-11-13 18:17:10 ----A---- C:\Windows\system32\DHCPQEC.DLL
2009-11-13 18:17:10 ----A---- C:\Windows\system32\basesrv.dll
2009-11-13 18:17:08 ----A---- C:\Windows\system32\mmcss.dll
2009-11-13 18:17:08 ----A---- C:\Windows\system32\dsquery.dll
2009-11-13 18:17:07 ----A---- C:\Windows\system32\verifier.dll
2009-11-13 18:17:07 ----A---- C:\Windows\system32\RstrtMgr.dll
2009-11-13 18:17:07 ----A---- C:\Windows\system32\efsadu.dll
2009-11-13 18:17:05 ----A---- C:\Windows\system32\wercplsupport.dll
2009-11-13 18:17:04 ----A---- C:\Windows\system32\msoeacct.dll
2009-11-13 18:17:03 ----A---- C:\Windows\system32\wiascanprofiles.dll
2009-11-13 18:17:03 ----A---- C:\Windows\system32\setupugc.exe
2009-11-13 18:17:03 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2009-11-13 18:17:03 ----A---- C:\Windows\system32\pnrpnsp.dll
2009-11-13 18:17:03 ----A---- C:\Windows\system32\pngfilt.dll
2009-11-13 18:17:03 ----A---- C:\Windows\system32\iscsiexe.dll
2009-11-13 18:17:03 ----A---- C:\Windows\system32\icacls.exe
2009-11-13 18:17:03 ----A---- C:\Windows\system32\consent.exe
2009-11-13 18:17:02 ----A---- C:\Windows\system32\p2pnetsh.dll
2009-11-13 18:17:02 ----A---- C:\Windows\system32\msdmo.dll
2009-11-13 18:17:01 ----A---- C:\Windows\system32\xactsrv.dll
2009-11-13 18:17:01 ----A---- C:\Windows\system32\PNPXAssocPrx.dll
2009-11-13 18:17:01 ----A---- C:\Windows\system32\msrdc.dll
2009-11-13 18:16:59 ----A---- C:\Windows\system32\eappprxy.dll
2009-11-13 18:16:58 ----A---- C:\Windows\system32\pcadm.dll
2009-11-13 18:16:57 ----A---- C:\Windows\system32\xwizards.dll
2009-11-13 18:16:57 ----A---- C:\Windows\system32\systeminfo.exe
2009-11-13 18:16:57 ----A---- C:\Windows\system32\netcfg.exe
2009-11-13 18:16:57 ----A---- C:\Windows\system32\cmdl32.exe
2009-11-13 18:16:56 ----A---- C:\Windows\system32\resutils.dll
2009-11-13 18:16:56 ----A---- C:\Windows\system32\DWWIN.EXE
2009-11-13 18:16:56 ----A---- C:\Windows\system32\alg.exe
2009-11-13 18:16:55 ----A---- C:\Windows\system32\dssec.dll
2009-11-13 18:16:55 ----A---- C:\Windows\system32\dot3ui.dll
2009-11-13 18:16:55 ----A---- C:\Windows\system32\dfrgifc.exe
2009-11-13 18:16:54 ----A---- C:\Windows\system32\netprof.dll
2009-11-13 18:16:54 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2009-11-13 18:16:54 ----A---- C:\Windows\system32\dbnetlib.dll
2009-11-13 18:16:54 ----A---- C:\Windows\system32\btpanui.dll
2009-11-13 18:16:54 ----A---- C:\Windows\regedit.exe
2009-11-13 18:16:53 ----A---- C:\Windows\system32\txflog.dll
2009-11-13 18:16:53 ----A---- C:\Windows\system32\apircl.dll
2009-11-13 18:16:52 ----A---- C:\Windows\system32\taskkill.exe
2009-11-13 18:16:52 ----A---- C:\Windows\system32\iexpress.exe
2009-11-13 18:16:51 ----A---- C:\Windows\system32\tbssvc.dll
2009-11-13 18:16:51 ----A---- C:\Windows\system32\RASMM.dll
2009-11-13 18:16:51 ----A---- C:\Windows\system32\msieftp.dll
2009-11-13 18:16:51 ----A---- C:\Windows\system32\dxva2.dll
2009-11-13 18:16:51 ----A---- C:\Windows\system32\dwmapi.dll
2009-11-13 18:16:51 ----A---- C:\Windows\system32\bcdprov.dll
2009-11-13 18:16:51 ----A---- C:\Windows\system32\ActionQueue.dll
2009-11-13 18:16:50 ----A---- C:\Windows\system32\svchost.exe
2009-11-13 18:16:50 ----A---- C:\Windows\system32\provthrd.dll
2009-11-13 18:16:49 ----A---- C:\Windows\system32\syncui.dll
2009-11-13 18:16:49 ----A---- C:\Windows\system32\EAPQEC.DLL
2009-11-13 18:16:49 ----A---- C:\Windows\system32\dmocx.dll
2009-11-13 18:16:48 ----A---- C:\Windows\system32\aclui.dll
2009-11-13 18:16:47 ----A---- C:\Windows\system32\WMASF.DLL
2009-11-13 18:16:47 ----A---- C:\Windows\system32\raserver.exe
2009-11-13 18:16:46 ----A---- C:\Windows\system32\ias.dll
2009-11-13 18:16:46 ----A---- C:\Windows\system32\dnscacheugc.exe
2009-11-13 18:16:46 ----A---- C:\Windows\system32\brcplsdw.dll
2009-11-13 18:16:46 ----A---- C:\Windows\system32\audiodev.dll
2009-11-13 18:16:45 ----A---- C:\Windows\system32\xcopy.exe
2009-11-13 18:16:45 ----A---- C:\Windows\system32\UIHub.dll
2009-11-13 18:16:45 ----A---- C:\Windows\system32\taskmgr.exe
2009-11-13 18:16:44 ----A---- C:\Windows\system32\upnp.dll
2009-11-13 18:16:44 ----A---- C:\Windows\system32\QCLIPROV.DLL
2009-11-13 18:16:43 ----A---- C:\Windows\system32\NapiNSP.dll
2009-11-13 18:16:43 ----A---- C:\Windows\system32\msoert2.dll
2009-11-13 18:16:43 ----A---- C:\Windows\system32\mountvol.exe
2009-11-13 18:16:43 ----A---- C:\Windows\system32\mmcshext.dll
2009-11-13 18:16:43 ----A---- C:\Windows\system32\icsfiltr.dll
2009-11-13 18:16:43 ----A---- C:\Windows\system32\cmstp.exe
2009-11-13 18:16:43 ----A---- C:\Windows\system32\appinfo.dll
2009-11-13 18:16:42 ----A---- C:\Windows\system32\wlanext.exe
2009-11-13 18:16:42 ----A---- C:\Windows\system32\perfts.dll
2009-11-13 18:16:42 ----A---- C:\Windows\system32\browser.dll
2009-11-13 18:16:41 ----A---- C:\Windows\system32\dskquoui.dll
2009-11-13 18:16:41 ----A---- C:\Windows\system32\AuxiliaryDisplayApi.dll
2009-11-13 18:16:40 ----A---- C:\Windows\system32\PING.EXE
2009-11-13 18:16:40 ----A---- C:\Windows\system32\inetmib1.dll
2009-11-13 18:16:40 ----A---- C:\Windows\system32\cewmdm.dll
2009-11-13 18:16:40 ----A---- C:\Windows\system32\bitsadmin.exe
2009-11-13 18:16:39 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2009-11-13 18:16:39 ----A---- C:\Windows\system32\SoundRecorder.exe
2009-11-13 18:16:39 ----A---- C:\Windows\system32\qcap.dll
2009-11-13 18:16:39 ----A---- C:\Windows\system32\qasf.dll
2009-11-13 18:16:39 ----A---- C:\Windows\system32\ieakeng.dll
2009-11-13 18:16:38 ----A---- C:\Windows\system32\SysFxUI.dll
2009-11-13 18:16:38 ----A---- C:\Windows\system32\dsuiext.dll
2009-11-13 18:16:37 ----A---- C:\Windows\system32\WUDFSvc.dll
2009-11-13 18:16:37 ----A---- C:\Windows\system32\wmpsrcwp.dll
2009-11-13 18:16:37 ----A---- C:\Windows\system32\SecEdit.exe
2009-11-13 18:16:37 ----A---- C:\Windows\system32\mtstocom.exe
2009-11-13 18:16:37 ----A---- C:\Windows\system32\auditpol.exe
2009-11-13 18:16:36 ----A---- C:\Windows\system32\WMVSENCD.DLL
2009-11-13 18:16:36 ----A---- C:\Windows\system32\Sens.dll
2009-11-13 18:16:36 ----A---- C:\Windows\system32\makecab.exe
2009-11-13 18:16:36 ----A---- C:\Windows\system32\lsmproxy.dll
2009-11-13 18:16:36 ----A---- C:\Windows\system32\batt.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\xwtpw32.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\sppnp.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\shimgvw.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\seclogon.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\sbeio.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\ndfapi.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\msdadiag.dll
2009-11-13 18:16:35 ----A---- C:\Windows\system32\dot3gpclnt.dll
2009-11-13 18:16:34 ----A---- C:\Windows\system32\wzcdlg.dll
2009-11-13 18:16:34 ----A---- C:\Windows\system32\wiashext.dll
2009-11-13 18:16:34 ----A---- C:\Windows\system32\dxtrans.dll
2009-11-13 18:16:34 ----A---- C:\Windows\system32\apss.dll
2009-11-13 18:16:33 ----A---- C:\Windows\system32\wscmisetup.dll
2009-11-13 18:16:33 ----A---- C:\Windows\system32\wiadefui.dll
2009-11-13 18:16:33 ----A---- C:\Windows\system32\shacct.dll
2009-11-13 18:16:33 ----A---- C:\Windows\system32\msorcl32.dll
2009-11-13 18:16:32 ----A---- C:\Windows\system32\wpdwcn.dll
2009-11-13 18:16:32 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2009-11-13 18:16:32 ----A---- C:\Windows\system32\userinit.exe
2009-11-13 18:16:32 ----A---- C:\Windows\system32\sxstrace.exe
2009-11-13 18:16:32 ----A---- C:\Windows\system32\perfmon.exe
2009-11-13 18:16:32 ----A---- C:\Windows\system32\p2phost.exe
2009-11-13 18:16:32 ----A---- C:\Windows\system32\napipsec.dll
2009-11-13 18:16:31 ----A---- C:\Windows\system32\winrshost.exe
2009-11-13 18:16:31 ----A---- C:\Windows\system32\ktmutil.exe
2009-11-13 18:16:31 ----A---- C:\Windows\system32\keymgr.dll
2009-11-13 18:16:31 ----A---- C:\Windows\system32\HelpPaneProxy.dll
2009-11-13 18:16:31 ----A---- C:\Windows\system32\csrsrv.dll
2009-11-13 18:16:30 ----A---- C:\Windows\system32\tasklist.exe
2009-11-13 18:16:30 ----A---- C:\Windows\system32\TapiMigPlugin.dll
2009-11-13 18:16:30 ----A---- C:\Windows\system32\prntvpt.dll
2009-11-13 18:16:29 ----A---- C:\Windows\system32\notepad.exe
2009-11-13 18:16:29 ----A---- C:\Windows\system32\MP4SDECD.DLL
2009-11-13 18:16:29 ----A---- C:\Windows\system32\fmifs.dll
2009-11-13 18:16:29 ----A---- C:\Windows\system32\d3dim700.dll
2009-11-13 18:16:29 ----A---- C:\Windows\system32\colorui.dll
2009-11-13 18:16:29 ----A---- C:\Windows\notepad.exe
2009-11-13 18:16:27 ----A---- C:\Windows\system32\wscproxystub.dll
2009-11-13 18:16:27 ----A---- C:\Windows\system32\winethc.dll
2009-11-13 18:16:27 ----A---- C:\Windows\system32\nshipsec.dll
2009-11-13 18:16:27 ----A---- C:\Windows\system32\netiougc.exe
2009-11-13 18:16:27 ----A---- C:\Windows\system32\driverquery.exe
2009-11-13 18:16:27 ----A---- C:\Windows\system32\cryptdll.dll
2009-11-13 18:16:26 ----A---- C:\Windows\system32\takeown.exe
2009-11-13 18:16:26 ----A---- C:\Windows\system32\pcasvc.dll
2009-11-13 18:16:25 ----A---- C:\Windows\system32\txfw32.dll
2009-11-13 18:16:25 ----A---- C:\Windows\system32\pots.dll
2009-11-13 18:16:25 ----A---- C:\Windows\system32\inseng.dll
2009-11-13 18:16:24 ----A---- C:\Windows\system32\wmiprop.dll
2009-11-13 18:16:24 ----A---- C:\Windows\system32\findnetprinters.dll
2009-11-13 18:16:24 ----A---- C:\Windows\system32\capisp.dll
2009-11-13 18:16:23 ----A---- C:\Windows\system32\shrpubw.exe
2009-11-13 18:16:23 ----A---- C:\Windows\system32\fsutil.exe
2009-11-13 18:16:23 ----A---- C:\Windows\system32\dnshc.dll
2009-11-13 18:16:22 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2009-11-13 18:16:22 ----A---- C:\Windows\system32\perfnet.dll
2009-11-13 18:16:22 ----A---- C:\Windows\system32\nsisvc.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\WLanHC.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\wextract.exe
2009-11-13 18:16:21 ----A---- C:\Windows\system32\TMM.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\shgina.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\sfc_os.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\rshx32.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\RpcPing.exe
2009-11-13 18:16:21 ----A---- C:\Windows\system32\olecli32.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\luainstall.dll
2009-11-13 18:16:21 ----A---- C:\Windows\system32\fdPHost.dll
2009-11-13 18:16:20 ----A---- C:\Windows\system32\wiaacmgr.exe
2009-11-13 18:16:20 ----A---- C:\Windows\system32\runonce.exe
2009-11-13 18:16:20 ----A---- C:\Windows\system32\ktmw32.dll
2009-11-13 18:16:20 ----A---- C:\Windows\system32\d3dim.dll
2009-11-13 18:16:20 ----A---- C:\Windows\system32\compstui.dll
2009-11-13 18:16:19 ----A---- C:\Windows\system32\WMADMOE.DLL
2009-11-13 18:16:19 ----A---- C:\Windows\system32\getmac.exe
2009-11-13 18:16:19 ----A---- C:\Windows\system32\dimsjob.dll
2009-11-13 18:16:19 ----A---- C:\Windows\system32\cmlua.dll
2009-11-13 18:16:18 ----A---- C:\Windows\system32\UI0Detect.exe
2009-11-13 18:16:18 ----A---- C:\Windows\system32\net.exe
2009-11-13 18:16:18 ----A---- C:\Windows\system32\mdminst.dll
2009-11-13 18:16:18 ----A---- C:\Windows\system32\dsauth.dll
2009-11-13 18:16:17 ----A---- C:\Windows\system32\w32tm.exe
2009-11-13 18:16:17 ----A---- C:\Windows\system32\MPG4DECD.DLL
2009-11-13 18:16:17 ----A---- C:\Windows\system32\MP43DECD.DLL
2009-11-13 18:16:17 ----A---- C:\Windows\system32\imgutil.dll
2009-11-13 18:16:16 ----A---- C:\Windows\system32\wmpshell.dll
2009-11-13 18:16:15 ----A---- C:\Windows\system32\srdelayed.exe
2009-11-13 18:16:15 ----A---- C:\Windows\system32\ACW.exe
2009-11-13 18:16:14 ----A---- C:\Windows\system32\sdchange.exe
2009-11-13 18:16:14 ----A---- C:\Windows\system32\pnpts.dll
2009-11-13 18:16:14 ----A---- C:\Windows\system32\migisol.dll
2009-11-13 18:16:14 ----A---- C:\Windows\system32\cmutil.dll
2009-11-13 18:16:13 ----A---- C:\Windows\system32\sfc.exe
2009-11-13 18:16:13 ----A---- C:\Windows\system32\PortableDeviceWiaCompat.dll
2009-11-13 18:16:13 ----A---- C:\Windows\system32\dispci.dll
2009-11-13 18:16:13 ----A---- C:\Windows\system32\diantz.exe
2009-11-13 18:16:13 ----A---- C:\Windows\system32\comrepl.dll
2009-11-13 18:16:12 ----A---- C:\Windows\system32\dinput8.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\wmidx.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\vdmredir.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\remotepg.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\pdhui.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\nlaapi.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\fwcfg.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\expand.exe
2009-11-13 18:16:10 ----A---- C:\Windows\system32\EncDump.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\colbact.dll
2009-11-13 18:16:10 ----A---- C:\Windows\system32\cfgbkend.dll
2009-11-13 18:16:09 ----A---- C:\Windows\system32\utildll.dll
2009-11-13 18:16:09 ----A---- C:\Windows\system32\TpmInit.exe
2009-11-13 18:16:09 ----A---- C:\Windows\system32\hlink.dll
2009-11-13 18:16:08 ----A---- C:\Windows\system32\McxDriv.dll
2009-11-13 18:16:08 ----A---- C:\Windows\system32\iernonce.dll
2009-11-13 18:16:08 ----A---- C:\Windows\system32\bridgeunattend.exe
2009-11-13 18:16:08 ----A---- C:\Windows\system32\amstream.dll
2009-11-13 18:16:07 ----A---- C:\Windows\system32\wmvdspa.dll
2009-11-13 18:16:07 ----A---- C:\Windows\system32\sti_ci.dll
2009-11-13 18:16:07 ----A---- C:\Windows\system32\rdrleakdiag.exe
2009-11-13 18:16:07 ----A---- C:\Windows\system32\esentutl.exe
2009-11-13 18:16:07 ----A---- C:\Windows\system32\bootcfg.exe
2009-11-13 18:16:06 ----A---- C:\Windows\system32\waitfor.exe
2009-11-13 18:16:06 ----A---- C:\Windows\system32\vds_ps.dll
2009-11-13 18:16:06 ----A---- C:\Windows\system32\tabcal.exe
2009-11-13 18:16:06 ----A---- C:\Windows\system32\iscsium.dll
2009-11-13 18:16:06 ----A---- C:\Windows\system32\cmcfg32.dll
2009-11-13 18:16:05 ----A---- C:\Windows\system32\qdv.dll
2009-11-13 18:16:05 ----A---- C:\Windows\system32\osblprov.dll
2009-11-13 18:16:05 ----A---- C:\Windows\system32\dpnet.dll
2009-11-13 18:16:04 ----A---- C:\Windows\system32\WsmCl.dll
2009-11-13 18:16:04 ----A---- C:\Windows\system32\wfapigp.dll
2009-11-13 18:16:04 ----A---- C:\Windows\system32\shutdown.exe
2009-11-13 18:16:04 ----A---- C:\Windows\system32\cacls.exe
2009-11-13 18:16:03 ----A---- C:\Windows\system32\wmpcm.dll
2009-11-13 18:16:03 ----A---- C:\Windows\system32\olesvr32.dll
2009-11-13 18:16:03 ----A---- C:\Windows\system32\msdtc.exe
2009-11-13 18:16:03 ----A---- C:\Windows\system32\DpiScaling.exe
2009-11-13 18:16:03 ----A---- C:\Windows\system32\COLORCNV.DLL
2009-11-13 18:16:02 ----A---- C:\Windows\system32\rasauto.dll
2009-11-13 18:16:02 ----A---- C:\Windows\system32\olethk32.dll
2009-11-13 18:16:02 ----A---- C:\Windows\system32\mfvdsp.dll
2009-11-13 18:16:01 ----A---- C:\Windows\system32\wpnpinst.exe
2009-11-13 18:16:01 ----A---- C:\Windows\system32\werdiagcontroller.dll
2009-11-13 18:16:01 ----A---- C:\Windows\system32\iscsiwmi.dll
2009-11-13 18:16:00 ----A---- C:\Windows\system32\wavemsp.dll
2009-11-13 18:16:00 ----A---- C:\Windows\system32\ufat.dll
2009-11-13 18:15:58 ----A---- C:\Windows\system32\sxproxy.dll
2009-11-13 18:15:58 ----A---- C:\Windows\system32\odbctrac.dll
2009-11-13 18:15:58 ----A---- C:\Windows\system32\at.exe
2009-11-13 18:15:57 ----A---- C:\Windows\system32\ucsvc.exe
2009-11-13 18:15:57 ----A---- C:\Windows\system32\rgb9rast.dll
2009-11-13 18:15:57 ----A---- C:\Windows\system32\RegCtrl.dll
2009-11-13 18:15:57 ----A---- C:\Windows\system32\mshta.exe
2009-11-13 18:15:57 ----A---- C:\Windows\system32\convert.exe
2009-11-13 18:15:56 ----A---- C:\Windows\system32\xmlprovi.dll
2009-11-13 18:15:56 ----A---- C:\Windows\system32\mobsync.exe
2009-11-13 18:15:56 ----A---- C:\Windows\system32\licmgr10.dll
2009-11-13 18:15:56 ----A---- C:\Windows\system32\itss.dll
2009-11-13 18:15:55 ----A---- C:\Windows\system32\TimeDateMUICallback.dll
2009-11-13 18:15:55 ----A---- C:\Windows\system32\prevhost.exe
2009-11-13 18:15:55 ----A---- C:\Windows\system32\netbtugc.exe
2009-11-13 18:15:55 ----A---- C:\Windows\system32\iscsied.dll
2009-11-13 18:15:55 ----A---- C:\Windows\system32\dskquota.dll
2009-11-13 18:15:55 ----A---- C:\Windows\system32\AuthFWGP.dll
2009-11-13 18:15:54 ----A---- C:\Windows\system32\tbs.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\unattendedjoin.exe
2009-11-13 18:15:53 ----A---- C:\Windows\system32\srclient.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\setupcln.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\l2gpstore.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\GuidedHelp.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\fphc.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\dmime.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\cmpbk32.dll
2009-11-13 18:15:53 ----A---- C:\Windows\system32\AtBroker.exe
2009-11-13 18:15:52 ----A---- C:\Windows\system32\winnsi.dll
2009-11-13 18:15:52 ----A---- C:\Windows\system32\mydocs.dll
2009-11-13 18:15:51 ----A---- C:\Windows\system32\regini.exe
2009-11-13 18:15:51 ----A---- C:\Windows\system32\dsdmo.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\usbui.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\odbccu32.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\odbccr32.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\napdsnap.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\msident.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\msdart.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\dot3dlg.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\devenum.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\apilogen.dll
2009-11-13 18:15:50 ----A---- C:\Windows\system32\amxread.dll
2009-11-13 18:15:49 ----A---- C:\Windows\system32\VIDRESZR.DLL
2009-11-13 18:15:49 ----A---- C:\Windows\system32\RacAgent.exe
2009-11-13 18:15:49 ----A---- C:\Windows\system32\cmstplua.dll
2009-11-13 18:15:48 ----A---- C:\Windows\system32\wpclsp.dll
2009-11-13 18:15:48 ----A---- C:\Windows\system32\WINSRPC.DLL
2009-11-13 18:15:48 ----A---- C:\Windows\system32\mtxlegih.dll
2009-11-13 18:15:48 ----A---- C:\Windows\system32\avrt.dll
2009-11-13 18:15:47 ----A---- C:\Windows\system32\vss_ps.dll
2009-11-13 18:15:47 ----A---- C:\Windows\system32\upnpcont.exe
2009-11-13 18:15:47 ----A---- C:\Windows\system32\srwmi.dll
2009-11-13 18:15:47 ----A---- C:\Windows\system32\nsi.dll
2009-11-13 18:15:47 ----A---- C:\Windows\system32\nbtstat.exe
2009-11-13 18:15:47 ----A---- C:\Windows\system32\mtxdm.dll
2009-11-13 18:15:47 ----A---- C:\Windows\system32\graftabl.com
2009-11-13 18:15:46 ----A---- C:\Windows\system32\mfcsubs.dll
2009-11-13 18:15:45 ----A---- C:\Windows\system32\wsock32.dll
2009-11-13 18:15:45 ----A---- C:\Windows\system32\WavDest.dll
2009-11-13 18:15:45 ----A---- C:\Windows\system32\vfwwdm32.dll
2009-11-13 18:15:45 ----A---- C:\Windows\system32\syskey.exe
2009-11-13 18:15:45 ----A---- C:\Windows\system32\rasphone.exe
2009-11-13 18:15:44 ----A---- C:\Windows\system32\wiarpc.dll
2009-11-13 18:15:44 ----A---- C:\Windows\system32\odbcbcp.dll
2009-11-13 18:15:44 ----A---- C:\Windows\system32\ndfetw.dll
2009-11-13 18:15:44 ----A---- C:\Windows\system32\MP3DMOD.DLL
2009-11-13 18:15:44 ----A---- C:\Windows\system32\extrac32.exe
2009-11-13 18:15:43 ----A---- C:\Windows\system32\procinst.dll
2009-11-13 18:15:43 ----A---- C:\Windows\system32\eventcls.dll
2009-11-13 18:15:42 ----A---- C:\Windows\system32\WindowsAnytimeUpgrade.exe
2009-11-13 18:15:42 ----A---- C:\Windows\system32\d3dxof.dll
2009-11-13 18:15:42 ----A---- C:\Windows\system32\csrss.exe
2009-11-13 18:15:41 ----A---- C:\Windows\system32\WlanMmHC.dll
2009-11-13 18:15:41 ----A---- C:\Windows\system32\wiadss.dll
2009-11-13 18:15:41 ----A---- C:\Windows\system32\TabbtnEx.dll
2009-11-13 18:15:41 ----A---- C:\Windows\system32\Tabbtn.dll
2009-11-13 18:15:41 ----A---- C:\Windows\system32\psbase.dll
2009-11-13 18:15:41 ----A---- C:\Windows\system32\dmscript.dll
2009-11-13 18:15:40 ----A---- C:\Windows\system32\CertEnrollCtrl.exe
2009-11-13 18:15:39 ----A---- C:\Windows\system32\dmloader.dll
2009-11-13 18:15:39 ----A---- C:\Windows\fveupdate.exe
2009-11-13 18:15:37 ----A---- C:\Windows\system32\wshcon.dll
2009-11-13 18:15:37 ----A---- C:\Windows\system32\Netplwiz.exe
2009-11-13 18:15:37 ----A---- C:\Windows\system32\credssp.dll
2009-11-13 18:15:36 ----A---- C:\Windows\system32\icsunattend.exe
2009-11-13 18:15:35 ----A---- C:\Windows\system32\PlaySndSrv.dll
2009-11-13 18:15:34 ----A---- C:\Windows\system32\WsmRes.dll
2009-11-13 18:15:34 ----A---- C:\Windows\system32\wship6.dll
2009-11-13 18:15:34 ----A---- C:\Windows\system32\sxsstore.dll
2009-11-13 18:15:34 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2009-11-13 18:15:33 ----A---- C:\Windows\system32\WSHTCPIP.DLL
2009-11-13 18:15:33 ----A---- C:\Windows\system32\setupSNK.exe
2009-11-13 18:15:33 ----A---- C:\Windows\system32\localui.dll
2009-11-13 18:15:33 ----A---- C:\Windows\system32\lltdapi.dll
2009-11-13 18:15:33 ----A---- C:\Windows\system32\icaapi.dll
2009-11-13 18:15:33 ----A---- C:\Windows\system32\ComputerDefaults.exe
2009-11-13 18:15:32 ----A---- C:\Windows\system32\tcpmon.ini
2009-11-13 18:15:32 ----A---- C:\Windows\system32\LangCleanupSysprepAction.dll
2009-11-13 18:15:31 ----A---- C:\Windows\system32\OptionalFeatures.exe
2009-11-13 18:15:30 ----A---- C:\Windows\system32\sbunattend.exe
2009-11-13 18:15:30 ----A---- C:\Windows\system32\dmutil.dll
2009-11-13 18:15:28 ----A---- C:\Windows\system32\usbperf.dll
2009-11-13 18:15:28 ----A---- C:\Windows\system32\spopk.dll
2009-11-13 18:15:28 ----A---- C:\Windows\system32\serialui.dll
2009-11-13 18:15:26 ----A---- C:\Windows\system32\cofiredm.dll
2009-11-13 18:15:25 ----A---- C:\Windows\system32\msfeedssync.exe
2009-11-13 18:15:22 ----A---- C:\Windows\system32\rasctrs.dll
2009-11-13 18:15:22 ----A---- C:\Windows\system32\msobjs.dll
2009-11-13 18:15:22 ----A---- C:\Windows\system32\corpol.dll
2009-11-13 18:15:20 ----A---- C:\Windows\system32\hnetmon.dll
2009-11-13 18:15:19 ----A---- C:\Windows\system32\InfDefaultInstall.exe
2009-11-13 18:15:19 ----A---- C:\Windows\system32\esentprf.dll
2009-11-13 18:15:18 ----A---- C:\Windows\system32\nlsbres.dll
2009-11-13 18:15:18 ----A---- C:\Windows\system32\LogonUI.exe
2009-11-13 18:15:17 ----A---- C:\Windows\system32\url.dll
2009-11-13 18:15:17 ----A---- C:\Windows\system32\iprtprio.dll
2009-11-13 18:15:11 ----A---- C:\Windows\system32\cfgmgr32.dll
2009-11-13 18:15:10 ----A---- C:\Windows\system32\osbaseln.dll
2009-11-13 18:15:05 ----A---- C:\Windows\system32\msmmsp.dll
2009-11-13 18:15:01 ----A---- C:\Windows\system32\winusb.dll
2009-11-13 18:15:01 ----A---- C:\Windows\system32\rdpcfgex.dll
2009-11-13 18:15:01 ----A---- C:\Windows\system32\dispex.dll
2009-11-13 18:14:52 ----A---- C:\Windows\system32\Nlsdl.dll
2009-11-13 18:14:50 ----A---- C:\Windows\system32\riched32.dll
2009-11-13 18:14:50 ----A---- C:\Windows\system32\msidle.dll
2009-11-13 18:14:50 ----A---- C:\Windows\system32\idndl.dll
2009-11-13 18:14:47 ----A---- C:\Windows\system32\KBDKOR.DLL
2009-11-13 18:14:47 ----A---- C:\Windows\system32\KBDJPN.DLL
2009-11-13 18:14:41 ----A---- C:\Windows\system32\vga256.dll
2009-11-13 18:14:40 ----A---- C:\Windows\system32\tsddd.dll
2009-11-13 18:14:39 ----A---- C:\Windows\system32\vga64k.dll
2009-11-13 18:14:39 ----A---- C:\Windows\system32\framebuf.dll
2009-11-13 18:14:38 ----A---- C:\Windows\system32\vga.dll
2009-11-13 18:14:36 ----A---- C:\Windows\system32\dmdskres2.dll
2009-11-13 18:14:36 ----A---- C:\Windows\system32\bootstr.dll
2009-11-13 18:14:33 ----A---- C:\Windows\system32\spwizres.dll
2009-11-13 18:14:28 ----A---- C:\Windows\system32\gatherWiredInfo.vbs
2009-11-13 18:14:25 ----A---- C:\Windows\system32\fsmgmt.msc
2009-11-13 18:14:11 ----A---- C:\Windows\system32\perfmon.msc
2009-11-13 18:13:10 ----A---- C:\Windows\system32\xmllite.dll
2009-11-13 18:13:09 ----A---- C:\Windows\system32\wbemcomn.dll
2009-11-13 18:13:06 ----A---- C:\Windows\system32\sqmapi.dll
2009-11-13 18:13:06 ----A---- C:\Windows\system32\SmiInstaller.dll
2009-11-13 18:12:54 ----A---- C:\Windows\system32\mspatcha.dll
2009-11-13 18:12:54 ----A---- C:\Windows\system32\msdelta.dll
2009-11-13 18:12:54 ----A---- C:\Windows\system32\dpx.dll
2009-11-13 01:31:59 ----D---- C:\Windows\system32\x64
2009-11-12 21:12:13 ----A---- C:\Windows\system32\printcom.dll
2009-11-12 21:11:30 ----A---- C:\Windows\system32\wshrm.dll
2009-11-12 21:11:02 ----A---- C:\Windows\system32\wmpdxm.dll
2009-11-12 19:43:59 ----D---- C:\Users\Seth\AppData\Roaming\WinRAR
2009-11-12 19:40:13 ----D---- C:\Program Files\VideoLAN
2009-11-12 19:39:30 ----D---- C:\Program Files\BitComet
2009-11-12 19:36:27 ----D---- C:\Users\Seth\AppData\Roaming\IrfanView
2009-11-12 19:36:26 ----D---- C:\Program Files\IrfanView
2009-11-12 19:31:10 ----D---- C:\Users\Seth\AppData\Roaming\Mozilla
2009-11-12 19:30:54 ----D---- C:\Program Files\Mozilla Firefox
2009-11-12 18:10:30 ----D---- C:\Program Files\Air Mouse
2009-11-12 17:10:49 ----A---- C:\Windows\system32\wups2.dll
2009-11-12 17:10:49 ----A---- C:\Windows\system32\wucltux.dll
2009-11-12 17:10:49 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-12 17:10:48 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-12 17:09:18 ----A---- C:\Windows\system32\wups.dll
2009-11-12 17:09:18 ----A---- C:\Windows\system32\wudriver.dll
2009-11-12 17:09:18 ----A---- C:\Windows\system32\wuapi.dll
2009-11-12 17:07:59 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-12 17:07:59 ----A---- C:\Windows\system32\wuapp.exe
2009-11-12 05:18:47 ----A---- C:\Windows\system32\winipsec.dll
2009-11-12 05:18:46 ----A---- C:\Windows\system32\polstore.dll
2009-11-12 05:13:38 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-11-12 05:13:38 ----A---- C:\Windows\system32\netiohlp.dll
2009-11-12 05:13:38 ----A---- C:\Windows\system32\netevent.dll
2009-11-12 05:13:38 ----A---- C:\Windows\system32\MRINFO.EXE
2009-11-12 05:13:38 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-11-12 05:13:38 ----A---- C:\Windows\system32\finger.exe
2009-11-12 05:13:37 ----A---- C:\Windows\system32\ROUTE.EXE
2009-11-12 05:13:37 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-11-12 05:13:37 ----A---- C:\Windows\system32\ARP.EXE
2009-11-12 05:09:48 ----A---- C:\Windows\system32\L2SecHC.dll
2009-11-12 05:09:47 ----A---- C:\Windows\system32\wlansvc.dll
2009-11-12 05:09:47 ----A---- C:\Windows\system32\wlansec.dll
2009-11-12 05:09:47 ----A---- C:\Windows\system32\wlanmsm.dll
2009-11-12 05:09:47 ----A---- C:\Windows\system32\wlanhlp.dll
2009-11-12 05:09:47 ----A---- C:\Windows\system32\wlanapi.dll
2009-11-12 05:09:44 ----A---- C:\Windows\system32\gatherWirelessInfo.vbs
2009-11-12 05:08:31 ----A---- C:\Windows\system32\lpk.dll
2009-11-12 05:08:31 ----A---- C:\Windows\system32\dciman32.dll
2009-11-12 05:08:31 ----A---- C:\Windows\system32\atmlib.dll
2009-11-12 05:08:31 ----A---- C:\Windows\system32\atmfd.dll
2009-11-12 05:07:19 ----A---- C:\Windows\system32\msv1_0.dll
2009-11-12 05:05:05 ----A---- C:\Windows\system32\rrinstaller.exe
2009-11-12 05:05:05 ----A---- C:\Windows\system32\mfps.dll
2009-11-12 05:05:05 ----A---- C:\Windows\system32\mf.dll
2009-11-12 05:05:04 ----A---- C:\Windows\system32\mfpmp.exe
2009-11-12 05:05:04 ----A---- C:\Windows\system32\mferror.dll
2009-11-12 05:05:03 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-11-12 04:59:54 ----A---- C:\Windows\system32\jsproxy.dll
2009-11-12 04:59:53 ----A---- C:\Windows\system32\ieakui.dll
2009-11-12 04:59:53 ----A---- C:\Windows\system32\admparse.dll
2009-11-12 04:59:48 ----A---- C:\Windows\system32\mshtmler.dll
2009-11-12 04:58:13 ----A---- C:\Windows\system32\atl.dll
2009-11-12 04:53:21 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-11-12 04:53:21 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-11-12 04:49:08 ----A---- C:\Windows\system32\wkssvc.dll
2009-11-12 04:48:09 ----A---- C:\Windows\system32\tsgqec.dll
2009-11-12 04:48:09 ----A---- C:\Windows\system32\mstscax.dll
2009-11-12 04:48:09 ----A---- C:\Windows\system32\aaclient.dll
2009-11-12 04:46:14 ----A---- C:\Windows\system32\msxml3r.dll
2009-11-12 04:36:31 ----A---- C:\Windows\system32\localspl.dll
2009-11-12 04:35:29 ----A---- C:\Windows\system32\msvfw32.dll
2009-11-12 04:35:29 ----A---- C:\Windows\system32\mciavi32.dll
2009-11-12 04:35:29 ----A---- C:\Windows\system32\avifil32.dll
2009-11-12 04:35:29 ----A---- C:\Windows\system32\avicap32.dll
2009-11-12 04:35:28 ----A---- C:\Windows\system32\msvidc32.dll
2009-11-12 04:35:28 ----A---- C:\Windows\system32\msrle32.dll
2009-11-12 04:31:28 ----A---- C:\Windows\system32\hcrstco.dll
2009-11-12 04:31:28 ----A---- C:\Windows\system32\hccoin.dll
2009-11-12 04:29:57 ----A---- C:\Windows\system32\wdigest.dll
2009-11-12 04:29:56 ----A---- C:\Windows\system32\secur32.dll
2009-11-12 04:29:56 ----A---- C:\Windows\system32\lsass.exe
2009-11-12 04:29:56 ----A---- C:\Windows\system32\kerberos.dll
2009-11-12 04:29:55 ----A---- C:\Windows\system32\schannel.dll
2009-11-12 04:29:55 ----A---- C:\Windows\system32\lsasrv.dll
2009-11-12 04:27:08 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2009-11-12 04:27:08 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2009-11-12 04:27:07 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2009-11-12 04:27:07 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2009-11-12 04:27:07 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2009-11-12 04:27:07 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2009-11-12 04:27:07 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2009-11-12 04:27:06 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2009-11-12 04:27:05 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2009-11-12 04:27:05 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2009-11-12 04:27:04 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2009-11-12 04:27:04 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2009-11-12 04:27:04 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2009-11-12 04:27:03 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2009-11-12 04:27:03 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2009-11-12 04:27:03 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2009-11-12 04:27:01 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2009-11-12 04:27:01 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2009-11-12 04:27:01 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2009-11-12 04:26:58 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2009-11-12 04:26:58 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2009-11-12 04:26:58 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2009-11-12 04:26:57 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2009-11-12 04:26:57 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2009-11-12 04:26:57 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2009-11-12 04:26:56 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2009-11-12 04:26:56 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2009-11-12 04:26:55 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2009-11-12 04:26:55 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2009-11-12 04:26:54 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2009-11-12 04:26:54 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2009-11-12 04:26:54 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2009-11-12 04:26:53 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2009-11-12 04:26:53 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2009-11-12 04:26:52 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2009-11-12 04:26:52 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2009-11-12 04:26:51 ----A---- C:\Windows\system32\NlsModels0011.dll
2009-11-12 04:26:51 ----A---- C:\Windows\system32\NlsData0047.dll
2009-11-12 04:26:51 ----A---- C:\Windows\system32\NlsData0046.dll
2009-11-12 04:26:51 ----A---- C:\Windows\system32\NlsData0045.dll
2009-11-12 04:26:50 ----A---- C:\Windows\system32\NlsData0049.dll
2009-11-12 04:26:50 ----A---- C:\Windows\system32\NlsData0039.dll
2009-11-12 04:26:50 ----A---- C:\Windows\system32\NlsData0020.dll
2009-11-12 04:26:49 ----A---- C:\Windows\system32\NlsData0027.dll
2009-11-12 04:26:49 ----A---- C:\Windows\system32\NlsData0026.dll
2009-11-12 04:26:49 ----A---- C:\Windows\system32\NlsData0024.dll
2009-11-12 04:26:49 ----A---- C:\Windows\system32\NlsData0022.dll
2009-11-12 04:26:49 ----A---- C:\Windows\system32\NlsData0021.dll
2009-11-12 04:26:48 ----A---- C:\Windows\system32\NlsData0011.dll
2009-11-12 04:26:48 ----A---- C:\Windows\system32\NlsData0010.dll
2009-11-12 04:26:47 ----A---- C:\Windows\system32\NlsData0013.dll
2009-11-12 04:26:46 ----A---- C:\Windows\system32\NlsData0019.dll
2009-11-12 04:26:46 ----A---- C:\Windows\system32\NlsData0018.dll
2009-11-12 04:26:46 ----A---- C:\Windows\system32\NlsData0000.dll
2009-11-12 04:26:45 ----A---- C:\Windows\system32\NlsData0007.dll
2009-11-12 04:26:45 ----A---- C:\Windows\system32\NlsData0003.dll
2009-11-12 04:26:45 ----A---- C:\Windows\system32\NlsData0002.dll
2009-11-12 04:26:45 ----A---- C:\Windows\system32\NlsData0001.dll
2009-11-12 04:26:44 ----A---- C:\Windows\system32\NlsData004b.dll
2009-11-12 04:26:44 ----A---- C:\Windows\system32\NlsData004a.dll
2009-11-12 04:26:44 ----A---- C:\Windows\system32\NlsData0009.dll
2009-11-12 04:26:43 ----A---- C:\Windows\system32\NlsData004e.dll
2009-11-12 04:26:43 ----A---- C:\Windows\system32\NlsData004c.dll
2009-11-12 04:26:43 ----A---- C:\Windows\system32\NlsData003e.dll
2009-11-12 04:26:43 ----A---- C:\Windows\system32\NlsData002a.dll
2009-11-12 04:26:42 ----A---- C:\Windows\system32\NlsData001d.dll
2009-11-12 04:26:42 ----A---- C:\Windows\system32\NlsData001b.dll
2009-11-12 04:26:42 ----A---- C:\Windows\system32\NlsData001a.dll
2009-11-12 04:26:41 ----A---- C:\Windows\system32\NlsData000f.dll
2009-11-12 04:26:41 ----A---- C:\Windows\system32\NlsData000d.dll
2009-11-12 04:26:41 ----A---- C:\Windows\system32\NlsData000c.dll
2009-11-12 04:26:41 ----A---- C:\Windows\system32\NlsData000a.dll
2009-11-12 04:26:40 ----A---- C:\Windows\system32\NlsData0416.dll
2009-11-12 04:26:40 ----A---- C:\Windows\system32\NlsData0414.dll
2009-11-12 04:26:39 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2009-11-12 04:26:39 ----A---- C:\Windows\system32\NlsData081a.dll
2009-11-12 04:26:39 ----A---- C:\Windows\system32\NlsData0816.dll
2009-11-12 04:26:38 ----A---- C:\Windows\system32\NlsData0c1a.dll
2009-11-12 04:23:31 ----A---- C:\Windows\system32\kbd106n.dll
2009-11-12 04:21:13 ----A---- C:\Windows\system32\jscript.dll
2009-11-12 04:01:05 ----A---- C:\Windows\system32\netfxperf.dll
2009-11-12 03:39:56 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-11-12 03:39:54 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-11-12 03:39:54 ----A---- C:\Windows\system32\gameux.dll
2009-11-12 03:37:59 ----A---- C:\Windows\system32\INETRES.dll
2009-11-12 03:37:34 ----A---- C:\Windows\system32\msasn1.dll
2009-11-12 03:35:47 ----A---- C:\Windows\system32\rpcrt4.dll
2009-11-12 03:34:04 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-12 03:33:30 ----A---- C:\Windows\system32\msxml6r.dll
2009-11-12 03:32:19 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-11-12 03:30:22 ----A---- C:\Windows\system32\unregmp2.exe
2009-11-12 03:30:21 ----A---- C:\Windows\system32\wmploc.DLL
2009-11-12 03:30:20 ----A---- C:\Windows\system32\wmp.dll
2009-11-12 03:30:20 ----A---- C:\Windows\system32\spwmp.dll
2009-11-12 03:30:19 ----A---- C:\Windows\system32\dxmasf.dll
2009-11-12 01:43:01 ----D---- C:\Users\Seth\AppData\Roaming\OpenOffice.org
2009-11-12 01:19:27 ----D---- C:\Users\Seth\AppData\Roaming\acccore
2009-11-12 01:14:12 ----D---- C:\Users\Seth\AppData\Roaming\Toshiba
2009-11-12 01:12:18 ----D---- C:\Program Files\JRE
2009-11-12 01:12:08 ----D---- C:\Program Files\OpenOffice.org 3
2009-11-12 01:11:39 ----A---- C:\Windows\system32\deploytk.dll
2009-11-12 01:09:54 ----D---- C:\Users\Seth\AppData\Roaming\Macromedia
2009-11-12 01:09:54 ----D---- C:\Users\Seth\AppData\Roaming\Adobe
2009-11-12 01:07:40 ----D---- C:\Program Files\WinRAR
2009-11-12 01:07:16 ----D---- C:\Users\Seth\AppData\Roaming\Apple Computer
2009-11-12 01:07:05 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-12 01:07:05 ----A---- C:\Windows\system32\GEARAspi.dll
2009-11-12 01:06:15 ----D---- C:\Program Files\iPod
2009-11-12 01:06:13 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-12 01:06:13 ----D---- C:\Program Files\iTunes
2009-11-12 01:05:33 ----D---- C:\Program Files\Bonjour
2009-11-12 01:04:58 ----D---- C:\Program Files\QuickTime
2009-11-12 01:04:57 ----D---- C:\ProgramData\Apple Computer
2009-11-12 01:04:34 ----D---- C:\Program Files\Apple Software Update
2009-11-12 01:02:35 ----D---- C:\ProgramData\Apple
2009-11-12 01:02:35 ----D---- C:\Program Files\Common Files\Apple
2009-11-12 00:58:51 ----D---- C:\ProgramData\AIM
2009-11-12 00:58:47 ----D---- C:\Program Files\AIM
2009-11-12 00:58:40 ----D---- C:\Program Files\Common Files\Software Update Utility
2009-11-12 00:58:39 ----D---- C:\Program Files\Common Files\AOL
2009-11-12 00:42:48 ----A---- C:\Windows\system32\hpzids01.dll
2009-11-12 00:42:44 ----A---- C:\Windows\system32\hpz3l4sa.dll
2009-11-11 23:21:12 ----D---- C:\Users\Seth\AppData\Roaming\Google
2009-11-11 22:43:40 ----D---- C:\Users\Seth\AppData\Roaming\Identities
2009-11-11 22:43:22 ----SD---- C:\Users\Seth\AppData\Roaming\Microsoft
2009-11-11 22:43:22 ----D---- C:\Users\Seth\AppData\Roaming\Media Center Programs
2009-11-11 22:32:04 ----D---- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-11-11 22:31:55 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2009-11-11 22:31:03 ----A---- C:\Windows\system32\msonpmon.dll
2009-11-11 22:30:16 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-11 22:30:04 ----D---- C:\Windows\PCHEALTH
2009-11-11 22:30:04 ----D---- C:\Program Files\Microsoft.NET
2009-11-11 22:28:24 ----D---- C:\ProgramData\Microsoft Help
2009-11-11 22:25:57 ----RHD---- C:\MSOCache
2009-11-11 22:25:05 ----D---- C:\Program Files\Microsoft Office
2009-11-11 22:24:15 ----D---- C:\Program Files\Microsoft Works
2009-11-11 22:18:36 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-11-11 22:18:36 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-11-11 22:18:24 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-11-11 22:18:23 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-11-11 22:18:22 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-11-11 22:18:22 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-11-11 22:18:21 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-11-11 22:18:20 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-11-11 22:15:57 ----D---- C:\Program Files\Camera Assistant Software for Toshiba
2009-11-11 22:12:16 ----D---- C:\Program Files\ltmoh
2009-11-11 22:12:16 ----A---- C:\Windows\system32\tosmreg.ini
2009-11-11 22:12:16 ----A---- C:\Windows\system32\tosmreg.exe
2009-11-11 22:12:16 ----A---- C:\Windows\system32\cseltbl.ini
2009-11-11 22:12:15 ----A---- C:\Windows\system32\csellang.ini
2009-11-11 22:12:15 ----A---- C:\Windows\system32\csellang.dll
2009-11-11 22:12:15 ----A---- C:\Windows\system32\cselect.exe
2009-11-11 22:11:53 ----D---- C:\Windows\Options
2009-11-11 22:04:50 ----D---- C:\Windows\system32\Lang
2009-11-11 22:04:50 ----A---- C:\Windows\system32\igxpun.exe
2009-11-11 22:04:50 ----A---- C:\Windows\system32\difxapi.dll
2009-11-11 22:03:48 ----SHD---- C:\$RECYCLE.BIN
2009-11-11 22:01:31 ----D---- C:\Windows\SoftwareDistribution
2009-11-11 21:56:56 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 3 months======

2010-01-24 15:57:54 ----RD---- C:\Program Files
2010-01-24 15:57:47 ----D---- C:\Windows\Temp
2010-01-24 15:37:08 ----D---- C:\Windows\system32\drivers
2010-01-23 17:45:12 ----D---- C:\Windows\Downloaded Installations
2010-01-23 16:59:46 ----D---- C:\Windows
2010-01-23 16:46:48 ----HD---- C:\ProgramData
2010-01-23 16:32:53 ----D---- C:\Windows\Prefetch
2010-01-23 16:15:36 ----D---- C:\Windows\system32\catroot2
2010-01-22 03:13:27 ----SHD---- C:\Windows\Installer
2010-01-22 03:13:20 ----D---- C:\Program Files\Common Files
2010-01-22 03:04:18 ----AD---- C:\Windows\System32
2010-01-22 03:01:37 ----D---- C:\Windows\winsxs
2010-01-22 01:01:38 ----D---- C:\Windows\system32\catroot
2010-01-21 21:58:19 ----D---- C:\Windows\inf
2010-01-19 15:46:25 ----D---- C:\Windows\system32\WDI
2010-01-13 02:52:08 ----RSD---- C:\Windows\Fonts
2010-01-12 21:00:53 ----D---- C:\Program Files\Windows Mail
2010-01-08 15:09:51 ----D---- C:\Windows\system32\Macromed
2010-01-04 19:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-04 01:52:58 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-17 17:41:16 ----D---- C:\Windows\Speech
2009-12-14 00:28:06 ----D---- C:\Windows\LiveKernelReports
2009-12-13 19:38:01 ----RSD---- C:\Windows\assembly
2009-12-13 19:35:02 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-09 10:23:26 ----D---- C:\Windows\rescache
2009-12-09 03:10:49 ----D---- C:\Windows\system32\en-US
2009-11-23 16:49:48 ----D---- C:\Program Files\Adobe
2009-11-20 23:20:30 ----SD---- C:\ProgramData\Microsoft
2009-11-16 22:21:59 ----D---- C:\Program Files\Java
2009-11-16 21:01:31 ----D---- C:\Windows\system32\Tasks
2009-11-16 20:58:34 ----D---- C:\Windows\system32\wbem
2009-11-16 20:58:31 ----D---- C:\Windows\system32\pt-BR
2009-11-16 20:58:31 ----D---- C:\Windows\system32\it-IT
2009-11-16 20:58:31 ----D---- C:\Windows\system32\bg-BG
2009-11-16 20:58:30 ----D---- C:\Windows\system32\zh-HK
2009-11-16 20:58:30 ----D---- C:\Windows\system32\uk-UA
2009-11-16 20:58:30 ----D---- C:\Windows\system32\sl-SI
2009-11-16 20:58:30 ----D---- C:\Windows\system32\pt-PT
2009-11-16 20:58:30 ----D---- C:\Windows\system32\pl-PL
2009-11-16 20:58:30 ----D---- C:\Windows\system32\ko-KR
2009-11-16 20:58:30 ----D---- C:\Windows\system32\hu-HU
2009-11-16 20:58:30 ----D---- C:\Windows\system32\hr-HR
2009-11-16 20:58:30 ----D---- C:\Windows\system32\he-IL
2009-11-16 20:58:29 ----D---- C:\Windows\system32\tr-TR
2009-11-16 20:58:29 ----D---- C:\Windows\system32\th-TH
2009-11-16 20:58:29 ----D---- C:\Windows\system32\sv-SE
2009-11-16 20:58:29 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-16 20:58:29 ----D---- C:\Windows\system32\nl-NL
2009-11-16 20:58:29 ----D---- C:\Windows\system32\fr-FR
2009-11-16 20:58:29 ----D---- C:\Windows\system32\fi-FI
2009-11-16 20:58:29 ----D---- C:\Windows\system32\el-GR
2009-11-16 20:58:28 ----D---- C:\Windows\system32\zh-TW
2009-11-16 20:58:28 ----D---- C:\Windows\system32\zh-CN
2009-11-16 20:58:28 ----D---- C:\Windows\system32\sk-SK
2009-11-16 20:58:28 ----D---- C:\Windows\system32\lv-LV
2009-11-16 20:58:28 ----D---- C:\Windows\system32\lt-LT
2009-11-16 20:58:28 ----D---- C:\Windows\system32\et-EE
2009-11-16 20:58:28 ----D---- C:\Windows\system32\es-ES
2009-11-16 20:58:28 ----D---- C:\Windows\system32\de-DE
2009-11-16 20:58:28 ----D---- C:\Windows\system32\cs-CZ
2009-11-16 20:58:27 ----D---- C:\Windows\system32\ru-RU
2009-11-16 20:58:27 ----D---- C:\Windows\system32\ro-RO
2009-11-16 20:58:27 ----D---- C:\Windows\system32\nb-NO
2009-11-16 20:58:27 ----D---- C:\Windows\system32\ja-JP
2009-11-16 20:58:27 ----D---- C:\Windows\system32\da-DK
2009-11-16 20:58:27 ----D---- C:\Windows\system32\ar-SA
2009-11-16 18:59:22 ----D---- C:\Windows\system32\LogFiles
2009-11-16 17:54:07 ----D---- C:\Windows\system32\Msdtc
2009-11-16 17:53:25 ----D---- C:\Windows\system32\config
2009-11-16 17:52:41 ----RD---- C:\Windows\Offline Web Pages
2009-11-16 17:52:24 ----D---- C:\Windows\Tasks
2009-11-16 17:52:24 ----D---- C:\Windows\system32\spool
2009-11-16 17:52:24 ----D---- C:\Windows\system32\CodeIntegrity
2009-11-16 17:52:06 ----D---- C:\Windows\registration
2009-11-16 17:52:00 ----D---- C:\Windows\PolicyDefinitions
2009-11-16 17:51:59 ----D---- C:\Program Files\Internet Explorer
2009-11-16 03:28:32 ----D---- C:\Windows\Microsoft.NET
2009-11-15 10:49:41 ----SHD---- C:\Boot
2009-11-15 10:38:25 ----D---- C:\Program Files\Windows Calendar
2009-11-15 10:38:25 ----D---- C:\Program Files\Movie Maker
2009-11-15 10:38:23 ----D---- C:\Program Files\Windows Sidebar
2009-11-15 10:38:23 ----D---- C:\Program Files\Windows Media Player
2009-11-15 10:38:23 ----D---- C:\Program Files\Windows Collaboration
2009-11-15 10:38:22 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-15 10:38:22 ----D---- C:\Program Files\Windows Journal
2009-11-15 10:38:22 ----D---- C:\Program Files\Common Files\System
2009-11-15 10:38:20 ----D---- C:\Windows\servicing
2009-11-15 10:38:20 ----D---- C:\Windows\ehome
2009-11-15 10:38:20 ----D---- C:\Program Files\Windows Defender
2009-11-15 10:38:13 ----D---- C:\Windows\system32\XPSViewer
2009-11-15 10:38:13 ----D---- C:\Windows\IME
2009-11-15 10:38:10 ----D---- C:\Windows\system32\migration
2009-11-15 10:38:10 ----AD---- C:\Windows\system32\oobe
2009-11-15 10:38:09 ----D---- C:\Windows\system32\setup
2009-11-15 10:38:09 ----D---- C:\Windows\system32\AdvancedInstallers
2009-11-15 10:38:08 ----D---- C:\Windows\system32\SLUI
2009-11-15 10:38:08 ----D---- C:\Windows\system32\en
2009-11-15 10:38:07 ----D---- C:\Windows\system32\manifeststore
2009-11-15 10:38:05 ----D---- C:\Windows\system32\migwiz
2009-11-15 10:37:34 ----D---- C:\Windows\AppPatch
2009-11-15 10:37:11 ----D---- C:\Windows\system32\Boot
2009-11-15 10:35:59 ----D---- C:\Windows\system32\RTCOM
2009-11-14 14:07:59 ----D---- C:\Windows\Logs
2009-11-14 12:14:20 ----ASH---- C:\Program Files\desktop.ini
2009-11-14 03:51:46 ----D---- C:\Windows\MSAgent
2009-11-14 03:51:44 ----D---- C:\Windows\L2Schemas
2009-11-14 03:51:44 ----D---- C:\Windows\DigitalLocker
2009-11-14 03:51:43 ----D---- C:\Windows\system32\com
2009-11-14 03:51:30 ----AD---- C:\Windows\system32\sysprep
2009-11-14 03:51:23 ----D---- C:\Windows\system32\ias
2009-11-14 03:49:01 ----D---- C:\Windows\Boot
2009-11-13 19:57:28 ----A---- C:\Windows\system32\ifxcardm.dll
2009-11-13 19:57:27 ----A---- C:\Windows\system32\axaltocm.dll
2009-11-12 16:07:24 ----D---- C:\Windows\system32\ras
2009-11-12 16:07:24 ----D---- C:\Windows\system32\icsxml
2009-11-12 04:42:42 ----D---- C:\Windows\Debug
2009-11-12 04:20:55 ----HD---- C:\Windows\msdownld.tmp
2009-11-12 02:54:42 ----D---- C:\ProgramData\McAfee
2009-11-12 02:24:50 ----D---- C:\Program Files\McAfee
2009-11-12 02:23:52 ----D---- C:\Program Files\Google
2009-11-11 22:47:25 ----D---- C:\Windows\system32\NDF
2009-11-11 22:43:22 ----RD---- C:\Users
2009-11-11 22:34:02 ----D---- C:\Windows\Panther
2009-11-11 22:31:30 ----D---- C:\WORKSSETUP
2009-11-11 22:29:10 ----D---- C:\Windows\ShellNew
2009-11-11 22:20:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-11 22:19:12 ----D---- C:\Program Files\InterVideo
2009-11-11 22:12:16 ----D---- C:\Windows\Driver Cache
2009-11-11 22:04:57 ----D---- C:\Windows\system32\restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys [2006-12-13 107608]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys [2006-10-26 71496]
R3 mfebopk;McAfee Inc.; C:\Windows\system32\drivers\mfebopk.sys [2006-10-26 34120]
R3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys [2006-10-26 168392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2007-01-24 290304]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 UVCFTR;UVCFTR; C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-01-26 17712]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-09 221696]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 mferkdk;McAfee Inc.; C:\Windows\system32\drivers\mferkdk.sys [2006-10-26 31944]
S3 mfesmfk;McAfee Inc.; C:\Windows\system32\drivers\mfesmfk.sys [2006-10-26 35048]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]
S3 rootrepeal;rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys []
S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 KR10I;KR10I; C:\Windows\system32\drivers\kr10i.sys [2007-01-03 216320]
S4 KR10N;KR10N; C:\Windows\system32\drivers\kr10n.sys [2007-01-03 207104]
S4 KR3NPXP;KR3NPXP; C:\Windows\system32\drivers\kr3npxp.sys [2007-01-03 479488]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Cepstral License Server;Cepstral License Server; C:\Program Files\Cepstral\bin\CepstralLicSrv.exe [2008-06-24 57344]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2006-11-14 40960]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service; C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe [2006-11-08 554600]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-09-17 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2006-10-30 362064]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2006-11-10 349784]
R2 McRedirector;McAfee Redirector Service; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [2006-11-02 239200]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2006-10-26 144960]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2006-11-17 833064]
R2 MPS9;McAfee Privacy Service; C:\Program Files\McAfee\MPS\mps.exe [2006-11-08 894504]
R2 MSK80Service;McAfee SpamKiller Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2006-11-03 28752]
R2 pinger;pinger; C:\Toshiba\IVP\ISM\pinger.exe [2007-01-25 136816]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2007-01-25 63096]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2006-05-25 114688]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2006-12-20 428152]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-02 118784]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 Emproxy;McAfee E-mail Proxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [2006-10-28 337488]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2006-11-10 624720]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


#4 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 January 2010 - 06:23 PM

Now the "info.txt" log from RSIT:

info.txt logfile of random's system information tool 1.06 2010-01-24 15:57:58

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AIM 7-->C:\Program Files\AIM\uninst.exe
Air Mouse Server-->MsiExec.exe /I{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bejeweled 2 Deluxe-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
BitComet 1.16-->C:\Program Files\BitComet\uninst.exe
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Blackhawk Striker 2-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3-->"C:\Program Files\TOSHIBA Games\Blasterball 3\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera Assistant Software for Toshiba-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe" -l0x9
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Celtx (2.5.1)-->C:\Program Files\Celtx\uninstall\helper.exe
Cepstral Damien 5.1.0-->MsiExec.exe /I{10952200-7E33-421A-A261-757016FA75F3}
Cepstral Duchess 5.1.0-->MsiExec.exe /I{5EA3041E-E489-4D0E-9990-E45F49309F99}
Cepstral Robin 5.1.0-->MsiExec.exe /I{DBDD669D-057E-4129-9AFF-CB730558857F}
Chuzzle Deluxe-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
Desktop Dialer-->C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DietMP3 V3.00.01-->"C:\Program Files\DietMP3\unins000.exe"
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
FATE-->"C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JEOPARDY-->"C:\Program Files\TOSHIBA Games\JEOPARDY\Uninstall.exe"
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft GIF Animator-->C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Money Essentials-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Penguins!-->"C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
Polar Bowler-->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SCRABBLE-->"C:\Program Files\TOSHIBA Games\SCRABBLE\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Speakonia-->"C:\Program Files\CFS-Technologies\Speakonia\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree-->C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
TOSHIBA Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B97599D2-01F7-4551-96D8-674D3D886F7B}\setup.exe" -l0x9
TOSHIBA Media Center Game Console-->"C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{744E2BC2-EC6F-44D5-AA68-451B4131383B}\setup.exe" -l0x9
TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoAvatar-->"C:\Program Files\GeoVid\Video Avatar\unins000.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinDVD for TOSHIBA-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Music Jukebox-->"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: Seth-Laptop
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948610-1109_neutral_PACKAGE from package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 30322
Source Name: Microsoft-Windows-Servicing
Time Written: 20091113020544.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Seth-Laptop
Event Code: 4386
Message: Windows Servicing required reboot to complete the process of changing update 948610-1108_neutral_PACKAGE from package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 30321
Source Name: Microsoft-Windows-Servicing
Time Written: 20091113020544.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Seth-Laptop
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 30320
Source Name: Microsoft-Windows-Servicing
Time Written: 20091113020544.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Seth-Laptop
Event Code: 4374
Message: Windows Servicing identified that package KB948610(Update) is not applicable for this system
Record Number: 28904
Source Name: Microsoft-Windows-Servicing
Time Written: 20091113015423.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Seth-Laptop
Event Code: 4374
Message: Windows Servicing identified that package KB948610(Update) is not applicable for this system
Record Number: 28903
Source Name: Microsoft-Windows-Servicing
Time Written: 20091113015423.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Seth-Laptop
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3695309410-1559170151-3847321732-1000:
Process 536 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-1000

Record Number: 792
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091112041413.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Seth-Laptop
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 756
Source Name: Microsoft-Windows-Search
Time Written: 20091112033918.000000-000
Event Type: Warning
User:

Computer Name: LH-TEB1FS1DFXN9
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
16 user registry handles leaked from \Registry\User\S-1-5-21-3695309410-1559170151-3847321732-500:
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\trust
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\Root
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\My
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\Disallowed
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\CA
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Policies\Microsoft\SystemCertificates
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2352 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-3695309410-1559170151-3847321732-500\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 746
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091112033404.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: LH-TEB1FS1DFXN9
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 745
Source Name: Microsoft-Windows-Winlogon
Time Written: 20091112033404.000000-000
Event Type: Warning
User:

Computer Name: LH-TEB1FS1DFXN9
Event Code: 6001
Message: The winlogon notification subscriber <GPClient> failed a notification event.
Record Number: 742
Source Name: Microsoft-Windows-Winlogon
Time Written: 20091112033403.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: LH-TEB1FS1DFXN9
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c474

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 667
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112033405.566800-000
Event Type: Audit Success
User:

Computer Name: LH-TEB1FS1DFXN9
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x4d0
Name: C:\Windows\System32\svchost.exe

Previous Time: 7:34:05 PM 11/11/2009
New Time: 7:34:05 PM 11/11/2009

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 666
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112033405.364000-000
Event Type: Audit Success
User:

Computer Name: LH-TEB1FS1DFXN9
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 665
Source Name: Microsoft-Windows-Eventlog
Time Written: 20091112033405.442000-000
Event Type: Audit Success
User:

Computer Name: LH-TEB1FS1DFXN9
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-3695309410-1559170151-3847321732-500
Account Name: Administrator
Account Domain: LH-TEB1FS1DFXN9
Logon ID: 0x2a3af

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 664
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112033403.975786-000
Event Type: Audit Success
User:

Computer Name: LH-TEB1FS1DFXN9
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3695309410-1559170151-3847321732-500
Account Name: Administrator
Domain Name: LH-TEB1FS1DFXN9
Logon ID: 0x2a3af
Record Number: 663
Source Name: Microsoft-Windows-Eventlog
Time Written: 20091112033338.469786-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Cepstral\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------


Lastly, attached as a .txt is the GMER result.

Attached Files

  • Attached File  gmer.txt   6.81KB   10 downloads


#5 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 29 January 2010 - 11:30 PM

OK guys,

I’m not impatient, but I had no choice but to re-format my hard drive and format it back to its out-of-box settings (the laptop’s manufacturer gave me this disc, and I’ve done it before). This is my only computer, and I couldn’t afford to not have it fixed within a decent amount of time.

Long story short, after I installed Google Chrome and made it my default web browser, Internet Explorer tried to open itself again, locking up and causing Chrome to now run slow again. It even disguised itself as a Google Chrome window, but it still said on the top that it was an Internet Explorer window. Finally, I was able to confirm that my laptop was still infected when I saw that one IE window did indeed load up all the way, and it loaded up a Nexplore search page.

Needless to say, I’m very frustrated that this spyware/trojan is still lingering around. And I don’t know what to do now. Either this thing was designed to stick around even after a hard drive has been totally erased and re-installed with all new stuff that’s not infected, or it somehow got inside my external hard drive as I was backing up my “Documents”, “Music” and “Pictures” folders and then started to put this content back onto my newly formatted laptop. Though I’m not too sure about this – all signs pointed to it being in the “system 32” folder, which is the usual location for these types of things. So I wouldn’t be so sure as to how it would get into the other folders, unless it infected everything and all the scans/logs/anti-virus programs missed it. I don’t know – I’m not a computer virus whiz kid, otherwise I’d never be posting here.

So, case in point guys, I really need your help now – I’m not shamelessly bumping my thread, I’m just trying to keep whoever’s looking into my problem as updated as possible with it. So what should I do now? Scan my laptop and my external both with hijackthis and Malabytes? I’ll be waiting for whoever’s response to tell me what to do next.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 30 January 2010 - 05:31 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 31 January 2010 - 03:07 AM

Hey extremeboy. It's OK about the delay. I thought I wouldn't be needing any of your guys' help anymore, but, in a twist that oddly reminds me of an ending from a horror film where the villain just keeps coming back and won't die, I think I'm going to need your help after all.

You ready for this?

I'm not yanking any chains here - what I'm posting are the actual problems that I'm dealing with, and I'm not trolling/messing with anyone here.

So I finally gave up fighting this spyware battle and went out and bought myself a $75 320GB Western Digital SATA internal hard drive for my laptop. I like WD, I've bought them before for their external's, and I've never had a problem.

Until now.

Long story short, I un-install McAfee after I once again re-install Vista onto my new hard drive, and I install and register the free version of avast! Antivirus, under the good recommendation of a friend. Well, the program is up and running and I leave my house to go to a birthday party. Upon coming back, my heart nearly stopped when I saw that once again, on my laptop screen, was a locked-up Internet Explorer window that was displaying Nexplore. And avast! never picked up on its presence.

I concluded that this trojan had infected my 1TB Western Digital external at some point when I was backing up my files and such before I re-installed Vista on my old 160GB Hitachi internal hard drive. Either that, or this thing has made its way to my motherboard and whatever other devices in my laptop (however, I ask, is this even possible to do, especially for one little trojan? I mean, I'm not ruling out that it isn't, but it's adware, not a full-blown computer virus. Not to my knowledge, at least. Isn't that a bit extreme for a spyware/adware/trojan file to do?) and infected them as well. If this is true, then I have no idea what damage it has truly done. But, I'm still banking on the fact that it's all coming from my external, and I did indeed plug my external in so that I could look at a .txt file that contained my wireless network password and other information so that I could connect to my home's wireless network.

Also, I don't know why, but my screen is blinking - like the background, for a split second, will look almost as if it's a full screened IE window that's locked up. Yet it happens so fast it's almost subliminal in nature, as well as it not really taking up the entire screen - in that short moment of time, it'll blink, but it'll also be transparent where I can still see this window and my text fine. Either way, just like everything else on my laptop in this moment of time, it's very noticeable and annoying. This happens at random times too, not at specific ones.

So if that's the case, then this is one mean trojan. Or, the trojan itself could have already been on the external from other files being put onto it from before all this happened, seeing as how I take files from other people's computers. But their computer's were never infected with the Nexplore IE window's, so who knows.

As of this writing, avast! is scanning my external. It scanned my internal, and found 5 infected files - all of which are on the external. It got rid of 3 of them, but the remaining two it didn't. One of them I've located and plan on deleting myself after I run Malawarebytes, which I plan on running after avast! has done all that its could. If Malawarebytes doesn't find it, I wouldn't be surprised - it's a decompression bomb, and I think these files can sometimes go un-detected by programs such as the ones I'm currently using. But, I've made note of where it's at, so I'll manually delete it myself if I have to. The other file is a .exe located in the external's "System Volume Information" folder, which is an invisible folder I believe. I've done my research, and I know how to delete this file as well. This will be done after the Malawarebytes scan, just to see if that program finds it and deletes it for me. If it doesn't, at least I know what to do to fix it.

I suppose I have nothing else to really say or post, log-wise. Once avast! is done, then Malawarebytes is up, and I'll be sure to save the log it creates after scanning both my internal and external and post it here. It will be at this point that I will also scan and post the other logs that you requested.

Based on the other threads I've read, no one seems to have this problem as severe as me - one too many hard drive re-formations and one new hard drive later, this "Nexplore" trojan is still lingering around. But, I have faith that either myself or someone from here will help me rid of the stupid thing once and for all, because I have read posts of people successfully extinguishing it and being able to normally use their computer once more.

I should finally note that I'm posting my posts and logs on Icrontic's malware help forums as well (though you guys are the first to reply back, so I suppose this is where I'll be posting from now on). I wanted to have at least another site looking into my problem, just for my own satisfaction of doubling up on my safety, but also for a second opinion as well.

#8 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 31 January 2010 - 01:27 PM

OK, I will be posting the following logs: the DDS.txt and the Malawarebytes logs. I know you did not ask for these, but I scanned my computer with the program anyways, and saved the log, and figured it wouldn't hurt to post them here. However, I am unable to post the RootRepeal logs as the program keeps crashing and giving me errors. Here is a list of the errors I get in the order I get them when I start the program and follow the steps on obtaining a log from it from your guide:

FOPS - DeviceIoControlError! Error code = 0xc0000024
Extended Info (0x00000134)


This error pops up as soon as I start the program. It offers me a more detailed description of the error if I click on "Description". I push OK to continue.

Could not initialize driver! Please contact the author!

I get this message after I select what hard drives I want to scan and click on all the boxes your guide tells me to select. It pops up twice in a row. I push OK to continue.

Error dumping SSDT (0xc0000024)!

This pops up after the other error message. I push OK to continue.

Attempt to read from address: 0x00000004

This message pops up after the program attempts to scan what it can. I push OK to continue.

DeviceIoControlError! Error code = 0x0

This message pops up after I hit OK from the previous one, giving me specific details once again if choose to click on button to tell me what went wrong. It's at this point that, after I hit OK, Windows tells me that the program has stopped running and it searches for a solution. I get these errors when I try to scan both my internal and external hard drives.

I do not know why RootRepeal crashes. However, I feel maybe it's because my Vista has no updates on it, since I installed it from my laptop's recovery disc to set it back to its out-of-box state, where no updates would have been installed in. Windows has already begun to detect and tell me that I need to start installing the updates, but, I opted not to, as I wanted to wait before everything was all said and done with this trojan before going forth and putting time into installing a day's worth of updates. I was able to save the detailed versions of these errors as their own separate logs, which I will also attach to this thread.

Now that that's all said and done, here is my DDS.txt log, which I scanned when my external hard drive was attached to my laptop as well, since I'm sure there are errors in it as well, and I want these programs to be able to tell you that:



DDS (Ver_09-12-01.01) - NTFSx86
Run by Seth at 12:51:25.56 on Sun 01/31/2010
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3317.2307 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Users\Seth\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Seth\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Seth\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [740751906] c:\program files\toshiba registration\registration.exe /r "c:\program files\toshiba registration\Registration.rpd"
uRun: [Google Update] "c:\users\seth\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [puroyugel] Rundll32.exe "c:\progra~2\likeboyu\likeboyu.dll",a
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-30 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-30 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-30 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-30 40384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-2-28 7168]

=============== Created Last 30 ================

2010-01-31 16:54:36 0 d-----w- c:\users\seth\appdata\roaming\Malwarebytes
2010-01-31 16:54:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 16:54:28 0 d-----w- c:\programdata\Malwarebytes
2010-01-31 16:54:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 16:54:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 12:14:47 0 d-----w- c:\programdata\vudatedi
2010-01-31 12:14:47 0 d-----w- c:\programdata\nugubafe
2010-01-31 12:14:47 0 d-----w- c:\programdata\jedudisu
2010-01-31 12:14:16 0 d-----w- c:\programdata\likeboyu
2010-01-31 12:14:16 0 d-----w- c:\programdata\gahehani
2010-01-31 12:14:16 0 d-----w- c:\programdata\fobunayi
2010-01-31 12:14:16 0 d-----w- c:\programdata\defiyage
2010-01-31 07:07:48 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 00:25:24 0 d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2010-01-31 00:25:16 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2010-01-31 00:24:28 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-31 00:23:38 0 d-----w- c:\windows\PCHEALTH
2010-01-31 00:22:16 0 d-----w- c:\programdata\Microsoft Help
2010-01-31 00:14:10 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-31 00:14:09 0 d-----w- c:\programdata\tuwihavo
2010-01-31 00:14:09 0 d-----w- c:\programdata\hitusoli
2010-01-31 00:12:03 17712 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS
2010-01-31 00:12:02 0 d-----w- c:\program files\Camera Assistant Software for Toshiba
2010-01-31 00:09:06 0 d-----w- c:\programdata\zayezeru
2010-01-31 00:09:06 0 d-----w- c:\programdata\lomuduje
2010-01-31 00:09:06 0 d-----w- c:\programdata\hefakola
2010-01-31 00:08:28 77824 ----a-w- c:\windows\system32\tosmreg.exe
2010-01-31 00:08:28 7671 ----a-w- c:\windows\system32\cseltbl.ini
2010-01-31 00:08:28 45056 ----a-w- c:\windows\system32\csellang.dll
2010-01-31 00:08:28 128113 ----a-w- c:\windows\system32\csellang.ini
2010-01-31 00:08:28 10150 ----a-w- c:\windows\system32\tosmreg.ini
2010-01-31 00:08:27 487424 ----a-w- c:\windows\system32\cselect.exe
2010-01-31 00:08:27 0 d-----w- c:\program files\ltmoh
2010-01-31 00:08:07 0 d-----w- c:\windows\Options
2010-01-31 00:05:20 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-01-31 00:05:10 16058 ----a-w- c:\windows\system32\results.xml
2010-01-31 00:01:27 393216 ----a-w- c:\windows\system32\igxpun.exe
2010-01-31 00:01:27 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-01-31 00:01:27 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2010-01-31 00:01:27 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-01-31 00:01:27 0 d-----w- c:\windows\system32\Lang
2010-01-31 00:00:23 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-30 23:12:02 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-30 23:09:01 0 d-----w- c:\programdata\Alwil Software
2010-01-30 22:34:49 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-30 22:34:49 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-30 22:34:12 0 d-----w- c:\program files\iPod
2010-01-30 22:34:09 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-30 22:34:09 0 d-----w- c:\program files\iTunes
2010-01-30 22:32:56 0 d-----w- c:\program files\Bonjour
2010-01-30 22:32:17 0 d-----w- c:\programdata\Apple Computer
2010-01-30 22:30:26 0 d-----w- c:\programdata\Apple
2010-01-30 21:52:30 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-30 21:51:02 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-30 21:50:16 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-30 21:50:16 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-30 21:49:52 0 d-----w- c:\programdata\AIM
2010-01-30 21:49:49 0 d-----w- c:\program files\AIM
2010-01-30 21:49:42 0 d-----w- c:\program files\common files\Software Update Utility
2010-01-30 21:49:41 0 d-----w- c:\program files\common files\AOL
2010-01-30 21:49:33 343 ---ha-w- C:\IPH.PH

==================== Find3M ====================

2010-01-30 22:31:39 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-30 22:31:39 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-30 22:31:38 86016 ----a-w- c:\windows\inf\infstrng.dat
2007-02-28 20:47:34 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:51:53.84 ===============




Next is my Malawarebytes log, which also scanned both my internal and external Western Digital hard drives:


Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.0.6000 (Safe Mode)
Internet Explorer 7.0.6000.16386

1/31/2010 12:46:37 PM
mbam-log-2010-01-31 (12-46-37).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 197740
Time elapsed: 19 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yofunolape (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\nugubafe\nugubafe.dll (Trojan.Agent) -> Quarantined and deleted successfully.


Now, attached are the "Attach.txt" and "Error" logs that I described earlier on in this reply. Hopefully all the information I have presented to you will be of use and you'll be able to help me out.

Attached Files



#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 31 January 2010 - 02:58 PM

Hello.

I will need to read that long story of yours soon but if you're being helped elsewhere (even if you haven't got a reply yet) I would tell them that you are recieving help here and tell them to close that topic. Otherwise, you can continue to be helped there and I will close this topic. We do not help people posting multiple topics at various of different forums. It causes confusion and wastes time.

Let me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 31 January 2010 - 04:31 PM

Hey extremeboy,

I've already posted in the other forum and have told them that I am getting help here and that the thread over there can be closed.


#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 31 January 2010 - 04:38 PM

Okay. I see a few bad files on the system.

Let`s proceed with Combofix first on this machine.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 31 January 2010 - 07:41 PM

extremeboy,

Here's the ComboFix log. I should tell you that, I walked away and went to McDonald's, shutting my laptop screen. When I came back and opened my screen, I had the blue screen of death. Before I could do anything, like take note of any error numbers, my computer restarted, so I couldn't do that. I figured I should bring that up.

Anyways, here's the log:


ComboFix 10-01-31.03 - Seth 01/31/2010 19:16:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3317.2351 [GMT -5:00]
Running from: c:\users\Seth\Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! Antivirus *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4080467084-2848185554-4182536212-500
c:\progra~2\likeboyu\likeboyu.dll
c:\programdata\ntuser.dat{e5811f88-c762-11db-a035-00a0d1df235d}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{e5811f98-c762-11db-a035-00a0d1df235d}.TMContainer00000000000000000001.regtrans-ms
c:\windows\Tasks\jqelweqr.job
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.

2010-01-31 16:54 . 2010-01-31 16:54 -------- d-----w- c:\users\Seth\AppData\Roaming\Malwarebytes
2010-01-31 16:54 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-31 16:54 . 2010-01-31 16:54 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 16:54 . 2010-01-31 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-31 16:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-31 12:14 . 2010-01-31 17:46 -------- d-----w- c:\programdata\nugubafe
2010-01-31 12:14 . 2010-01-31 12:14 -------- d-----w- c:\programdata\vudatedi
2010-01-31 12:14 . 2010-01-31 12:14 -------- d-----w- c:\programdata\jedudisu
2010-01-31 12:14 . 2010-02-01 00:20 -------- d-----w- c:\programdata\likeboyu
2010-01-31 12:14 . 2010-01-31 12:14 -------- d-----w- c:\programdata\gahehani
2010-01-31 12:14 . 2010-01-31 12:14 -------- d-----w- c:\programdata\fobunayi
2010-01-31 12:14 . 2010-01-31 12:14 -------- d-----w- c:\programdata\defiyage
2010-01-31 07:07 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 00:25 . 2006-11-29 20:33 321108 ----a-w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\mia.dll
2010-01-31 00:25 . 2010-01-31 00:25 -------- d-----w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2010-01-31 00:25 . 2006-11-29 20:33 2538535 ----a-w- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe
2010-01-31 00:25 . 2010-01-31 00:25 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2010-01-31 00:24 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-01-31 00:24 . 2006-10-27 03:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-31 00:23 . 2010-01-31 00:23 -------- d-----w- c:\windows\PCHEALTH
2010-01-31 00:23 . 2010-01-31 00:23 -------- d-----w- c:\program files\Microsoft.NET
2010-01-31 00:22 . 2010-01-31 00:24 -------- d-----w- c:\programdata\Microsoft Help
2010-01-31 00:21 . 2010-01-31 00:21 -------- d-----r- C:\MSOCache
2010-01-31 00:19 . 2010-01-31 00:24 -------- d-----w- c:\program files\Microsoft Works
2010-01-31 00:14 . 2005-05-26 23:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-31 00:14 . 2010-01-31 00:14 -------- d-----w- c:\programdata\tuwihavo
2010-01-31 00:14 . 2010-01-31 00:14 -------- d-----w- c:\programdata\hitusoli
2010-01-31 00:12 . 2007-01-27 01:13 17712 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS
2010-01-31 00:12 . 2010-01-31 00:12 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2010-01-31 00:09 . 2010-01-31 12:14 -------- d-----w- c:\programdata\zayezeru
2010-01-31 00:09 . 2010-01-31 12:14 -------- d-----w- c:\programdata\lomuduje
2010-01-31 00:09 . 2010-01-31 12:14 -------- d-----w- c:\programdata\hefakola
2010-01-31 00:08 . 2010-01-31 00:08 -------- d-----w- c:\users\Seth\AppData\Local\Adobe
2010-01-31 00:08 . 2003-12-05 17:48 77824 ----a-w- c:\windows\system32\tosmreg.exe
2010-01-31 00:08 . 2003-11-01 11:59 45056 ----a-w- c:\windows\system32\csellang.dll
2010-01-31 00:08 . 2010-01-31 00:08 -------- d-----w- c:\program files\ltmoh
2010-01-31 00:08 . 2006-10-19 00:39 487424 ----a-w- c:\windows\system32\cselect.exe
2010-01-31 00:08 . 2010-01-31 00:08 -------- d-----w- c:\windows\Options
2010-01-31 00:05 . 2007-01-31 23:39 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-01-31 00:01 . 2010-01-31 00:01 -------- d-----w- c:\windows\system32\Lang
2010-01-31 00:01 . 2007-02-05 07:15 393216 ----a-w- c:\windows\system32\igxpun.exe
2010-01-31 00:01 . 2006-11-10 16:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-01-30 23:12 . 2010-01-28 21:57 163280 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-30 23:12 . 2010-01-28 21:54 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-30 23:12 . 2010-01-28 21:54 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-30 23:12 . 2010-01-28 21:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-30 23:12 . 2010-01-28 21:54 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-01-30 23:09 . 2010-01-28 22:09 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-30 23:09 . 2010-01-19 11:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-30 23:09 . 2010-01-30 23:09 -------- d-----w- c:\programdata\Alwil Software
2010-01-30 23:09 . 2010-01-30 23:09 -------- d-----w- c:\program files\Alwil Software
2010-01-30 22:34 . 2010-01-30 22:34 -------- d-----w- c:\users\Seth\AppData\Local\Apple Computer
2010-01-30 22:30 . 2010-01-30 22:30 -------- d-----w- c:\programdata\Apple
2010-01-30 21:57 . 2010-01-30 21:57 -------- d-----w- c:\users\Seth\AppData\Local\Deployment
2010-01-30 21:57 . 2010-01-30 21:57 -------- d-----w- c:\users\Seth\AppData\Local\Apps
2010-01-30 21:52 . 2010-01-30 21:52 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-30 21:52 . 2010-01-30 21:52 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-30 21:52 . 2010-01-30 21:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-30 21:52 . 2010-01-30 21:52 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-30 21:51 . 2010-01-30 21:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-30 21:51 . 2010-01-30 21:51 35552 ----a-w- c:\windows\system32\wups.dll
2010-01-30 21:51 . 2010-01-30 21:51 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-01-30 21:50 . 2010-01-30 21:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-30 21:50 . 2010-01-30 21:50 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-30 21:49 . 2010-01-30 21:50 -------- d-----w- c:\users\Seth\AppData\Roaming\acccore
2010-01-30 21:49 . 2010-01-30 22:04 -------- d-----w- c:\users\Seth\AppData\Local\AIM
2010-01-30 21:49 . 2010-01-30 21:49 -------- d-----w- c:\users\Seth\AppData\Local\AOL
2010-01-30 21:49 . 2010-01-30 21:49 -------- d-----w- c:\programdata\AIM
2010-01-30 21:49 . 2010-01-30 21:49 -------- d-----w- c:\program files\AIM
2010-01-30 21:49 . 2010-01-30 21:49 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-30 21:49 . 2010-01-30 21:49 -------- d-----w- c:\program files\Common Files\AOL
2010-01-30 21:35 . 2010-01-30 21:35 -------- d-----w- c:\users\Seth\AppData\Local\Toshiba
2010-01-30 21:35 . 2010-01-30 21:58 -------- d-----w- c:\users\Seth\AppData\Local\Google
2010-01-30 21:35 . 2010-01-30 21:35 82720 ----a-w- c:\users\Seth\AppData\Local\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-31 22:27 . 2007-02-28 20:10 -------- d-----w- c:\program files\Google
2010-01-31 00:15 . 2007-02-28 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-31 00:14 . 2007-03-02 19:01 -------- d-----w- c:\program files\InterVideo
2010-01-30 23:06 . 2007-02-28 20:29 -------- d-----w- c:\programdata\McAfee
2010-01-30 22:34 . 2010-01-30 22:34 -------- d-----w- c:\users\Seth\AppData\Roaming\Apple Computer
2010-01-30 22:34 . 2010-01-30 22:34 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-30 22:34 . 2010-01-30 22:34 -------- d-----w- c:\program files\iTunes
2010-01-30 22:34 . 2010-01-30 22:34 -------- d-----w- c:\program files\iPod
2010-01-30 22:34 . 2010-01-30 22:30 -------- d-----w- c:\program files\Common Files\Apple
2010-01-30 22:34 . 2010-01-30 22:32 -------- d-----w- c:\programdata\Apple Computer
2010-01-30 22:32 . 2010-01-30 22:32 -------- d-----w- c:\program files\Bonjour
2010-01-30 22:32 . 2010-01-30 22:32 -------- d-----w- c:\program files\QuickTime
2010-01-30 22:32 . 2010-01-30 22:31 -------- d-----w- c:\program files\Apple Software Update
2009-11-12 22:07 . 2009-11-12 22:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"Google Update"="c:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-30 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 4374528]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-28 220160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-28 2757512]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [1/30/2010 6:12 PM 163280]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [1/30/2010 6:12 PM 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [1/30/2010 6:12 PM 51792]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2/28/2007 3:00 PM 7168]
.
Contents of the 'Scheduled Tasks' folder

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080467084-2848185554-4182536212-1000Core.job
- c:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 21:57]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4080467084-2848185554-4182536212-1000UA.job
- c:\users\Seth\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-puroyugel - c:\progra~2\likeboyu\likeboyu.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-31 19:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????q????????8???p?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\users\Seth\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-31 19:28:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-01 00:28

Pre-Run: 289,484,992,512 bytes free
Post-Run: 289,358,323,712 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 170D292AFEF594D57015B7720E5A6A1F


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 31 January 2010 - 10:07 PM

Hello.

That's looking good.

And yes, thanks for bringing it up. If it happens again then let me know and we'll do some findings on that.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    CODE
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    folder::
    c:\programdata\zayezeru
    c:\programdata\lomuduje
    c:\programdata\hefakola
    c:\programdata\nugubafe
    c:\programdata\vudatedi
    c:\programdata\jedudisu
    c:\programdata\likeboyu
    c:\programdata\gahehani
    c:\programdata\fobunayi
    c:\programdata\defiyage
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Now run a scan with Kaspersky. Note, that this make take several hours to complete depending on your computer and how many files/folders and other aspects.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Let me know how your computer is running now? Any more problems?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 MovieMaker5087

MovieMaker5087
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 01 February 2010 - 11:04 PM

extremeboy,

You may have to wait a bit longer for that Kaspersky scan log - it's been running all night, and is only at 35%.

However, this is because it's scanning both my internal and external hard drives (which is what I wanted it to do - and I have a TB external). So that's why it's taking so long. So please don't close this thread - I'm being patient while it scans everything, and I hope you are as well.

Edited by MovieMaker5087, 01 February 2010 - 11:04 PM.


#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:20 PM

Posted 02 February 2010 - 04:03 PM

Okay. Wow, a TB external hard-drive may take a while, since you wanted it to be scanned to that's fine. Post it whenever it's complete.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users